Telegram is giving away FREE Premium subscriptions! All they need from you is to use your cell phone as a relay to text out their OTP codes! And the recipient of the OTP sees your phone number! What could POSSIBLY go wrong with this deal?
PLEASE don’t use Telegram! I personally recommend Matrix as it’s totally FOSS, you can self host, there are tons of front end clients to choose from. Or even use Signal. I have my own issues with Signal, the fact they don’t allow third party clients, you can’t self-host, they have a proprietary shim in their stack that only they know what it does, they were pushing crypto, etc, but at least Signal is better than this garbage.
I imagine SMS authorisation texts are Telegrams biggest single expense, they are for Signal https://signal.org/blog/signal-is-expensive/
Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.
That said this idea from Telegram sounds absurd. Not least I expect most contracts prevent reselling free SMS’s like this. The security implications have got to be significant too.
And it can’t die fast enough, as it’s essentially the same as broadcasting your sensitive information over unencrypted radio.
Apart from security, phone number based user identification is such a half-assed approach and I still don’t get why Signal wants to die on that hill. It’s inconvenient, yet trivial, for anyone to register a second, third or tenth phone number. With a bit more knowledge and inconvenience, even anonymously. It adds so little.
It’s pretty drastically harder to register 100 phone numbers, especially in your target region, than 100 email addresses. Major spammers and such work with automation across many accounts, this isn’t designed around someone with 10 accounts.
They accept VOIP numbers, so… not really that much harder.
They should just only allow other 2FA methods, like OTP, TOTP, and HOTP. It’s really not hard to install an app to handle it…