I think that's reasonable, not only due to the potential for interception or blocking of the messages, but also because these usually have a shorter lifespan, which should provide some added protection against the phishing of 2FA codes.
On Fri, Jan 16, 2015 at 12:54 PM, S.Aliakbar Mousavi <mousavi.s...@gmail.com > wrote: > I think regardless of its sender, since the authority can read the SMS it > would be better to ask users inside the country to use the app rather than > a mobile phone number. > > On 16 January 2015 at 12:44, Amin Sabeti <aminsab...@gmail.com> wrote: > >> Google has sent its codes via SMS with Iranian number since 6 months ago. >> >> On 16 January 2015 at 17:39, Collin Anderson <col...@averysmallbird.com> >> wrote: >> >>> >>> On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi < >>> elhamu...@hotmail.com> wrote: >>> >>>> I think it means the codes are generated by the state agencies. >>>> >>> >>> They are not, the international companies would contract with an SMS >>> gateway to send codes. That SMS gateway should be a more or less a dumb >>> pipe that transmits whatever it is sent by the provider. It so happens that >>> now the pipe is closer to the user but the source stays the same. The SMS >>> gateway and telecommunications companies can certainly surveil or modify >>> the content (the latter wouldn't be useful for 2FA), but it should not >>> generate the codes. >>> >>> >>> -- >>> *Collin David Anderson* >>> averysmallbird.com | @cda | Washington, D.C. >>> >>> -- >>> Liberationtech is public & archives are searchable on Google. Violations >>> of list guidelines will get you moderated: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >>> Unsubscribe, change to digest, or change password by emailing moderator at >>> compa...@stanford.edu. >>> >> >> >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing moderator at >> compa...@stanford.edu. >> > > > > -- > S.Aliakbar Mousavi > > > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
