this post was submitted on 20 Feb 2024
31 points (89.7% liked)

Privacy

31815 readers
484 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

What do you think of this from privacy POV?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 17 points 8 months ago (2 children)

Terrible, of course. Especially since they are aiming the service to improve sign-up reliability in countries that block telegram, acting as a relay exposes yourself. Carriers in China (where I live) and other questionable countries are actively snooping around, and since SMS are generally unencrypted, the simplest heuristic would figure out what you're involved in and start a very serious investigation.

On top of that, phone numbers in many countries are also unique logins to a number of services (again, here in China you need it for literally everything, it's THE number one digital footprint), and attackers could use the information for bruteforce/wordlist attacks on known services, or use them for social engineering.

As much as I like the idea of helping others sign up who don't have the means to acquire a foreign phone number, I would never willingly commit to that.

[โ€“] [email protected] 2 points 8 months ago* (last edited 8 months ago)

Especially since they are aiming the service to improve sign-up reliability in countries that block telegram

It's mainly to offload the cost of sending verification codes via sms to users, which is one of the costs that Telegram wants to cut. As far as I remember, it amounts to, like, 7% of all their annual expenses (I will source this later). A couple of years ago they decided not to send sms verification codes when you sign in from a third-party app, and just send the code to active session. This sounds like recipe for moderation headaches and privacy disasters, but also good way to boost their premium metrics :)

load more comments (1 replies)