They have been doing this for any account registered from a VPN or Tor. However, you can simply appeal the block and tell them you haven't tweeted and not broken any rules.
They will send you an automated mail, offering to validate your phone number, or reply to the mail if your problem is not solved. Just reply to the mail.
Unfortunately, processing the request takes anywhere between 10 minutes and 2 weeks; usually a couple days at least. I assume this is on purpose to make it cumbersome for spammers.
They always reply with the same boilerplate, but the account will be unlocked:
Your account is now unlocked, and we’re sorry for the inconvenience.
Twitter has automated systems that find and remove automated spam accounts and it looks like your account got caught up in one of these spam groups by mistake. This sometimes happens when an account exhibits automated behavior in violation of the Twitter Rules (https://twitter.com/rules).
Again, we apologize for the inconvenience. Please do not respond to this email as replies will not be monitored.
When I worked in banking we would do this with suspect transactions. The feature was called “Strategic Delay”. After awhile, all of our project plans (this was back in the days of Gantt charts) would include two weeks of effort on “Strategic Delay”, even if that feature wasn’t involved.
This is slightly different though, twitter is silly and unnecessary - access to your money is not.
During some of the recent shows highlighting issues with payday lending these sorts of strategic delays were mentioned in the light that they can cause irregularly paid workers to have problems actually getting money out of their paycheck - forcing them into more borrowing until they are able to clear their checks.
Again, twitter is just silliness, but the banking example is a lot more serious of a case where the pros and cons need to be very carefully weighed.
Would you say the same about your phone number? If not, why? If I run my business on Twitter (or YouTube, or Facebook) is it that different from a bank?
I'm not clear on what the real point of this question is - twitter is a terrible platform to use for actual communication. Their sorting by "relevance" can cause recent messages to get lost in the shuffle and randomly mess with your visibility. It may be you're considering twitter as a business in which to coordinate product sales, but I'll assume it's for customer relations management, many companies that have a twitter account for CS stuff also offer email, messanger (of some sort) and phone if you have an issue you need to resolve due to the fact that platform just isn't well suited for business - the network effect of it is surprisingly low (a _lot_ of people aren't on or don't regularly use twitter), it is semi-public which may violate your business concerns and... you're handing the keys to your reputation to the third party that has acted poorly in the past.
If you check out youtubers talking about youtubers (I have no specific example on hand) they tend to complain endlessly about how the trending algorithms can drive thousands of potential viewers toward or away from their channel for no particular reason - there the network effect is strong enough that they don't have an option though, if your business is streaming a show then YouTube offers a much richer starting viewer base.
I guess my assumption is, if your business doesn't force you to use a particular social media platform exclusively then... use some other communication method per preference?
I'm really just confused by the question though - these things are not the same and twitter is simply not as important as the place your money lives (and I think pretty much everyone would agree? Maybe I'm getting too old)
You may dislike Twitter (I do) but it is a large thing that exists and appears to provide sufficient value to people that dismissing it as 'silliness' just sounds empty-headed and naive.
Instead of attacking the person who is making a fairly lengthy and supportable argument, and basing your stance on the notion of some nebulous value “people” find, maybe you could respond in kind? I have to say that I find myself in the camp of Twitter being silly, except when it’s being destructive. Instead of being dismissed as “empty-headed” I’d prefer some value proposition justifying the previous comparison to a phone number.
Twitter seems to be a rage factory and amplifier, a shitty blogging format, and very occasionally a way to twist the arm of recalcitrant customer service.
Twitter is a Rorschach test - all those things you criticize Twitter for seeming to be (rage factory, shitty blog, etc.)? That would be entirely the fault of the users in those specific circumstances.
The value proposition for me is receiving targeted news/information disseminated in a convenient format. As a concrete example, I'm crewing/pacing at a 100 mile trail run in two weeks, and I'm subscribed to that event's twitter feed. It's the Umstead 100 in case you are curious (@Umstead100). During the event, it will tweet out news and updates of interest to participants, volunteers, and others.
Yes, they could probably text everyone, or continuously update the website, or send emails - but Twitter is perfect for this situation and others like it: content/updates produces and consumed on mobile devices, sending frequent short updates with relevant info, etc.
Twitter has its abuses, but so does everything. Next time you're ready to shit all over Twitter, just remember that what you are likely ACTUALLY raging about is their userbase, i.e. the public.
> The value proposition for me is receiving targeted news/information disseminated in a convenient format. As a concrete example, I'm crewing/pacing at a 100 mile trail run in two weeks, and I'm subscribed to that event's twitter feed. It's the Umstead 100 in case you are curious (@Umstead100). During the event, it will tweet out news and updates of interest to participants, volunteers, and others.
> Yes, they could probably text everyone, or continuously update the website, or send emails - but Twitter is perfect for this situation and others like it: content/updates produces and consumed on mobile devices, sending frequent short updates with relevant info, etc.
Twitter is a poor choice for cases where you want to specifically subscribe to something, because it's deliberately designed as a global popularity contest/rage generator. A Facebook group, Discord, heck even Tumblr or Medium would be a better choice for that kind of use than Twitter.
> Twitter has its abuses, but so does everything. Next time you're ready to shit all over Twitter, just remember that what you are likely ACTUALLY raging about is their userbase, i.e. the public.
No, Twitter has a series of deliberate design decisions that result in worse interactions than any other platform. The limited message size strips away nuance and reasoned discussion, in favour of zingers and outrage. Their algorithmic feed shows the most "engaging" tweets while suppressing the follow-up discussion, so you'll see a controversial tweet without seeing the existing replies or subsequent retraction. The rage storms aren't just people being people, they're people being nudged into behaving a particular way by Twitter's optimized-for-engagement UI. There's a reason other platforms don't have these problems.
I've heard that even if you flip the "algorithmic timeline" switch off, you still don't see a linear feed of everyone you're following. It's still filtered and manipulated, just closer to linear.
Speaking of design decisions, here's a bit [1] about how the "quote tweet" encourages the behavior of "dunking", a usage I have only ever heard in regards to Twitter. Basically, if anyone with a Twitter account says something you think is stupid, you quote tweet them and "dunk" on them about how stupid it is and they are. Then everybody piles in and retweets the "dunk", perhaps adding their own riposte. And the original poster is only a click away in the quote, so you can then go to their profile and find other things to dunk on, send mean DMs, etc.
the "quote tweet" encourages the behavior of "dunking"
Quoting people to negate or mock their argument has been around since Usenet - well, much longer in literary terms but I'm citing Usenet as an example of a system that's almost real-time and where it can be a spontaneous emotionally driven decision. It may not be called 'dunking' on every platform but the phenomenon is universal.
> Quoting people to negate or mock their argument has been around since Usenet - well, much longer in literary terms but I'm citing Usenet as an example of a system that's almost real-time and where it can be a spontaneous emotionally driven decision. It may not be called 'dunking' on every platform but the phenomenon is universal.
It may have occurred occasionally on other platforms, but the difference in degree is enormous enough that it's a de facto difference in kind.
at the same time, the medium is the message. Twitter encourages this bad behaviour, not because of intent but because it's highly geared towards hot takes and doesn't provide the character space for the level of nuance required to take a serious look at real life. So people condense what could be a complex question into a strong statement, even better if it's provocative because as provocation draws eyeballs.
Lots of things (a) exist, and (b) appear to provide sufficient value to people, and yet are either totally superficial or deleterious.
(a) and (b) are some of the lowest of bars. Even ISIS passes those, along with tons of other things (deep fried Mars bars, for one).
The parent made a qualitative argument and/or value judgement. Mere existence doesn't negate it, arguments why his values are bad, or shouldn't be taken into account, might.
I'm really just confused by the question though - these things are not the same and twitter is simply not as important as the place your money lives (and I think pretty much everyone would agree?..
I disagree pretty strongly.
Twitter is much more important than the bank I keep my money in.
Banking in fungible. Twitter gives me access.
I've arranged meetings with the partners of the biggest VC fund in Australia sorely via Twitter. I've had in depth discussions of the details of ML models with their authors via Twitter.
Generally speaking I'm much more relaxed about a 2 day delay in my banking than a 2 day delay in Twitter.
"Twitter is much more important than then bank I keep my money in"
Wow, I will gladly trade you my twitter handle for your credit card number ;D
"Banking in fungible."
You cannot instantly replace a bank account, transfer credit, or make changes without the help of the bank itself yet twitter can instantly be replaced by many forms of communication (SMS, Email, IRC, Talking, etc).
"I'm much more relaxed about a 2 day delay in my banking than a 2 day delay in Twitter."
So if your car is on empty and you stop to buy gas only to find that your checking and credit accounts (from the bank) have a 2 day delay, you would find that acceptable!?
"Banking in fungible." You cannot instantly replace a bank account, transfer credit, or make changes without the help of the bank itself yet twitter can instantly be replaced by many forms of communication (SMS, Email, IRC, Talking, etc).
The network and the way communication happens on those is not the same.
So if your car is on empty and you stop to buy gas only to find that your checking and credit accounts (from the bank) have a 2 day delay, you would find that acceptable!?
Please don't misquote me. The Generally speaking part is important here. Generally speaking, I don't let my car get to a situation where I'm on empty (I think I've been in that situation once in the last 20 years). And if the worst happened, it would suck but I'd ring a friend and it would be inconvenient but that's all.
OTOH, I've had multiple meetings in the last year where my only communication has been by Twitter and we've been arranging where to meet in the minutes before via it.
If you are running a business on Twitter, I don't see a big issue with having a phone number connected to that Twitter account. It doesn't strike me as unreasonable.
Depends on the business, and whether there's a limit to the number of accounts a number can be linked to. A business can quite legitimately have multiple accounts for different departments, brands, or any other purpose. If you can only have one account per phone number, that can quickly become a problem.
Their help page claims a phone number can be linked to 10 accounts at once, but in practice I've found that limit to be 4 or even less. Also, they often prevent a number from being added to more accounts for a few days or weeks even if you remove it from all accounts.
FWIW, there are far more businesses on social media than that. There’s an entire culture of chefs, makeup artists, and the like that advertises solely on twitter/instagram/etc. Social media is actually a really effective tool to reach your target audience in these cases.
Isn't that covered under "influencers"? What tangible benefit does Twitter provide to a working makeup artist (ie someone doing makeup for films/tv/photography/etc)? Sure, there are makeup artists that run businesses on Twitter, but their business is selling branded makeup and promoting sponsored products. That type of business is 100% reliant in social media, but aside from influencers are there any working professionals that would be unemployed without Twitter or Instagram?
It's similar in that you may have set up your business in such a way that you rely on your phone number for clients to contact you, and you may have set up your business in such a way that you rely on your Twitter for clients to contact you.
Very common in banking is a situation where you deposit a check, but the bank puts a 2- to 5-business-day hold on availability of the funds until the check clears. They might do this if it's not a local bank, or if for whatever reason they have a doubt about the check clearing.
You assume didn’t weigh them? This was practically two decades ago, but I can assure you weren’t flagging payroll transactions. Typically we were flagging obvious cases of wire fraud.
It was one of the premier sources for propaganda during a certain country's recent election. It has been used to coordinate protests. It's been used to break national news. You can get minute-by-minute updates of events from it. Let's not pretend that one of the world's most-used communication platforms doesn't play a huge role in modern discourse.
Actually this^ I'm not certain why it was downvoted but I had forgotten to take the Arab Spring into account and Egyptians organizing on twitter around the internet ban. Both have had... outcomes. But they were clearly necessary actions and twitter did help fuel that occurrence.
To contrast though, if a service being a premier source of propaganda (avoiding the question of this specific case since... politics) and offers no other value, then it's actually worse than trivial it's harmful.
So, it's a mixed bag. I still wish there was a better engineered platform than twitter out there though.
Yeah, I have abandoned a bank due to bad rules on its strategic delays on transactions.
Every time I had a problem I could solve it with a quick call, even outside of working hours, but it was a bother.
It's not an inherently bad thing to do, but it's easy to overdo, and on a company that depends on network effects it can be very dangerous.
The same is an efficient email anti-spam technique (greylisting). Except that you get all your emails delayed by 20min-5h, which will not make any user happy.
I tried to open a new account on Twitter app for Android, using only my email. It was going ok until it asked me to provide my phone after confirming my email. The reason: suspicious activity / spam behavior. The account is in limbo now, and I can't access it any more.
The same thing happened to me two years ago, though I had signed up with a PC with Gmail and my account was locked pending phone verification within an hour.
I signed up using a Tutanota e-mail. Every time I got a verification code and then entered it into twitter I got an "Oops, something went wrong." message. After spending many hours in vain trying to find Twitter's e-mail support, I gave up and initiated a "Trouble logging into my account" help procedure. However, that ultimately failed since surprise! Twitter couldn't find any history under that account name.
People... please... move to Mastodon https://mastodon.social/. There is no point in using commercial centralized service for things like sharing short message.
I hate Twitter because:
- slow javascript
- ads
- won't show full thread without loging in
- now requiring phone
- censorship
> They have been doing this for any account registered from a VPN
I made my own VPN with Algo[0] and host it on Digital Ocean. The IP is a Digital Ocean IP and therefore really hard to blacklist as a VPN. There is no way to tell if I am using a VPN and I regularly setup new accounts on Twitter (mostly shitpost accounts used for venting at products/companies that have wronged me), or novelty accounts that have a particular theme to them, etc
I think this process was the first actual change in my behaviour I noticed in response to GDPR: I actually did not mind providing my phone number that much, and trusted that they actually deleted it when I requested them to (using an option in the interface) after my account was re-approved.
They definitely do not delete it entirely because sometimes a phone number is prevented from being added to more accounts for a few days or weeks, saying "This phone number is already registered with another account" even if it's been already deleted from all accounts, though they may be just storing a hash of the number that's not linked to any user account.
Simply, easily, trivial. With just a little effort. Try again often, try again later. No problem, to appeal, the process, Mr.Kafka, all you have to do is, be seen by two witnesses, to uphold your interest in.. Of course, if that is to complicated, and the nuances of the wording, are a endless stream of passive agressive insults to your intelect. Noone can help you, because there is noone home. The company you are trying to reach, consists of a algorithmic amobea, and would like to connect you with other concerned customers, so that you can all support each other in these difficult times, created by this difficult company.
Those temp SMS numbers used to work, but now the places that require a phone number seem to be sharing notes and block them (they'll accept it, but never send a text). This is similar to how places that require an email address have gotten pretty good at blocking many of the temporary email providers (they'll accept them and just never send you an email).
The other component is that once they have the phone number, they can do anything with it they want, unless you leave the network. E.g. facebook once did the same, they required phone numbers "for two factor authentication". They promised to not use the numbers for anything else. A few years later they started sending SMS spam to users about what their friends did on facebook, and now facebook users can enter the number and the associated accounts show up... even though the number was supposed to be only for two factor auth. Your only choice as individual user is to leave the platform.
> Your only choice as individual user is to leave the platform.
That's not even enough anymore. You also have to make sure that every one of your contacts do not upload their address book to conveniently find friends like you who may or may not be on the network. And that they don't tag you in images, events, etc.
You're an entry in the Facebook database, whether you have or have had an active profile or not.
>This is why you should block ads and trackers even if you're not a Facebook user. I have blocked all their domains in my hosts file also.
...but that's such a myopic view of the problem. Facebook has this data. There's an entire market, intentionally kept from the public, that specifically deals in the selling and trading of profile data. This is why the concept of "shadow profiles" is important.
Let's say I have three friends who are on Facebook and I am not (which I'm not). Those three friends upload my contact details to Facebook and, from these three data points, Facebook can derive certain assumptions:
Sex from my name.
General age-range based on my friends.
General occupation (let's say all three are co-workers or previous co-workers)
General interests based on their interests.
etc.
So, now Facebook has an ad-targeting profile of me. All they need to do to get more information on me, regardless of I'm blocking their specific domains, is to purchase correlating ad-profiles on what I'll call the advertising market.
So, my credit card purchases, my Google search history, etc. can all be correlated back down into this one shadow profile that Facebook holds on me and this can, in turn, be used to target ads to my friends. Not only that, but if I ever do sign-up for Facebook, they can immediately start targeting ads to me. (read: I'm not a net-advertising loss for being a "new user".)
I'm not saying that you shouldn't block Facebook domains but I think that, in the overall scheme of things, it's tossing a drop of water onto a raging bush fire.
Would you mind sharing the hosts file for blocking FB and all of their domains?
I've done this too in the past, but my list seems outdated for a while now.
I'm surprised that no nation or union (ie EU) has fought this. If people exchange phone numbers, are they also giving each other implicit rights to share them with anyone else? If not, shouldn't platforms that enable this en mass be reprimanded for it?
It is currently impossible to remain anonymous, regardless of whether you participate in the system or not.
In my case, given the density of my network on social media, and their propensity to fall for dark patterns that siphon private information - had I never owned a computer and lived off the grid, all the major tech companies would still know my: name, age, address, contact info, hometown, family members, income bracket, ethnicity, general dna (many family members did dna tests), and more.
Shouldn't I have a say in any of that? Shouldn't things like address book importing be restricted/illegal?
> I'm surprised that no nation or union (ie EU) has fought this.
Why would any politician fight this? It's a platform they all use to gain/sustain popularity, and it's the official national communication channel for the US.
Actually, fb still requires the phone number, if you try to open up a few accounts in succession. You can't use throwaway numbers or Google Voice numbers either. So it's actually pretty hard these days to open a Fb (Or Hotmail or Gmail) account without a legit (cellphone) number.
throwaway numbers can mean many things even a 5 dollar sim. some services even let you change phone numbers on a whim cell numbers are mobile in more than one way and very easy.
Yeah. I think while not nation-state-secure, you can still improve your PII exposure to Facebook/Twitter/Google et al by buying/activating a SIM/phone-number and only using it one time for the purpose of creating an account.
I don't _think_ Twitter or Facebook are doing backroom deals with every prepaid sim vendor to be able to tie that phone number back the the identity used to register the sim card.
I wouldn't suggest you use this to register your Dream Market vendor account, but I doubt you'll end up with targeted advertising based on your other real-world web/app behaviour based just on the ID provided for a single-use burner SIM...
Germany passed an anti-terror law a few years ago, getting a phone number requires the same level of verification as opening a bank account.
Even before that prepaid phones have been a strawman argument, actually maintaining a 2nd number in the long run is quite a bit of work since it usually expires if you don't use it enough.
> Your only choice as individual user is to leave the platform.
For some platforms, even this is not an option. Case in point: LinkedIn (owned by Microsoft). I get "friend" suggestions about a friend that I know is not on LinkedIn. He's absolutely social-media averse, and would never be on LinkedIn (or FB, for that matter). But LinkedIn continues to claim that I can connect with him.
How did they get his email address? Because some third person (who emailed both of us) probably shared his contacts with LinkedIn.
Linking pseudonyms from two different networks (in this case, Twitter and the phone system) together is a classic and serious privacy leak.
It's far from clear exactly what information Twitter, in its longtime effort to combat spam, has already collected on its users. Throwing a phone number into the mix expands to range of activities that can be unambiguously tied to the same individual. Given that Twitter certainly knows IP addresses of its users, it's trivial to do things like link site visits directly to an individual answering the phone number.
Unfortunately, most people simply don't understand the implications of any of this. They don't understand what an entity, "authorized" or not can do with this kind of data. They are far too trusting of governments and other powerful entities to do the right thing. They have not been paying attention to the steady erosion of civil liberties around the world and can't conceive of, for example, ever ending up in prison for some lame post they made 10 years ago.
I agree. The first thing I thought was that someone will build a script that creates a Twitter account then simply uses Twilio's API to create a valid phone number to receive verifications.
"I agree. The first thing I thought was that someone will build a script that creates a Twitter account then simply uses Twilio's API to create a valid phone number to receive verifications."
Unfortunately, this will not work.
Twilio numbers are not "mobile" numbers and cannot receive SMS from shortcodes.
So while your twilio number can send/receive SMS just fine, it can't receive SMS from a shortcode.
As of my recent conversations with multiple Twilio engineers at Signal 2018, there are no exceptions to this rule - once a number is owned by Twilio it ceases to be a "mobile" number and networks providing shortcodes cannot send SMS to it.
In my experience, all banks/twitters/facebooks/etc. use shortcodes to send their auths/2FA/etc.
So it won't work, I'm afraid. I have heard, however, that there are some smaller twilio competitors that provide true mobile numbers but I forget the name(s) of those providers and honestly, I would be worried that those numbers would get blacklisted or filtered in some other way.
There's a reason other carriers refuse to send shortcode SMS to "non mobile" numbers ...
It won’t do. Twilio (and basically majority of other virtual number providers, except of very tiny few located in Europe) do not provide regular cell-type text messaging capabilities, but rather something PBX pros call “short codes”.
No self-respecting provider out there, be it Twitter Facebook, Gmail, Yahoo, Instagram, etc. will deliver your confirmation info via a short code. so you need regular ported cell number like Verizon or Tmobile.
Twitter allows up to 5 accounts created on one cellphone number, given you give each other few days of rest and use popular VPN.
> Twilio (and basically majority of other virtual number providers, except of very tiny few located in Europe) do not provide regular cell-type text messaging capabilities, but rather something PBX pros call “short codes”.
Twilio provides both regular phone numbers with SMS and MMS capability and short codes, the latter primarily for high-volume outbound messaging.
"Twilio provides both regular phone numbers with SMS and MMS capability and short codes, the latter primarily for high-volume outbound messaging."
Your parent is correct - you've missed each others' points.
Twilio sourced numbers cannot receive SMS from other shortcodes. No exceptions. They are not "mobile" numbers.
So yes, your twilio sourced number can send and receive SMS and you can even rent a shortcode from twilio and send/receive with that. What you cannot do is get a "normal" twilio number and receive shortcode messages.
For that reason, providing a twilio number to a provider like twitter or facebook will not work - they all typically send their auth messages via shortcode.
Those won’t work either with most big services asking for verification. There’s subreddits dedicated to getting non VOIP phone numbers (which Twilio isn’t) for verification.
And they've been trying to collect phone numbers for years. Any time an account is suspended, they try to require a phone number for it to log back in, for example.
At the risk of going off topic (and without responding to the issue of Twitter requiring real phone numbers), I want to make a point regarding your last sentence. If a post is somehow sufficient to (potentially) warrant a prison sentence (eg for leaking state secrets or inciting terrorist acts), then I would suggest the amount of time that has passed is irrelevant (within jurisdictional bounds). If a crime has been committed, responding to that within the statue of limitations is not an issue of civil liberties. Getting away with a crime (something worthy of s prison sentence) is not a civil liberty anyone enjoys.
You're thinking too big. Think smaller and more common.
Said something unpleasant about someone ten years ago? Guess what, he's the sheriff now, and has money in the budget to buy social media data on his enemies, or the freedom to tap into any shared federal database he likes. Next thing you know, there's a speed trap at the end of your block and each member of your family gets pulled over each day for a vehicle inspection.
These sorts of things weren't unheard of before the internet. The abuse of big data just makes it easier now.
I think you forget that not every government is so nice. A comment against a young politician today could be a comment against the sitting dictator in 10 years that won’t care so much about the statute of limitations.
This is the reason I bailed while trying to create a twitter account recently. How often do you change your phone number? Once these ad companies get hold of your phone number they can track you across multiple services and build a complete profile of everything you do and track your every move.
From an accounting perspective in this hypothetical scenario I believe that you would not be legally allowed to dip into the deposit money save for that recovered through bans. Which creates very perverse incentives.
Hasn't that battle been lost for a while now though? How many different services have linked phone numbers with email or some other handle? (Particularly for 2FA)
On the few accounts I've been required to use that require a phone number, I've given them one. It just happens to be one from a modem phone pool.
I'll worry about what problem that may cause when it becomes one. Usually, these are for stupid things required for some project or another and the need for them is time-limited. I will not use FB, and have a pile of Twitter accounts with no phone numbers attached if I ever have reason to care about that.
And at the rate we're destroying trust in the phone system with spam, I don't think anyone will expect pickups in a few more years.
Quite many services require phone numbers. But services like reddit, GitHub, lobste.rs, or hacker news don't. Twitter has been in that list itself, but now is outside.
Twitter knows what IP you connect from, which might easily be through a VPN. The flip side of low-friction authentication is epidemic abuse by trolls, which arguably damages Twitter's brand.
Unfortunately, most people simply don't understand the implications of any of this.
I am soo tried of hearing this excuse for mass censorship
First of it MASSIVELY over used to the point where people call anyone that disagrees with them "a troll" or a bot.
Twitter is hurting their own brand by their obvious political bias and selective enforcement of rules largely dependent on outrage mobs to "report" rule violations.
Like real names policies before it, these types of "verification" scheme do little to curb actual abuse, and in many cases shuts out moderate voices
Twitter is already quickly heading off a cliff where 2 political extremes are left yelling past each other (not actually communicating or discussing anything), and this policy will do nothing to change that
//disclosure, I have never, and will never have a twitter account
* Random meaningless names like "lucy2342", "23markbeard"
* No profile picture or a very obviosly random picture
* Generic descriptions that dictate obvious political alignment like "Mother. Southwest USA, Republican, MAGA!"
* No original content in their timeline except for retweets of political articles from garbage content farms
* Really bad English grammar for whenever the bot requires human intervention.
They generally brigade tweets and have a complete lack of interests outside of this narrow activity.
1. It’s very strange for someone to both claim that they never use Twitter and also claim “abuse” is an overblown excuse. Twitter is currently the model platform for large scale mob justice and harassment.
2. The “real name” policy is effective on Facebook for the type of abuse Twitter is trying to curtail. It would help if you explain why you feel the real name policy is ineffective. In any case, only Facebook (the product) actively enforces a real name policy.
Having to provide a phone number isn't mass censorship.
Twitter is hurting their own brand by their obvious political bias and selective enforcement of rules largely dependent on outrage mobs to "report" rule violations.
Like real names policies before it, these types of "verification" scheme do little to curb actual abuse, and in many cases shuts out moderate voices
Guess what, I just reported a guy with 106k followers that is inciting thousands of them to get ready for mass hangings of their political enemies "at a scale which will rock this world for 100 years" with gruesomely detailed threats against specific individuals. A self-professed adherent of the same conspiracy theory/cult committed a murder in New York just a week or two ago.
But I'm the bad guy in this scenario for saying that organizing murder might violate the Terms of Service.
Oh, but you were being totally sincere when you took my comment about 'epidemic abuse by trolls' and complained that such terms were 'MASSIVELY over used to the point where people call anyone that disagrees with them "a troll" or a bot.'
I don't care what you were talking about. I was clarifying what I had been talking about before you came along and attempted to change the subject.
What's "MASSIVELY overused" is the trope where getting banned from a website equates to mass censorship. You're not entitled to a platform on twitter. If you get banned from twitter go do something else on the internet or beg for forgiveness and use their platform under their terms.
I always fine is amusing when Authoritarians that support censorship all of a sudden love liberty when they can use it to support censorship
The fact that I do not have a "right" to use twitter has no bearing on if Twitter engages in mass censorship of their platform, I did not claim that I have a right to use twitter, or that twitter did not have a right to censor it
Twitter can come out tomorrow and say only left identitarians are welcome on twitter, and everyone else would be banned. That would be be mass censorship AND with in their rights as a private company
I'm assuming it's to try de-anonymize users and make bots less cost effective.
Nothing propagates faster than hate on Twitter and seeing as it's being actively weaponized to spread propaganda, I'm all for new measures that try slow the spread down - esp. given nothing else has worked thus far.
I wish there was a service out there that you could use your phone number and they will validate that you are real for companies and they would be separate from Twitter or any company using them so the user remains anonymous. I don't like some of the nasty stuff the net throws my way either but I do ultimately think if I had to choose a censored internet vs uncensored but full of negatives, I would chose the uncensored. The internet is one of mankind's greatest achievements. Once you start censoring it, abuses of such control ultimately will happen.
This almost sounds like something too good to be true. Big companies like Twitter and Facebook wouldn't want to use this service because they want to collect the data. This company would need to charge websites for the service, otherwise their only alternative is to sell their user's data or advertise, which leaves us right where we already are.
Of course there may be other ways for such a service to survive, but those are my initial thoughts about seeing something like this happen. I would love for something like this to exist, though
I take the opposite view...something like this seems rather viable as a business that companies would gladly pay money for but it also basically sounds like another Equifax/Experian/Transunion fiasco waiting to happen. The only logical thing I can thing of is a consortium of the big telcos creating a shared database and service that companies could tap into.
I expect they'll reverse this. Twitter is literally just bots arguing with bots. That and every political operative has like 20 sock puppets to drum up 'grassroots support' for whatever they're shilling.
They should put Cheeto on the payroll, he's the only reason they're still relevant.
I had this problem when creating a new Twitter account last month. Within minutes after setting up an account via iOS app, was locked out for "suspicious behavior". Didn't even tweet once. Residential IP. They wanted me to add a phone number.
I went to the help section and wrote a pissed off message to customer support...if they wanted my phone # they should have asked for it instead of accusing me. Shortly after, my account started working again.
I had the same thing happen. During signup it asked for my phone number but said it was optional. A couple of minutes after I created my account, it was locked and they said it required a phone number to prove I wasn't a bot. I just closed out my account because I only planned to use it to follow some people anyway.
I wonder how anyone actually uses twitter because I constantly get messages that I am rate limited/blocked and when I signed up for an account it was quickly locked when I had posted nothing. Its like they actively want no one to use it.
> I had a newly installed operating system and browser.
> What exactly about my behavior is unusual?
It's not that this behavior is unusual (though, it is), it's that this behavior looks exactly like a bot. It's sad, but this is the state of the world now. If you're a big actor like Twitter, you end up blocking anything that looks like a bot, with an escape hatch a user can't do. Phone numbers are the an option for that, and it not doubt helps block other cases Twitter wants to block as well.
It is kind of weird to consider not having a static IP as "suspicious" as dynamic IPs are the de-facto standard with most ISPs in my country, you actually have to pay extra if you want a static IP.
Right now that may be the case but, I'm curious if this might cause some small nation with an international code to succumb to the massive amounts of money spammers will start offering for large banks of phone numbers... Looking at you British India Ocean Territories...
Once they noticed, they'd probably disallow that country code for verification. And if legitimate users from that country started complaining, I feel like "maybe you should ask your government to stop selling you out" would be a perfectly reasonable response.
Why not just captchas and a classifier looking for bots in the sign up process? That, plus better detection and removal of bots seems like a "good enough" option that wouldn't inconvenience real users.
It's understandable they might require a phone number to keep down spam.
It's less understandable they'd lie to new users on the reasons their account was blocked. We can't expect even the smallest scraps of honesty from corporations anymore.
It is understandable why they'd lie. If the error message was something like, "your request was blocked because you've included HTTP headers in the order [x-foo, x-bar], which is the header ordering in 99.9% of spam tweets", they would just change their agent's header order instead of no longer spending spam.
I am not sure people realize what a high percentage of users of "free" services are spam bots of some sort. Sit around in the average Twitch channel and you'll see a flood of spam from similarly-named accounts every so often. They get around the filters because Twitch tells you why you're filtered. "This room is in followers only mode", so they follow the stream they want to spam a few days/weeks in advance. "This word is not allowed by the spam filters", so they change one letter and continue spamming that word. Etc., etc.
It sucks for normal users caught up in spam filters, but it's an enormous problem that there is no easy solution to.
You misunderstand - not divulging what triggered the suspicion isn't lying. Claiming a phone number is required due to suspicious activity, when in fact it is required of almost all new accounts, is.
Another covert spam fighting way is when one of the platforms require you to set up a phone number "for two factor authentication", basically not letting you to use their service unless you actually provide the number. There are multiple platforms framing the issue in this way.
Facebook once required that you set up 2 factor authentication and they promised that the phone number won't be used for anything else. Few years later, they started spamming users at those phone numbers with notifications about what their friends did. And since this year, those numbers can be used to search for users on the platform.
The big issue with giving those platforms your data is that you hand over control. Even if they promise you something.
> And since this year, those numbers can be used to search for users on the platform.
And someone really should go after them for it. Last month an abuser from a decade ago found me on facebook and messaged me out of nowhere. Upside is i was able to tell him off, but I know many other people would have a far more.. trying encounters.
Creating an account from a system which no Twitter tracking pixel has ever seen may well be suspicious, where suspicious means statistically correlated with accounts create to spam or acts as hostile bots.
I believe Google's captcha does. With the unfortunate side-effect of Google de-anonymizing everyone they let through - as you'll know if you try to access something behind captcha through Tor, and get stuck in an infinite loop helping Google train their artificial vision.
They claim it's against bots, but no matter how well you identify traffic lights and fire hydrants, it won't let you through.
Are you trying to do so from Firefox / a reddit app? This is fairly normal and the general conspiracy theory is that it's an erroneous error to get you to download the Twitter app once and for all.
Stock chrome on an Android phone. Most often from a Twitter link on HN. I'd say I get an error 90+% on the first try, and the refresh usually works the first time... occasionally, I need to do two.
Bone stock phone, nothing notable about it or the browser. Doesn't happen on my Windows or Linux desktops.
I have the same problem. I don't really use twitter, but sometimes I get a link to there from Reddit or HN. Twitter never works on the first try with Firefox or Chrome on Android. Often a refresh helps, but sometimes it does not work at all.
I too think it is done intentionally to get users to install the app. I can't think of a reason this is a simple bug. But the again... Hanlon's razor.
Why would you run stock chrome on android? Use a privacy respecting browser like firefox or Brave and install an ad-blocker like Ublock before browsing the web.
Chrome does not respect user privacy and is designed to not support add-ons as it will hurt Google's core advertising business.
Ok it’s not just me. Twitter works fine on my desktop, but whenever I seem to use it on mobile I get the rate limited error. I swear it’s 70% of the time. Usually if I go back and try again or refresh it works the second time.
They also aren't allowing "throwaway" VoIP numbers, so you can't even mask your main phone number - I tried signing up with both a Twilio number and a TextNow number and both failed with a "This number is not supported" error. I ended up opening a support ticket and they allowed me to bypass that requirement only after I explained that I don't have a traditional phone number.
No, I just had to open a support ticket. That said, it definitely added significant friction to signing up, and took two days for the ticket to be approved.
i was able to do the same by saying i didnt have a cell phone. it took some time only one email correspondence but they are somewhat catering. twitter in this case.
We're going this way as well (requiring & verifying phone numbers, not locking accounts).
We don't have a problem with bots, but users in the "not so tech savvy" segment tend to switch/discard/forget their email address. Rather than try to recover their account with us, this group will subsequently just create a new one, and then wonder & complain that their profiles/settings/content/histories aren't carried over. We fix them up after an identity check. It's both a support burden and a negative user experience.
Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity, and thereby help us to detect account duplication and manage it.
People also make fewer errors in entering their phone number.
It irks me that public sentiment could be normalized against supplying a phone number due to abuse by the global-scale consumer surveillance utilities, because those of us running trustworthy businesses can use it to legitimately provide a better user experience.
> Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity
Exactly why using verified phone numbers endangers a user's data. A phone number is much closer to a their true identity than an email address, exposing disparate system data to be cross-referenced by breaches and malicious actors.
For this very reason it's illegal in Australia to use a person's government uuid (Tax File Number) as a username.
I'm sure the unwashed masses don't care right now, but the recent kerfuffle over Facebook's sneaky 2FA switcheroo and other privacy sins shows that they might care after enough scandals.
> Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity
I'm not sure this is actually true, at least in the long-term. Most people keep their phone number for a long time, but if they ever cancel their phone service, the number usually gets recycled and given to someone else (unlike an email, which almost never gets re-used). If you're storing any kind of sensitive data, and allowing people to access it as long as they can verify their phone number, it could end up being a pretty serious privacy risk. It could also stop people from signing up for your service - if I get a new phone number, and the previous owner of the number has already signed up, what am I supposed to do?
That's an interesting nuance and is the reason we can't/don't use phone number as the primary identity, and must be wary of it for account recovery, but we can and do safely use it (in conjunction with other factors) for duplicate account detection.
> Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity, and thereby help us to detect account duplication and manage it.
What service do you offer? Because I would never give a company where I wasn't paying for the service my phone number. How do you guarantee you won't misuse it or have ample protections in case of a breach?
We're a two-sided network for sports competition management and work with athletes, clubs, associations, and governing bodies. Users pay real money for our services, we don't carry ads or even tracking pixels, and our privacy policy details exactly how, when and to whom PII is disclosed.
The broader point is that collection of phone number isn't intrinsically a bad thing, it's rather the usage and trust level that matters. Judging by the parameters and caveats in your question, you have a similar perspective.
>The broader point is that collection of phone number isn't intrinsically a bad thing
Phone numbers as usernames is intrinsically bad for user data security at the meta level. If a service requires a verified phone number to signup, it becomes a de-facto username.
Let's say a fetish dating site is partially breached, and the usernames are emails. Now your let's say your database is fullly breached, with the usernames as phone numbers and emails included. Guess what happens next with the intersection of those two datasets?
That is a general problem even if the phone number is not the username and is not limited to phone numbers, but also any data that is referenceable by email addresses, which is to say almost every unit of PII in almost every online system that exists today.
The implication being that if a system requires a verified phone number to use, then breaches are intimately tied to an individual's real identity. This is far less true of email addresses.
Your remarks only make sense to me if you're trying to remain entirely anonymous on a fetish dating system whilst simultaneously disclosing personally identifying information for reasonable use, and I can't reconcile these two objectives.
At the meta level: I use a variety of online systems that I trust to varying degrees, from high to low. Currently I can control my level of information disclosure by using different email addresses. If these systems now require a verified phone number, I then have to trust them all at 100%, tied to my real identity.
So a SaaS website requiring verified phone numbers seems benign on the surface. However if this becomes widespread then the overall identity landscape is compromised for the user.
At the system level: This is essentially the pseudonym-vs-realname debate. Twitter is the perfect example. Let's say I open an account to whisteblow on my government's nefarious activities. Now if there's a breach or state interception (eg China), they know exactly who I am and where to find me.
Well then this is going to bake your noodle: we also ask for correct name, date of birth, and emergency contact details, because those are also useful/necessary for our business.
Fair enough - your product is clearly operating at a high level of trust. My concern with required verified phone numbers is if they become a widespread pattern, I now need to treat eg my Reddit porno alias as if it is linked to my street address (in case your system and Reddit become compromised).
Back to the context of Twitter, this is mitigating the troll system problem by introducing a user identity one.
> our privacy policy details exactly how, when and to whom PII is disclosed.
And it's your right to simply change that privacy policy whenever you see fit, and you still have my phone number. There is nothing legally and systemically that revokes your right to that.
> The broader point is that collection of phone number isn't intrinsically a bad thing
It's intrinsically a bad thing because our general trust model is simply fragmented and thus poor. See my point above.
>Rather than try to recover their account with us, this group will subsequently just create a new one, and then wonder & complain that their profiles/settings/content/histories aren't carried over.
We're in a similar sort of space with regards to shifting emails and a lack of easy account recovery. I have educated my family on password managers and I really would appreciate (it's beyond my means) someone putting some serious effort into getting a larger proportion of the population onto using password management software - along with a nice free cloud based option. There is so little data involved in these sorts of things that it's got to be pretty much incidental to offer free storage in a safe encrypted manner.
What service of yours am I avoiding now? Phone numbers are terrible pii for reasons enumerated here and countless other posts. Why on earth would you do that?
"Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity"
That isn't what I saw in the Verizon store today while I was disputing a charge on my bill ($10 trade-in on an account that never had a trade-in device at all?) Many people were changing their numbers.
To boot, I'm sure there are plenty of burner phones in use out there, I have six of my own with plenty of rollover minutes/texts.
About a year ago, there were a lot of topical submissions to HN (that I liked reading) but received community backlash, because they consisted almost entirely of posting tweets (of Trump et al) about the current political situation. The community here made an argument that I could agree with: if I wanted to read it, I should just follow them on Twitter.
So I made a Twitter account, that I checked about once every two months, that followed the relevant players. I didn't make any tweets of my own and I didn't favorite or retweet anything. Just catching up on what people have been saying worked for my interests. Twitter banned me for Harassment. I had nothing that could have possibly offended anyone - I didn't even have a bio for my profile. I'd say the system assumed I was a robot? It was frustrating to me, because in order to appeal my ban, I had to provide my phone number. I don't want to give Twitter my phone number. I get the fewest spam calls of anyone I know, and I do that by protecting my phone number. Twitter has earned no trust from me, and is not getting my phone number. I tried to delete my account, but it needed my phone number to do that. I tried to sign out of the account so I could just see tweets as a guest, but it wanted my phone number for that too. Well, I signed out by deleting browser data, but there is still a tombstone on my email address in their database.
This experience has sown distrust with me about Twitter's harassment numbers. It's not that I don't think harassment is a real problem, it's that I think they are often self-serving in their actions and analysis, and for them to say they're doing something because of harassment isn't enough for me anymore. We can speculate all we want about what their reasons might be, but to be so trusting as to take their harassment claim at face value isn't something I'll do.
My wife and I cancelled our phone services a while back to save money since we rarely if ever have to call anyone and just use messaging to keep in touch with each other and friends.
What are people like us supposed to do?
I do have a Google voice number, but I noticed one or two places recently that won't accept that anymore.
Sites that require phone number verification often block numbers allocated for VoIP services for fear of spammers. YMMV if you've tethered your GV number to a physical device at some point.
I've run into this semi-frequently over the years, and it's always extremely frustrating when it happens, but somehow I can't remember exactly where either.
I can back this claim up. I was unable to verify my Citi credit card over the phone using my Google Voice number, they insisted on a non-VoIP number which ultimately delayed the verification process by a week.
I don't remember honestly, but I was looking for a site to do my taxes when I saw the last one. I didn't finish signing up. It mentioned not supporting "voice over IP" numbers, or something to that effect. I wish I'd taken a screenshot.
It used to happen for me on Telegram (I think it's been fixed within the last year though), and recently a startup (Mealplan) blocked it because it's a "voip" number. I even tried emailing and explaining, but they just said they don't support it.
Microsoft won't take any known voip account for an Azure registration, which created a minor challenge for me as all my numbers are google voice only as well.
The signup process has always been quite invasive for me. Is it possible get a phone in the states without handing over your SS, name, and DoB? I've never tried; what happens if you give bogus info?
I don't know about the United States as I've not been, but in every other country I've gotten a SIM it's been a matter of picking it up and the store and handing over money, same as if you're buying, say, deodrant. You can top up money anonymously too by buying prepaid vouchers.
I've certainly never had to hand over stuff like social security number (wtf?), but perhaps laws and/or telcos are different in U.S.
My family lived in Thailand when I was teenager, and this is how it worked there until just before we left (around 2013) there was a new law or something, and you actually had to physically go to a place, fill out a form, and show your passport just to get the stupid sim unlocked. At least in the US you can do it online or through the phone.
If there are enough people like you, I'm sure they'll find some way to accommodate you. Maybe they will accept a scan of your passport or ask for a bank account number or some other piece of data that makes it at least a tiny bit harder to open an account.
It won't be long before https://haveibeenpwned.com/ will let you type in your driver's license or passport number and tell you if a scan of it has been leaked.
There has got to be a better way to do online identity as a society! The most promising ideas I've heard about are WebAuthn and Estonia's digital identity system. How long is it going to take to get out of the dark ages and get this right?
One thing I'm sure of, uploading a scan of my passport to every website is not an appealing thought. Besides the inconvenience, do I really want my passport spread around on dozens/hundreds of different high-value servers run by who-knows-who?
Suppose WebAuthn was the standard authentication scheme everywhere. People used a series of tokens (Yubikeys, phone apps, etc.) with private keys which they use to authenticate to services. The government runs a department where you present them proof of your identity and the public keys from your Yubikeys/whatever, and they would publish a cryptographically signed electronic message which read the equivalent of "the owner of the private keys associated with public keys a, b, and c is a real person"). Then, when you signed up for an account at Twitter, or wherever, they could quickly check that published list and know that you where a real person.
Advantages, you own your own private keys and completely manage your online identity. The government doesn't have any control over where you log in, or who you sign up for accounts with. Also, you can remain anonymous to the site you sign up to. They can check that you're a real person and only signed up once, without actually knowing your real name or other details.
This still doesn't allow for the case where you have multiple accounts for valid reasons like keeping personal and professional accounts but neither does a phone number so this is still an improvement.
I think the main thing blocking this is its a huge pain to go through this system when the average person doesn't care that facebook and twitter have their phone number
I have 700+ accounts recorded in my password manager. Organizing, managing, occasionally changing passwords on important ones, etc. etc. takes a non-trivial amount of time and dedication!
And it's way way harder for many people who never got a system down, something I'm reminded of every time I visit my grandparents.. :-) Their main email account used to be an old ISP one that they'd payed for for years, and for whatever reason (I couldn't figure out why) it stopped working with some sites. Without that email account they lost access to a bank account, several credit card accounts, and some other stuff, and I ended up walking them through setting up a gmail account and calling in to change the email associated with all those accounts. Well, I used their landline phone to help set up the gmail account, and this year they moved, no longer have that phone number, and lost access to that account. I tried to help recover it, but wasn't successful. Guess what... they had to repeat the process for the bank and all those credit cards.
NOTE: in the following when I talk about "digital cash" systems I am not talking about blockchains!
It might be possible to do something based on one of the centralized "digital cash" systems that cryptographers have developed. A typical system allows some central entity (e.g., a bank) to issue a "digital dollar".
The digital dollar can be transferred to a merchant in such a way that the merchant can turn it back in to the bank, and the bank (1) can recognize that it corresponds to one they issued, (2) can tell that it has not previously been turned in, and (3) gets no information whatsoever about who they originally issued it to.
So suppose some entity that people trusted revealing their identity to provided a service where you prove your identity to them, and they use a digital cash system to issue you a token. You can redeem that token at Twitter, which verifies it with the issuer, and if it is valid and not previously redeemed, lets you create an account with no further need for identification.
The token issuing entity does end up with a list of real identities of Twitter users, but has no way to match those to Twitter accounts. (Or rather, they have the identities of people who asked for Twitter account creation tokens...they have no way of knowing if a given person ever actually went ahead and created an account).
If your Twitter account gets banned and you want another one, you'll either have to try to go through the token issuer again, and they can see that a token was already issued using your real identity and refuse. You'll have to do something like get other people who don't have Twitter accounts to use their real identities to get tokens, and then give those to you.
That was just an off the cuff idea, to suggest some possibilities, and based on the capabilities of the earliest digital cash systems. I bet you could design a more sophisticated system where the token issuing entity works with multiple sites, and can't tell which site you are getting a token for, but can still limit you to one account per site.
You don't even need the token issuer to have government identities, you just need some way of rationing tokens.
Using identities for that is actually somewhat problematic because identity theft is generally pretty easy. The attacker compromises many devices, or a database containing the information of millions of people necessary to impersonate any of them to the token issuer. Then not only does the attacker get a large number of tokens, a large number of people also lose the ability to sign up for the service themselves. It also opens you up to deanonymization attacks if the token issuer and the site collude, or anyone else can compromise or coerce both of them at once.
But there are plenty of other alternatives.
You could ration them based on some other scarce thing, e.g. issue only X number of tokens per public IPv4 address or IPv6 /64 block per year.
You could exchange tokens for a security deposit. A few dollars for a token that can be used for over a decade is a minimal cost to a real user, but a few dollars for a token that lasts 90 seconds before getting banned is a real cost to the spammer.
And you can combine them. One free token per public IPv4 address per month, and if you need more then provide a security deposit.
There is proof of stake. You stake some moderate amount ($25), refundable at any time but forfeit if you spam. For a non-spammer it effectively costs nothing but the spammer loses their stake for every spam someone reports, and every spam posted against the same stake can be disabled at once.
The requirement obviously being the ability to make small anonymous payments.
I think it would be great for Twitter if they could get away from the advertising model. If holding a Twitter account required holding a share of Twitter stock, I wonder if users could end up owning the platform?
I have a really split opinion about this. On the one hand I've seen a lot of really hateful stuff lobbed around on sites like Twitter, and I suspect that linking accounts to phone numbers would dramatically reduce that. On the other hand, I'm not sure I want Twitter (et. al.) knowing my phone number.
I think that at this point FB has proven that people will be nasty regardless of how not-anonymous they are.
As such I'm doubtful this will change anything about peoples behavior.
It's also quite scary how nonchalant many people here are arguing for this to stop "propaganda" which these days seems to be as easily defined as "Anything that doesn't conform with a Western/US-centric narrative".
Because I have yet to see one of these "propaganda ban waves" be reasoned with anything but "Russia/Iranian/Chinese propaganda" like that's the only kind of "propaganda" that exists [0].
As such I consider these "propaganda bans" just another exercise in propaganda [1].
This is bit of hypothetical, but does some sort of pki-like scheme exist that would allow me to hold a certificate (of sorts) from an authority that I could use to prove myself to an service, but also simultaneously would not leak any information about me to that service? Similarly service a and service b should not be able to link accounts behind my back. Sounds like a interesting crypto problem
There'd need to be some central authority (like you said) doing the certificate issuing that verifies that you are, indeed, a human, and that your a unique human that they haven't already given a certificate to.
Chances are they'd want more than a phone number; probably a photo ID or something as well, else their value proposition isn't very strong.
I'm not sure if that's better for privacy and safety than many services asking for just a phone number (which I can generate a semi-throwaway Google Voice number for).
Seems like it would make a lot of sense for them to offer both options; either would discourage bots, and you'd give people the choice whether to go the free route or the privacy-conscious route
Sad but true. At the hosting company I work for, we had to start requiring phone numbers for cloud servers due to a massive wave of abuse. It's one of the few roadblocks that helps at least somewhat.
Previously, we didn't even require a full name. A few idiots always ruin it for everyone.
Bad attitude. They're not idiots, they're abusers. Ruining it for everyone else is a feature, not a bug, although if they have been using a platform successfully they may be sad about their scope for abuse being curtailed. Also, consider that punishing everyone because of the actions of a few is the overreaction of someone who isn't willing to understand the problem and just wants it to go away.
You seem to ignore that this constrains abusers as much as it does legitimate users. Collective punishment in order to mitigate abuse by a few is the wrong way to go.
Invest in your content moderators and in tools to track and trace them. Very few firms seem to have any interest in how or why they are selected by abusers or in the dynamics of the abuse that takes place on their platform. People pointing out abuse are usually treated as an annoyance, when in fact they may have considerable knowledge about the bad actors exploiting the service.
A very low-cost approach suitable for a small firm would be that if someone is abusing your platform, you expose their account history.
This is, you might say, not just an important problem in society, but the only problem in society.
"Why do I need a driver's license? It's just bureaucracy and a revenue collection scam." Except, when you don't test drivers or provide a mechanism for taking bad drivers off the road, a few bad people spoil it for everyone.
And so on, and so forth. That is not a justification for any one thing like this, but the general principle is that when the bad actors make things toxic enough for the mainstream users, somebody has to step in, or a social platform quickly degrades until it becomes 4Chan, or Gab, or whatever.
> "Why do I need a driver's license? It's just bureaucracy and a revenue collection scam." Except, when you don't test drivers or provide a mechanism for taking bad drivers off the road, a few bad people spoil it for everyone.
This is an atrocious analogy. The reason we require licenses for motor vehicles is that they are very dangerous pieces of machinery that can easily do fatal damage to car occupants and pedestrians, as well as property damage. Likening such a domain with that of communication and speech (what we're discussing here) is ridiculous.
Think through this analogy a little more thoroughly. Freedom of speech is an important issue precisely because it’s dangerous. Speech can ignite revolutions against unjust tyrants, and speech can also mobilize hate and terrorism.
Speech is not without consequence to society. If it was not dangerous to the lives and property of others, it wouldn’t matter so much.
I think the argument that speech is less dangerous than the right to drive a car is naïve and uninformed by both history and what we see in plain sight.
I mean seriously, can you look at white supremacist terrorisms radicalized online and tell me that speech has no consequences?
Of course it has consequences. If speech didn’t have consequences, it wouldn’t be worth defending.
———
But even if you refuse to accept that speech is dangerous, you must accept that it has consequences, that it can affect the experience of other people.
If it didn’t, there wouldn’t be a need to moderate speech on this very platform. Everyone could post anything they like. It would be more like... Maybe the right to park your car on a busy street during rush hour.
Nobody will slam into your car, but it will certainly affect their use of a common resource.
Unrestricted use of a common resource leads to a tragedy of the commons, and nobody ends up enjoying it except the vermin, who reduce each other’s enjoyment to the barest minimum.
There are two ways of dealing with the issue. You can default-deny, like only allowing people to drive after a test, or you can default-allow, like just like anything else.
We usually use default-deny only where the severity of bad behavior is very high. That's because it has a high cost for both most people and the test-issuers, and it has a very high cost to the few people caught as false positives. It is a very damaging mode for society. We are also migrating into only using default-deny on the internet, even on consequence-less contexts, and the previous paragraph still applies.
We may get a better world if we take some of the privacy away from the network level, we may even get to keep more of it overall.
I think you don't get it. It's not about annoyance. It's about the complete unreliability of any online service today. All and every customers show (and should rightfully show if they don't yet) complete distrust for a good reason.
You are asking my phone number today and next day I will find it out in the open because of your and others' businesses don't give a .... when it comes to security.
And don't tell me that's only a minority or the exception. Because that's just simply not true.
500px, Quora, Facebook, Twitter, Equifax among others all have been hacked at one point or have been exposed as unreliable and untrustworthy. It's just simply not a logical proposition to trust any online platform with private and/or sensitive data.
We do care about security and hash the phone numbers after sending the verification SMS (we only need to determine whether a given phone number is associated with a locked account - a hash is good enough for that).
Our problem is that criminals open hundreds of accounts with fake data and stolen credit card data, abuse our services until we get abuse complaints or detect it and lock them, then repeat that. This leads to legitimate customers suffering from bad IP reputation and is expensive to clean up.
Requiring phone numbers and blacklisting known throwaway providers has been extremely effectively in preventing this, without generating complaints from our legitimate customers. We don't want to use browser fingerprinting or other intrusive mechanisms for detecting sybil registrations.
When the NYT is cheer-leading for the next foreign war, will they get kicked off Twitter to? I sincerely doubt it.
America's newspaper of record has a track record of being wrong during the onset of wars, parroting whatever Washington tells them is true, then eating crow much later and apologizing for. The most recent case was the aid truck fire in Venezuela, which it took them weeks to correct. You've also got WMDs in Iraq that never existed, and their parroting of the Nayirah testimony in 1990, only to admit two years later it was fraudulent.
Companies shouldn't be regulated at all ever except when it comes to letting racists spout hate. Then they should be regulated into requiring that. Plus harassment and other bad behaviours.
The same way we have the robocall situation (thanks to shady telcos that turn a blind eye), the same way this system will be bypassed with similar telcos offering massive blocks of numbers at very cheap prices per unit (Twilio numbers seem expensive at small scale, but I guarantee you will get those prices down if you commit to getting like a thousand of those or so at once).
What you're saying is, this has increased the cost of creating a Twitter spam account from practically zero cents to... what, 50 cents an number? A few dollars per number?
That's a huge leap, and it sounds like requiring a phone number is a great way to increase the cost of spamming.
I'm not the CFO at Twitter or anything, but even I can see that spam and propaganda cost those guys a lot of money. The number of advertisers who stop paying Twitter because of spam will be orders of magnitude larger than the number of advertisers who stop using Twitter because of phone numbers.
Did you read the link to the EFF page I added to the post? Why should Twitter be considered any more trustworthy than Facebook when they ask me for something they don't need to know?
They can avoid being victimized by spam and propaganda some other way... preferably some other way that I couldn't trivially defeat by giving them the number of a throwaway SIM card or a public phone booth.
How else would you suggest they combat spam? How do you receive a verification SMS on a public phone booth?
Most actual humans have a phone number, and Twitter wants a semi-1:1 mapping between human and Twitter account. Spammers have hundreds. This seems like a reasonable way to greatly increase the cost of making accounts for spammers.
Disable the account temporarily when some (small) number of other users flags its posts as spam. If a user is discovered to be filing false spam reports, disable that account. Accounts without a history of posting legitimate tweets should be rate-limited in both their posting and reporting privileges.
Externalizing the costs of fighting spam and "propaganda" (whatever that is) by demanding irrelevant personal information from all users is not the answer... at least, it's not the answer to those particular questions. It's better to empower users to build the trust necessary to solve the problem themselves.
>Disable the account temporarily when some (small) number of other users flags its posts as spam...
I'm not sure you're really hearing us.
The advertisers don't want their ads connected to spam or propaganda posts AT ALL. If Twitter actually shows the post, and then has ads along side it, it's too late. I mean it's great that someone bothers to flag that post as spam, but the advertiser's Twitter firehose processor is going to detect that pairing. Under your proposed regime the advertiser would be constantly detecting violations by spam users who were not being punished by Twitter. Under Twitter's proposed regime, the advertiser would report the first violation and the user, and his/her posts, would be gone. On top of that, there would be far fewer occurrences of such matches in the firehose data in the first place because accounts would be more difficult to create. Now add to all that the fact that the spammer would have to get a new burner phone to create a new account. That cost, coupled with the fact that each account could only pull off limited spamming means less profit for the spammer.
Put another way, the ROI of each new account tends toward zero under Twitter's model. Under your model, the ROI is bounded only by chance. That chance being the chance that enough people bother to mark the post as spam. Here's the thing though, what if they don't? What if the first Twitter hears about the spam is from the advertiser? Being in that situation is what Twitter is trying to keep to a minimum. That is the nightmare scenario that they live in today. Today they are in that situation several hundred times per week. Those are uncomfortable calls. (Probably hundreds per day by now? I haven't checked in a while.) With their new system, over time, I could see that going to ten to a hundred a week. (Maybe even lower if you add automated firehose processing for advertisers on the backend.)
They say "The customer is always right." Well, for Twitter, the customer is the advertiser.
The advertisers don't want their ads connected to spam or propaganda posts AT ALL
Then they will need to get used to disappointment, just like the rest of us. What they're asking for -- and what Twitter is promising -- is not reasonably achievable without fundamentally changing the nature of the service.
Today they are in that situation several hundred times per week.
TWTR has a $25 billion market cap, which they achieved with their current terms of service. I'm sure I have a violin small enough to play for them around here somewhere, but my scanning electron microscope is in the shop.
There may be negatives to this, but if you listen to any recent talks with Jack Dorsey, he is genuinely concerned about combating the amount of fake accounts on Twitter. Of course, it's both a moral issue and a business issue but that's beyond the point. If giving my phone number to Twitter means it can have an ever so slight positive impact on the amount of trolls and fake accounts on Twitter, then it's a good thing to me...
However, we have seen with Facebook that giving your phone number doesn't necessarily work in combating trolls, so I'd be interested in how exactly they will use it.
You don't do it each time, you keep a single prepaid SIM as your "spam number", like people have spam gmail accounts for online competitions and random crap.
I've been doing this for years. I have a $2 prepaid sim in an old phone sitting in my desk drawer. It's always off, and I only turn it on to approve a new signup or something. That way they can sell my number to marketers as much as they want, it doesn't bother my "real" number with robocalls and spam texts.
What's mostly surprising is the insane increase in spam texts in the last year or so of using this method. I used to turn it on once a month or so to sign up to a new site, and have a few random texts... these days I get dozens a month, only proving more than ever that this method is worth doing.
That still allows geolocation. But one can lease hosted SIMs. Actual SIMs in server farms. So they're "real" mobile numbers. Just not located where you are.
I doubt twitter is going to get your cell tower location just from your phone number. Sure, the cell provider has it and is probably keeping it around, but unless you attract significant attention to yourself (eg. bomb threat), it's not going to be disclosed. If you're really paranoid you can use it a few blocks away from your usual location.
The ToS of those providers prohibit the use of that except with explicit consent. I'm aware that the providers do little verification that consent was given, but I'm doubt that established companies such as facebook or twitter are going to risk a PR fiasco to get better anti-fraud numbers.
Its a bit weird complaining about a platform asking for your phone number when in the past tweeter worked only via sms.
https://en.wikipedia.org/wiki/Twitter#Format
Lucky those that created their accounts early on.
Forcing us to put more data then what is needed should be banned from any social platform.
I really don't get any of this eager race to collect all personal data possible.
Google is already on to us with Chrome and Android. If people were really afraid of this they wouldn't even buy phones, do phone calls (from land line) or even send a personal registered mail (it could be violated). Hell, trust no one with your secrets. Don't even write it in a diary, someone may reconstruct it even after you burn it to ashes (I see a lot of CSI).
Still good to be updated on this.
They are requiring a mobile phone number for some time now even when not on VPN, TOR and alike.
This is very worrying that more and more services are requiring a mobile number, especially for services that are used with business background. That means, in your business you need to have a business mobile. You need to track who registered with what phone number and so on. Email accounts are much easier to manage. But mobile numbers is a big problem, especially when employees leave and mobiles get deactivated.
To add insult to injury, not only do they lock your account almost immediately after you've created it without a phone number - unless you managed to change its settings to not spam your email address you will now be locked out of changing the setting and they will send you spam nearly every day.
Attempting to stop the spam through the in-email link just brings you back to the "locked account give us a phone number" flow.
Anything tied to a phone number is inherently insecure, these things are becoming like SSNs but even more problematic. I haven't had a true phone number in a couple years, but I guess if I ever need to create a new twitter account I will need to get one?
What it doesn't include: The cost of the users you will lose because you have a dog shit user experience blocking people before they even get to sample your service.
You can't put a price on it. Imagine, for example, if when Donald Trump was signing up for Twitter, he got irked off and decided to use a different platform instead. That's potentially 60M people using your competitor. Poor user experience can decide the entire success or failure of your service or product.
People generally have too much tolerance because they've been programmed to accept bad user experience as normal. Services which require you to confirm an email are the typical example.
Imagine a door salesman came to your door, pitched you a product, but before you discussed any price or subscription, they ask "please can you go and get a shovel while I take a dump on your doorstep?" Well, that's the kind of experience people get online.
When I signed up for Twitter it was so I could post short messages from my phone that hopefully my friends and family would see and perhaps some small number of other, random users. You’re phone was your ID essentially.
I once signed up for an account and didn't give a phone number. Everything was fine and I filled out my profile. Later that day my account was restricted for "suspicious activity" ( I hadn't done anything except fill in the bio ) and the only way to reinstate it was to verify my account with a phone number.
Now, I am not saying it was a nefarious way to get my phone number. It's more likely a side effect of processes designed over time by many people.
But if I were trying to sneakily require someone to give me a phone number without explicitly saying so, that is how I would do it.
I'm seeing conspicuous parallels with YikYak. YikYak was facing an abusive userbase that proved difficult to moderate or restrain. Then they introduced the phone number requirement which did seem to reduce abuse. But of course YikYak died not so long after.
Granted, Twitter is in a very different position than YikYak. Curbing user growth in order to afford a better experience for the existing users is likely a good tradeoff.
This doesn't really solve the problem. But it does make it a pain in the butt for me to just create an anonymous account to bitch about random stuff on, which I've tried over TOR before and they don't make it easy. If I am highly motivated to create fake account, I'll create a fake account through a burner or more some service like twilio.
It also happened to me. Signed up using an Outlook webmail account, residential IP, Firefox with Incognito Mode and Ghostery.
Once your account is disabled, the ability to delete (oops, I meant deactivate) your account is gone. I emailed support to delete my account since I am now unable to do so, and instead they re-enabled the account.
Created a new account yesterday (from Australia) and had the option for either email or phone number (went with email). Haven't since been asked for a phone number. Disclosure (haven't read the article, just responding to the title 'Twitter forces all new users to enter a valid phone number')
I actually had to borrow a phone number to create an account and use Twitter in an emergency, since it was the only channel where a service provider would respond to messages. The whole situation was mind boggling.
You also can’t reuse the phone number across different accounts, so I am locked out of about ten of my usernames (locked for “suspicious activity” even though they have been idle for a year or more) unless I give Burner or someone else a ton of money. It sucks.
Good, it's a terrible service so I support any terrible practices they choose to support in speeding towards their demise. It's always been just a platform for the self entitled (verified profiles) to spread their gospel to the masses.
I know for a fact some people had the wherewithal to not disclose their phone number to everyone who asked and therefore do not have your particular breed of problems. Your outright dismissal of their right to privacy is therefore tenuous at best, as it's founded on a premise that is untrue.
Twitter should have imploded years ago. No one seems to remember that Donald Trump saved Twitter. It was for sale and couldn't find a buyer, no one wanted the CEO position so they bribed the old CEO to step back in, losing TONS of money. Then the at time presidential candidate used Twitter to market his campaign. It's harmful social commentary that forces people/media/influences/etc to use catchy one-liners to spike retweets. People are mad that the media and journalist are overly sensationalizing but Twitter users just feed the machine.
It's true that in late 2016, Twitter was reported to be potentially bid on and purchased by companies like Google and Salesforce [0]. Though looking at its stock price history, it remained around its end-of-2016 price, until 2018 when it finally showed a profit in late 2017 [1]. In that time, according to that Recode article, its user count only increased by 3% from 2017 to 2018, and revenue only increased by 12%, comparing 2018Q1 to 2016Q1 (Facebook's revenue went up 122% in that period). As a frequent Twitter user for the past decade, my impression is that maybe Trump's election made Twitter more of an "official" place for "important" things. But that added prestige also resulted in far more scrutiny that Twitter had ever had regarding bots and abusive behavior, necessitating them to have actual measures and policies (and, presumably, more staff dedicated towards that).
I don't think it's definitive to say that Trump directly saved Twitter, though. Twitter was already on a trajectory to be the place for breaking news. Whereas Facebook's attempt at such as basically imploded. But maybe Trump's habit of using Twitter so prominently basically cemented Twitter as a habit for many other users, especially those in the media.
"We detected suspicious behaviour in your account. Please send a copy of your ID to prove your identity. We promise we'll delete the image of your ID within 30 days." [0]
Yeah, right! They'll delete the image, but will still have the data...
So now I have a FB account I would like to delete, but cannot, because I cannot log into it. Should I just believe in GDPR, unblock my account and request for total deletion of data about me?
Could it be argued that this is in contravention of the GDPR? Can Twitter demonstrate that it's necessary for them too have a phone number to provide their service?
Requiring a phone number causes problems and, depending on the situation, is easily bypassed by a determined bot author. [see other comments in this thread] It is also ineffective at preventing people from posting rude, misguided, or hateful comments (people post terrible crap under their own name on Twitter/etc all the time).
Bad actors causing problems on a globally-accessible platform is not a new problem. Multiplayer games from MUDs to the modern MMORPG have several decades of experience with the problem[1]. Most attempts at fixing the problem don't work, because they are don't guarantee the bad actor has to pay what they perceive to be a large cost. Unless the incentives are fixed, bad actors will continue to be a problem.
(I'm summarizing; for as much better explanation, see Raph Koster's talk[1])
Cost does not mean money or anything that is widely available (like a phone number). Credit card numbers are trivial to change, and phone numbers are cheap. The cost to the potential bad actor has to be something they don't want to pay. In an MMORPG, deleting the high-level character that someone spent 20+ hours leveling up hurts a lot more than having to provide a (potentially new) phone or credit card number.
To make a serious punishment like character deletion legitimate, there needs to be some sort of publicly visible due process of law involved before it can be used. That means being informed of the specific accusations instead of Google-style banning for unspecified TOS violations. That means a legitimate appeals process that doesn't simply send appeals to /dev/null or handed to the accuser to judge if the appeal is legitimate (like YouTube's content_id (not DMCA) takedowns).
How could this work on something like Twitter? Banning a troll only forces them to make a new account (a minor expense). Hiding all of their comments for a while (or eventually deleting them if the bad behavior continues) denies the troll the fruits of their misbehavior.
Of course, bots and bad actors is only part of the reason Twitter wants a phone number. Without a Ulysses pact[2] binding their future behavior, Twitter is free to continue acting as a surveillance capitalist[3].
Well, there are a variety of good reasons why real-name policies aren't always the best idea. The "authentic real self" approach works okay if you've got the social and political capital to weather any negative consequences of your statements being directly associated with your real identity, but that's not true for many/most(?) participants in our democracy. For example:
* a queer youth in a deeply conservative area takes their life in their hands by being authentic w.r.t their sexuality
* a conservative employee of a liberal company risks their livelihood by expressing beliefs espoused by a mainstream political party
* a feminist activist is stalked by creeps who disagree with their legitimate speech and have their dox at hand thanks to the real-name policy
You don't need to reach very far to find plenty of specific instances of the above issues. Furthermore, that's limiting the conversation to the American political arena. The issue is immeasurably more severe in areas of the world where political violence is a fact of daily life. One commonality is that the chilling effect is strongest among marginalized groups - real-name policies wind up as tools for majoritarian oppression, as the opinions that are most safe to voice are the ones that are the least controversial. This is just a small sample of topics in this fairly well-researched space; check out[1][2] for a lot more depth.
I guess what I'm getting at is that a real-name policy would work great if negative consequences only accrued to genuine bad-faith actors like bots and propagandists. Sadly, that's not the case - completely civil, legitimate speech is chilled by the threat of physical violence, social crucifixion and financial disaster enabled by gratuitous real-name policies.
On top of that, it's not like real-name policies are some kind of panacea for the problems you mention. Facebook aggressively enforces theirs, and they were hardly immune to the problems Twitter has dealt with in/since the 2016 election. If your concern is more around people saying stupid shit "around movies and political events" - again, take a look at Facebook. Your great-uncle Larry doesn't care that everyone knows he thinks Obama was born in Kenya.
This is why I'm more keen on alternative solutions, like the identity-vouching providers discussed up-thread. Instead of a real name acting as a proxy for legitimate interest in participating in a given conversation, use a trusted third party to establish that a given account really is, say, a voting American citizen with service-specific hash s (to avoid sockpuppeting) and not some guy in a basement in SPT. That way, you get some of the hypothetical benefits of a real-name policy w.r.t cutting down on abuse while maintaining the freedom of expression afforded by pseudonyms.
I know this is an unpopular opinion, especially on HN, but it's my stance as well. I can list a dozen reasons why anonymity is desirable, but I honestly don't care. I prefer to interact with people who own what they say. It keeps the conversation far more civil. The more anonymity a forum allows, the more vitriolic the discourse. I'd prefer to interact with adults. Anonymity is a recent curse and it absolutely does not aid democracy. It doesn't even aid free speech. It enables trolls, bots, and hatemongers to drown out average people.
It was only months ago that Lime and Bird were accused of racism and other discriminatory behavior due to the requirement that users have mobile phones to unlock the scooters. It was enough for them to develop cash-based access systems. Why is it acceptable for Twitter? Should I not be allowed to sign up on a public terminal and tweet without a mobile phone?
This is what I don't get. Twitter is a company, a social network which has its own internal rules.
When you sign up, you accept the terms & conditions, now which requires that you have a valid phone number to use the platform. If this is not convenient for you, why should Twitter change? Why not just move on to other services?
To me it seems like that people want to be part of the "community" and sign up on the platform, but still dictate their own rules. Why would Twitter consider such users?
That's essentially the question I'm asking. The outrage seems arbitrary. Is it just that Twitter has been around for over a decade and Lime, e.g., is new?
It seems reasonable to me that Twitter can require a phone. Why doesn't that extend to other entities?
They will send you an automated mail, offering to validate your phone number, or reply to the mail if your problem is not solved. Just reply to the mail.
Unfortunately, processing the request takes anywhere between 10 minutes and 2 weeks; usually a couple days at least. I assume this is on purpose to make it cumbersome for spammers.
They always reply with the same boilerplate, but the account will be unlocked: