We're going this way as well (requiring & verifying phone numbers, not locking accounts).
We don't have a problem with bots, but users in the "not so tech savvy" segment tend to switch/discard/forget their email address. Rather than try to recover their account with us, this group will subsequently just create a new one, and then wonder & complain that their profiles/settings/content/histories aren't carried over. We fix them up after an identity check. It's both a support burden and a negative user experience.
Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity, and thereby help us to detect account duplication and manage it.
People also make fewer errors in entering their phone number.
It irks me that public sentiment could be normalized against supplying a phone number due to abuse by the global-scale consumer surveillance utilities, because those of us running trustworthy businesses can use it to legitimately provide a better user experience.
> Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity
Exactly why using verified phone numbers endangers a user's data. A phone number is much closer to a their true identity than an email address, exposing disparate system data to be cross-referenced by breaches and malicious actors.
For this very reason it's illegal in Australia to use a person's government uuid (Tax File Number) as a username.
I'm sure the unwashed masses don't care right now, but the recent kerfuffle over Facebook's sneaky 2FA switcheroo and other privacy sins shows that they might care after enough scandals.
> Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity
I'm not sure this is actually true, at least in the long-term. Most people keep their phone number for a long time, but if they ever cancel their phone service, the number usually gets recycled and given to someone else (unlike an email, which almost never gets re-used). If you're storing any kind of sensitive data, and allowing people to access it as long as they can verify their phone number, it could end up being a pretty serious privacy risk. It could also stop people from signing up for your service - if I get a new phone number, and the previous owner of the number has already signed up, what am I supposed to do?
That's an interesting nuance and is the reason we can't/don't use phone number as the primary identity, and must be wary of it for account recovery, but we can and do safely use it (in conjunction with other factors) for duplicate account detection.
> Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity, and thereby help us to detect account duplication and manage it.
What service do you offer? Because I would never give a company where I wasn't paying for the service my phone number. How do you guarantee you won't misuse it or have ample protections in case of a breach?
We're a two-sided network for sports competition management and work with athletes, clubs, associations, and governing bodies. Users pay real money for our services, we don't carry ads or even tracking pixels, and our privacy policy details exactly how, when and to whom PII is disclosed.
The broader point is that collection of phone number isn't intrinsically a bad thing, it's rather the usage and trust level that matters. Judging by the parameters and caveats in your question, you have a similar perspective.
>The broader point is that collection of phone number isn't intrinsically a bad thing
Phone numbers as usernames is intrinsically bad for user data security at the meta level. If a service requires a verified phone number to signup, it becomes a de-facto username.
Let's say a fetish dating site is partially breached, and the usernames are emails. Now your let's say your database is fullly breached, with the usernames as phone numbers and emails included. Guess what happens next with the intersection of those two datasets?
That is a general problem even if the phone number is not the username and is not limited to phone numbers, but also any data that is referenceable by email addresses, which is to say almost every unit of PII in almost every online system that exists today.
The implication being that if a system requires a verified phone number to use, then breaches are intimately tied to an individual's real identity. This is far less true of email addresses.
Your remarks only make sense to me if you're trying to remain entirely anonymous on a fetish dating system whilst simultaneously disclosing personally identifying information for reasonable use, and I can't reconcile these two objectives.
At the meta level: I use a variety of online systems that I trust to varying degrees, from high to low. Currently I can control my level of information disclosure by using different email addresses. If these systems now require a verified phone number, I then have to trust them all at 100%, tied to my real identity.
So a SaaS website requiring verified phone numbers seems benign on the surface. However if this becomes widespread then the overall identity landscape is compromised for the user.
At the system level: This is essentially the pseudonym-vs-realname debate. Twitter is the perfect example. Let's say I open an account to whisteblow on my government's nefarious activities. Now if there's a breach or state interception (eg China), they know exactly who I am and where to find me.
Well then this is going to bake your noodle: we also ask for correct name, date of birth, and emergency contact details, because those are also useful/necessary for our business.
Fair enough - your product is clearly operating at a high level of trust. My concern with required verified phone numbers is if they become a widespread pattern, I now need to treat eg my Reddit porno alias as if it is linked to my street address (in case your system and Reddit become compromised).
Back to the context of Twitter, this is mitigating the troll system problem by introducing a user identity one.
> our privacy policy details exactly how, when and to whom PII is disclosed.
And it's your right to simply change that privacy policy whenever you see fit, and you still have my phone number. There is nothing legally and systemically that revokes your right to that.
> The broader point is that collection of phone number isn't intrinsically a bad thing
It's intrinsically a bad thing because our general trust model is simply fragmented and thus poor. See my point above.
>Rather than try to recover their account with us, this group will subsequently just create a new one, and then wonder & complain that their profiles/settings/content/histories aren't carried over.
We're in a similar sort of space with regards to shifting emails and a lack of easy account recovery. I have educated my family on password managers and I really would appreciate (it's beyond my means) someone putting some serious effort into getting a larger proportion of the population onto using password management software - along with a nice free cloud based option. There is so little data involved in these sorts of things that it's got to be pretty much incidental to offer free storage in a safe encrypted manner.
What service of yours am I avoiding now? Phone numbers are terrible pii for reasons enumerated here and countless other posts. Why on earth would you do that?
"Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity"
That isn't what I saw in the Verizon store today while I was disputing a charge on my bill ($10 trade-in on an account that never had a trade-in device at all?) Many people were changing their numbers.
To boot, I'm sure there are plenty of burner phones in use out there, I have six of my own with plenty of rollover minutes/texts.
We don't have a problem with bots, but users in the "not so tech savvy" segment tend to switch/discard/forget their email address. Rather than try to recover their account with us, this group will subsequently just create a new one, and then wonder & complain that their profiles/settings/content/histories aren't carried over. We fix them up after an identity check. It's both a support burden and a negative user experience.
Turns out that phone numbers, whilst also subject to flux, have better long-term congruence to identity, and thereby help us to detect account duplication and manage it.
People also make fewer errors in entering their phone number.
It irks me that public sentiment could be normalized against supplying a phone number due to abuse by the global-scale consumer surveillance utilities, because those of us running trustworthy businesses can use it to legitimately provide a better user experience.