I recently signed up on Twitter with a new account for a new project I'm working on. Like a few posts here (on HN) have highlighted, my account was disabled for security reasons (official work email, not a single tweet, email verified) and the only way to unlock is by adding my number.
I've been opening tickets for a week but they're all automatically closed. This gets me thinking, does it even matter if a SaaS product has a twitter handle for marketing and support?
Twitter reopened my service’s account after two months when I refused to hand over my mobile number.
Pretty much every single service immediately bans me upon account creation if I don’t hand over my mobile number. Instagram banned me for “violating terms of service” before I had even chosen a username - before I had posted even a single thing. Makes me wonder if signing up for a service was in their list of violations itself? I mean, c’mon. It’s pretty much a ploy to gather mobile numbers under the garb of security or spam.
The same happened with my Microsoft account (no work/enterprise account). It was locked, allegedly violating terms and services. I did absolutely nothing with this account. Besides maybe using a gmail account to register, I don't really understand the reason for the block and no details were provided of course.
Since then I tried to delete the account, but on any attempts to do so MS tries to get my phone number, which I don't want to provide. Their support is completely inexistent, because you would need to log in of course.
I would like to send them a cease and desists letter against blocking account deletion attempts. I am not sure, but I believe their conduct to be illegal in the EU where I am located. Probably would just cost me money, but they would deserve it.
Yep, I've had that happen with a private outlook.com account last month. I literally just created the account and used it just once, to register for an Azure certification exam. I sent no e-mails from that account, I just checked it twice or thrice for incoming exam information emails, until suddenly I could not log in because of ToS violations. Stay classy, Microsoft!
It would be nice if they were up-front about it, asking for e-mail and phone upon creation, instead of intentionally misleading users an e-mail is all they need.
It's legitimately to stop spam. Captchas can be gamed or purchased. IPv6 makes banning IPs futile. Getting a SIM card is the only thing that bots cannot do.
The only other alternative to stop spam is micropayments (at a similar cost to a SIM card). I would actually like to see that as an option instead of providing my mobile number--preferably using Bitcoin because my credit card number is even more confidential than my phone number.
If you really want to orchestrate some sort of spam attack with bots. You can just purchase a hundred numbers on twilio or bandwidth and just automate the who OTP process with Puppeteer. If it’s important enough.
You’re right about it being a lot more annoying though.
Twillio and Google Voice numbers do not work for phone verification on Twitter/Facebook/Google properties. VoIP phone numbers are sold in blocks and well-known to companies who subscribe to those lists (basically all social media). Twilio numbers do work for the scrappier sites though.
I get it, it's super easy to create Twitter bots and spread disinformation, etc. However, that's a problem with social media that we're discovering now (after a decade and a half or so) and the companies need to think about it, not just implement a solution that compromises user privacy because they have leverage.
These cos. copyright all user created information. So they want to make money from it and want credit for good content. However, want to reduce liabilities that arise from content created by malicious actors. Can't have the cake and eat it too.
Previously users were just anonymous with all consequences that entailed. But even today I don't really think the spreading of disinformation is a large problem and users just do that themselves often enough. Information you get today is probably still more accurate compared to times where every info was distributed through news papers.
You’re right in a way. However, newspapers have to have all stakeholders in on it: politicians, big businesses (aka advertisers), readers (trust factor) and their own reputation (journalists, etc).
With bots, you can really be a nuisance with a little bit of effort.
Anyone working on Instagram should read this. I’d created an Instagram account to try it out. I posted a few posts (like infographics, I wasn’t going to give real photos to Facebook) and didn’t continue later. After some months I found I couldn’t login and that my account was disabled for “violating terms”. There was nothing in that account that violated any terms — no spam, no hate speech, no nudity, no spamming others for likes or followers. The only thing that stood out was that I mostly used a web browser to post and sometimes shared a photo to the app instead of giving the app access to all my photos. The account continued to work for quite sometime after I stopped posting and interacting.
I tried to appeal, but it wanted a real photo of me holding some handwritten information. No thanks, I don’t really need an abusive and flakey platform to have my real photo. I abandoned Instagram then. It’s one of the most needlessly aggressive platforms that deactivates accounts for no good reason and bullies people into giving their photo and/or phone number. I hope Instagram dies quickly because of this stupid aggressiveness.
More people should start using decentralized platforms where one may have a better chance of expressing oneself (I’m talking about regular, non-spam speech). All these centralized platforms like Twitter, Facebook and Instagram are big time bullies.
Just part of the panopticon, they are forcing you to make it super easy for governments to monitor you. Tracking email addresses and correlating amongst shared names makes for more false negatives, tie it to a phone number and you're doing their work for them.
Privacy and preventing misinformation bot armies are not conflicting goals, but unfortunately implementations achieving one hurts the other. Only way to prevent fake accounts is to have some kind of proxy for real identity confirmation. Unfortunately a phone number verification is currently only such global scalable method.
Most likely you used an VPN IP address, privacy plugins or similar for the sign up that were flagged before as the source of problems.
It's not just about privacy -- you're one data breach away from having your phone number leaked to a bunch of shady gangsters who, for bonus points, can also read through the Twitter posts from the account associated with it. Pulling off a social engineering attack by phone is a hell of a lot easier than by email, which a lot of people, including non-technical people, treat somewhat more defensively.
I wouldn't mind sharing my phone number if it were for my protection, but it's not -- it's a risk for me, and they ask me to do it for their platform's protection. More specifically, for the protection of that platform's profits. I honestly don't mind bots, it's advertisers and politicians who do, and they're the ones keeping the whole thing profitable.
As a counterpoint, I'd rather have everyone to have a forced phone number verification to mitigate the negative effects of the social network. We could quarantine privacy sensitive users, with all trolls and bots, to some darknet privacy discussion boards and something like Mastodon.
I'd rather sacrifice the privacy for the general good experience of my Twitter service.
Previous experience with the Internet shows that all this would achieve would be a boom in the Temporary Phone Numbers as a Service (TPNaaS) market, so that trolls, bots and cybercriminals could get validated as easily as my grandma, while getting all those pesky privacy advocates out of the way.
Edit: plus, I'm not sure how that invalidates my concern. The only thing better than a data leak with personal information is a data leak with personal information that's definitely true, up-to-date and complete -- and the only datapoints of dubious values belong to bots, making them easy to cross off your list.
> Temporary Phone Numbers as a Service (TPNaaS) market
It is very limited because phone numbers are gatekeeped by massive telcos. VoIP numbers are sold in blocks and are easily detected by phone verification systems.
But why should we want real identity confirmation? It's a platform where people don't use full sentences because of the limitations of tweets. It's not exactly a place where the information you learn should be taken seriously.
This seems to be default practice now. I also found this to be the case for Outlook accounts. After initial registration they block your account, or in the case of Outlook, disable outgoing email.
>does it even matter if a SaaS product has a twitter handle for marketing and support?
With ActivityPub, the organization behind your SaaS product can be hosting their own organizational instance of Mastodon (or whatever fediverse software they choose to run) and interact directly on the platform, bypassing Twitter.
Effectively this is a lot like hosting your own SMTP services (or paying someone to do that for you!)
It certainly doesn't matter. You can use any account and public search to search for references to your product. You can offer support on uservoice, forums, email.
Twitter support is only needed for companies like Comcast that refuse to offer regular support but need to respond to the hurricane of hatred from sub-consensual users. Using needing twitter is a symptom of deeper problems.
I've been opening tickets for a week but they're all automatically closed. This gets me thinking, does it even matter if a SaaS product has a twitter handle for marketing and support?