Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
Geographical numbers (i.e. the number which an SMS is sent from) can be purchased by a telecoms company, e.g. an SMS gateway supplier, relatively easily. It does not necessarily mean the message is sent from a company within Iran. Once the message is delivered to the Iranian telco, then thats a different matter. > On 16 Jan 2015, at 17:44, Amin Sabeti wrote: > > Google has sent its codes via SMS with Iranian number since 6 months ago. > > On 16 January 2015 at 17:39, Collin Anderson > wrote: > > On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi > wrote: > I think it means the codes are generated by the state agencies. > > They are not, the international companies would contract with an SMS gateway > to send codes. That SMS gateway should be a more or less a dumb pipe that > transmits whatever it is sent by the provider. It so happens that now the > pipe is closer to the user but the source stays the same. The SMS gateway and > telecommunications companies can certainly surveil or modify the content (the > latter wouldn't be useful for 2FA), but it should not generate the codes. > > > -- > Collin David Anderson > averysmallbird.com | @cda | Washington, D.C. > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
I think that's reasonable, not only due to the potential for interception or blocking of the messages, but also because these usually have a shorter lifespan, which should provide some added protection against the phishing of 2FA codes. On Fri, Jan 16, 2015 at 12:54 PM, S.Aliakbar Mousavi wrote: > I think regardless of its sender, since the authority can read the SMS it > would be better to ask users inside the country to use the app rather than > a mobile phone number. > > On 16 January 2015 at 12:44, Amin Sabeti wrote: > >> Google has sent its codes via SMS with Iranian number since 6 months ago. >> >> On 16 January 2015 at 17:39, Collin Anderson >> wrote: >> >>> >>> On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi < >>> elhamu...@hotmail.com> wrote: >>> I think it means the codes are generated by the state agencies. >>> >>> They are not, the international companies would contract with an SMS >>> gateway to send codes. That SMS gateway should be a more or less a dumb >>> pipe that transmits whatever it is sent by the provider. It so happens that >>> now the pipe is closer to the user but the source stays the same. The SMS >>> gateway and telecommunications companies can certainly surveil or modify >>> the content (the latter wouldn't be useful for 2FA), but it should not >>> generate the codes. >>> >>> >>> -- >>> *Collin David Anderson* >>> averysmallbird.com | @cda | Washington, D.C. >>> >>> -- >>> Liberationtech is public & archives are searchable on Google. Violations >>> of list guidelines will get you moderated: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >>> Unsubscribe, change to digest, or change password by emailing moderator at >>> compa...@stanford.edu. >>> >> >> >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing moderator at >> compa...@stanford.edu. >> > > > > -- > S.Aliakbar Mousavi > > > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
I think regardless of its sender, since the authority can read the SMS it would be better to ask users inside the country to use the app rather than a mobile phone number. On 16 January 2015 at 12:44, Amin Sabeti wrote: > Google has sent its codes via SMS with Iranian number since 6 months ago. > > On 16 January 2015 at 17:39, Collin Anderson > wrote: > >> >> On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi > > wrote: >> >>> I think it means the codes are generated by the state agencies. >>> >> >> They are not, the international companies would contract with an SMS >> gateway to send codes. That SMS gateway should be a more or less a dumb >> pipe that transmits whatever it is sent by the provider. It so happens that >> now the pipe is closer to the user but the source stays the same. The SMS >> gateway and telecommunications companies can certainly surveil or modify >> the content (the latter wouldn't be useful for 2FA), but it should not >> generate the codes. >> >> >> -- >> *Collin David Anderson* >> averysmallbird.com | @cda | Washington, D.C. >> >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing moderator at >> compa...@stanford.edu. >> > > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- S.Aliakbar Mousavi -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
Google has sent its codes via SMS with Iranian number since 6 months ago. On 16 January 2015 at 17:39, Collin Anderson wrote: > > On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi > wrote: > >> I think it means the codes are generated by the state agencies. >> > > They are not, the international companies would contract with an SMS > gateway to send codes. That SMS gateway should be a more or less a dumb > pipe that transmits whatever it is sent by the provider. It so happens that > now the pipe is closer to the user but the source stays the same. The SMS > gateway and telecommunications companies can certainly surveil or modify > the content (the latter wouldn't be useful for 2FA), but it should not > generate the codes. > > > -- > *Collin David Anderson* > averysmallbird.com | @cda | Washington, D.C. > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi wrote: > I think it means the codes are generated by the state agencies. > They are not, the international companies would contract with an SMS gateway to send codes. That SMS gateway should be a more or less a dumb pipe that transmits whatever it is sent by the provider. It so happens that now the pipe is closer to the user but the source stays the same. The SMS gateway and telecommunications companies can certainly surveil or modify the content (the latter wouldn't be useful for 2FA), but it should not generate the codes. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
I think it means the codes are generated by the state agencies. From: col...@averysmallbird.com Date: Fri, 16 Jan 2015 11:23:12 -0500 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran' On Fri, Jan 16, 2015 at 10:42 AM, Nariman Gharib wrote: I want to know anybody here know is it a big deal or not and how we can solve this issue? Their SMS partner probably now has a relationship with a local telecommunications services company. I'm not sure it's anymore dangerous than if the messages were from an international number since it's all equally accessible to interception, which is not to say there isn't concerns in that regards. I should hope those codes wouldn't be generated by a service accessible by Iranian authorities. -- Collin David Andersonaverysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
On Fri, Jan 16, 2015 at 10:42 AM, Nariman Gharib wrote: > I want to know anybody here know is it a big deal or not and how we can > solve this issue? > Their SMS partner probably now has a relationship with a local telecommunications services company. I'm not sure it's anymore dangerous than if the messages were from an international number since it's all equally accessible to interception, which is not to say there isn't concerns in that regards. I should hope those codes wouldn't be generated by a service accessible by Iranian authorities. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
Hi Libtech, Many users in Iran are reporting that, since 2-3 months ago when they are trying to active a application through text messages(Telegram,Whatsapp,skype...) or receiving 2-step verification for Google or Facebook, they will receive it through a number inside Iran and sometimes through mobile USSD. I want to know anybody here know is it a big deal or not and how we can solve this issue? Many Thanks @Listentous N -- PGP: 0xa53963936999cbb6 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
