Ask HN: Why are more and more websites asking for phone numbers?

41 points by notbingo ↗ HN
Some, outright demand it. This would be considered unacceptable just 2 years ago. They don't even pretend it's for 2FA now.

44 comments

[ 1.4 ms ] story [ 100 ms ] thread
Phone numbers are more convenient in contrary to email: every individual has only one phone number, which hardly ever changes. They consider the phone number as unique identifier of a user.

Many websites think that lots of users have multiple emails and thus maybe sign up twice. Again, it's only about convenience.

"every individual has only one phone number, which hardly ever changes"

[Citation-needed] As someone who had been holding three different phone numbers at the same time, and who used to be accessible at about 10 different cellphone numbers, I feel you are mistaking your beliefs for facts.

Many people change phone number more than email.
Eh what? The are lots of people that have multiple phones.
> would be considered unacceptable...

A more honest way of saying this would be that it wouldn't have worked -- requiring a phone number during onboarding would drastically lower your conversion rates. So what's changed? Is this a generational (grumble grumble millenial grumble grumble) thing?

Also, I'd love to know what sparked your asking this question. I don't see a particular uptick in services requiring a phone number for signup, which is something I'd have definitely noticed as I don't carry a phone.

Twitter demanding a phone number to unlock a 5 min old account after saying it was optional and then pretending I broke their rules just to get my phone number.

As for the uptick in services requiring phone numbers? All the messaging apps, all the freelance websites, facebook, google, classified ad sites/apps. And these are just examples of things I tried using.

I use/have used literally all of the things on that list, and none have required a phone number for normal use. I've had Facebook, Google, and Twitter all require phone numbers when I've naively tried to set up bots against their services, though, which is what I'm guessing you're having trouble with here.
>works for me.

You guessed wrong. If I was trying to set up bots, why would I start blabbing about it on HN? Oh right, you assumed I'm like you.

Calm down, personal insults aren't necessary. I have to admit I've had the same experience, don't know my phone number and don't carry it with me for the majority of the time and I've needed it twice so far. Once for a Twitter bot and once for a Telegram bot.

Never before have I been asked for a phone number that hasn't been optional from any other service (of which I have quite a few, LastPass counts about 2,200 of them).

(Of course, sometimes I do still take the optional road, two factor authentication is exceptionally nice).

Many services support otp authentication and don't require a phone number for 2fa anymore.

facebook, google, dropbox, evernote, github, gitlab, amazon, ...

Try using incognito mode to create an account on google, it won't let you even though it says it's optional. However if you try and create an account in a browser which has a super cookie or google account logged in (or out) attached it'll be fine without one because I believe they are tying it to your repuation.
I had the exact same thing happen to me, fuck that.
I suspected it was a tactic, too. I've simply complied, giving the number and then removing it (as I did for another account). Not an issue since these accounts were explicitly related, so I didn't care if Twitter could connect them through my number. Anyway, the “cheating” behaviour (pretending it's optional and then requiring it to unlock an account allegedly violating their rule) upset me too.
> Twitter demanding a phone number to unlock a 5 min old account after saying it was optional and then pretending I broke their rules just to get my phone number.

Microsoft/Outlook is insufferably obnoxious in that regard, the last time I saw people signing up for it. At least Gmail asks for your number up front — Microsoft pretends you fucked up and weasels it out of you.

It helps to identify users in the real world for long term.

It's relatively common to have multiple email addresses. Fewer people buy extra SIM just to have a pseudonym.

If the website decides to sell your information to advertising companies, banks or insurance companies, they can use phone number to attach users even if the other identifying information is false or slightly different. It adds directly into the bottom line.

Carlos Danger needs dual SIM phone.

stop spam and automated sign-ups
Those things will find their way out… but the nuisance for common legitimate well-behaving users will be kept, likely.
I've been thinking on making a user forum - some people don't have email - so human verification could be alternatively done by text/voice.
Didn't Google spearhead this behavior? One of the biggest reasons I don't use Gmail.
How do you deal with spam? This is the one and only reason why I still use Gmail. Many years ago I tried IPCop plus a trainable spam filter addon; it worked well but required constant attention/tweaking because spam is a moving target, so in the end I gave up.
I had Hotmail/Live/Outlook, Gmail and iCloud accounts at the time I started gravitating to iCloud (mostly because there I had gotten the exact address that I wanted, and convenient aliases), and at that time, the level of spam I got was the same on Gmail and iCloud: next to none.

In 7 years that I've been using it exclusively I must've seen barely 5-10 junk emails on the 2 iCloud accounts (6 addresses in all) that I use.

Poor Outlook on the other hand.. I check my old accounts for sentimental reasons once every few months, and they're still beleaguered by spam.

Because they can target you with you Facebook and Google ads.
Doesn't it help ensure the user is using a phone and can get notifications when you couple it with a text message code entry? Then you can skip the typical authentication flow? I would think it would be quicker overall for signup and for making the code simpler but I guess weird for users not used to it.
(comment deleted)
I don't know if it happens anymore but Facebook used to ask you to scan and send them a government photo ID like a passport. Absolute madness, one more step towards making real identifications on the internet a normal thing. Tech companies are pushing towards a nightmare web.
If I'm selling something especially a service than most likely we will need to talk. Having your phone number makes this much easier to kick start.
What I find most annoying is mandatory SMS confirmation for business accounts. We've got plenty of phones at work, but they cant receive text messages, so employees have to use personal cellphones to open accounts on these types of services.

If your site does this and doesn't offer a actual phone call option, see if you can do something about it. A company I opened an account with a couple weeks ago almost lost our business over this -- seemed very unprofessional. I can guess why this company requires verification, its an attempt to stop bots from signing up en masse to get the small free portion of the service (first X amount was free, if I could script creation and use of 100 free accounts, I'd never need to pay them).

Spam and abuse are much easier problems to solve when it's reasonably difficult to obtain a new identifier with a clean reputation.

As much as you may consider it your human right to open thousands of new untraceable accounts per second with full functionality at zero cost, humoring you requires bending over backwards and resorting to a cat-and-mouse arms race of probabilistic anti-spam and anti-bot techniques. As the adversaries get good, it becomes more and more attractive to just require a phone number (and block well-known bulk suppliers of anonymous phone numbers like Google Voice, Twilio, and Flowroute).

I think this is actually a pretty reasonable arrangement. Someone motivated to stay pseudonymous can obtain a handful of extra phone numbers in a way that would take some effort to connect to his real identity. It's better than drivers license scans or credit card verification.

I think the only realistic alternative would be a proof-of-work scheme. This could protect privacy better, while still making it inordinately difficult to overwhelm a site operator with millions of pseudonyms for the same person. But there are no real standards here. More people have SMS than BTC.

Slow down there. Where's this hostility coming from? I would rather not give my phone number to companies either.
I agree with you: I would rather not give my phone number to companies either.

But once you start to see spam or get spam messages from other users (imagine a dating site) you would like this spam to stop. Having a (unique) phone number a mandatory requirement during registration can make spam fighting much easier.

> Someone motivated to stay pseudonymous can obtain a handful of extra phone numbers in a way that would take some effort to connect to his real identity.

So yet again, someone who is determined to beat the system (usually an abuser) can do it.

Someone who simply wants to prevent their personal information being disseminated to the entire planet when your database is breached, gets fucked.

I only need one Netflix account, and yet they pester me with adding a phone number.
And Birthday.
So that advertisers can upload a list of phone numbers and have the ads target those people.
I never give out my cell phone to any company. Doing so constitutes "prior business" , and so putting my cell phone on the do not call list is moot. I get enough crap phone calls for people who had this number before me. It is too expensive to have a crap or garbage cell phone, like I have crap or garbage email adresses