19 comments

[ 2.6 ms ] story [ 57.3 ms ] thread
>But my theory is that the cell phone is iatrogenic for that purpose.

https://news.ycombinator.com/item?id=34762051

Just saw these back to back within an hour or two. I'm speed running baader-meinhof. Or maybe the poster found this article by searching for iatrogenic? Maybe something recently gave the word a spike in popularity? Google trends shows a flat line, and I assume this word is pretty rare. Just made me curious.

On topic: yeah I don't use a cellphone that much either.

How can you practically use the internet when every second website wants you to setup your phone number for "security reasons", instead of just offering an RFC compatible 2FA mechanism?

Don't get me wrong, I am not using apps on my phone because they're a distraction I don't care much about, but there's this 2FA phone number barrier you cannot avoid without giving a foreign stranger or shady spam service all access to your accounts.

Also in regards of phone development I would argue that the Fairphone aims to be what google's project ara wanted to be.

Most of them offer the option to call you and that would work with any phone.
...calling me doesn't avoid the attack surface of the phone number which is not in my control and can be spoofed by a cloned SIM while I am asleep at any time.

I just want my 2FA token seed so I can put it in my password manager and be done with it.

I agree but not all phone numbers are vulnerable to SIM cloning.
Back in the early 00s, I recall sending a text message accidentally to a landline and some servicenl by Verizon actually read the message out to the recipient. Unfortunately this service no longer seems to be available.

It's BS I can't send a 2fa code over voice anymore. I recall Google voice used to support that but it never carried over to other services.

I don't think it's as prevalent as you think. I have a phone, but filter out websites that require a phone number and provide no other option. I simply "nope out" and move on, because those sites are never essential (at least here in Europe).

I always think it's probably a good indication of the quality of thought that's gone into the underlying system too. SMS is pretty insecure, so if they think that's sufficient for security and provide no alternatives, who knows what else they're doing under the hood.

In the US at least, basically every bank only offers SMS for 2FA which is absurd
It's not that common. Of all the several hundreds accounts I've had to make over the years (>800) the ones which require a phone number is around five or six I think, although I can only recall three at the moment.

(EditAdd: When that's said - I agree completely that in most cases it shouldn't be necessary to require a phone number. I accept that my bank wants one, Google keeps asking but you don't have to, and the post office needs one (for text messages when goods arrive - the web page comes after the phone, you don't need the latter one - the problem here is that it only accepts a single phone number)

Google will not let you sign up without a phone number. It also won't let you activate 2fa without a phone number. Even if you do manage to sign up without a phone number or remove it from account, there's still a possibility for you to just get randomly locked out of the account (even if you enter the password correctly), and have google asking for a phone number in order to unlock it (even if you never entered one, so apparently any random number works? how is that supposed to help "verify" anything is beyond me), with no other recovery way around it.

It's one of the worst in terms of requiring a phone number.

My Google accounts were created earlier, so I guess that "feature" has been added later. And yes, it's crazy. At least I'm not forced to add a phone after the fact. My parents didn't have phone numbers registered with their accounts when they were alive, though they did have recovery email addresses. Some kind of recovery is fine. What' not fine is to enforce that you have to own an SMS-capable phone just to have an email address (or whatever).
I don't use a cell phone, and there are indeed some places I am unable to access, including a vending machine on campus, TikTok, and WhatsApp.

Like another commenter, I consider it a blessing to be locked out of anything so thoughtlessly designed as to disallow access to anyone without a phone.

I have a similar policy for modal dialogs on websites: If I'm trying to read something and a modal dialog appears, I consider it a blessing, because it has just saved me time reading low-quality content, something I have found to correlate strongly with low-accessibility websites.

If I'm browsing without JavaScript and I'm not able to access the content, same story.

I've generally found it to be extremely beneficial for myself to easily back out of anything I find difficult to access, because low accessibility usually means low quality as well, and it allows me to use my time better.

> including a vending machine on campus

I've never seen a vending machine require a cell phone. I'm curious about what is the design of it.

I've seen some that require tap-to-pay, but that would of course work with a credit card with NFC without any device.

It has a display where you can log in with a phone number.
(comment deleted)
My father is 80 and has never used a cell phone, has no use for it. I bet there are thousands like him.