Introducing SMS verification for new Vivaldi Accounts
-
It is a very bad move to privacy, no matter why or how.
I joined the Vivaldi community because I thought you care about your user's privacy. Today I see you don't.GAFAM did the same radical chose few month ago...I see you follow them, that's sad.
My tip for your next step : you could ask a scan of the user's passport or id card. This is much more efficient to keep away fraudulent users than SMS phone verification.Welcome in 1984.
-
@vuxdgc said in Introducing SMS verification for new Vivaldi Accounts:
I joined the Vivaldi community because I thought you care about your user's privacy. Today I see you don't.
Your account was created 44 minutes ago……
-
@hlehyaric There was already one like this, you know.
-
@potmeklecbohdan I was not aware of it, I just noticed that one.
-
@hlehyaric So you don't even read posts you upvote?
-
Calm guys, SMS verification for mail and blog also makes me especially happy, but not by the method itself, but by leaving it in the hands of third parties, which can indeed be a bad decision regarding privacy. Perhaps the Vivaldi team retracts after our protest, if instead of ranting we contribute ideas to avoid spam without relying on external services.I believe that Vivaldi is a work in collaboration with the user and for this they are not necessary protests, but constructive suggestions.
-
@potmeklecbohdan I must confess I'm lost. I 've updated posts from people that are in the forum since some time now. Do you mean in another thread?
-
@hlehyaric No, I mean this thread — but then I asked to delete them as the user is also deleted with all their posts.
Seethis screenshot
(already deleted).And, uhm, stop the off-topic.
-
@hlehyaric said in Introducing SMS verification for new Vivaldi Accounts:
@vuxdgc said in Introducing SMS verification for new Vivaldi Accounts:
I joined the Vivaldi community because I thought you care about your user's privacy. Today I see you don't.
Your account was created 44 minutes ago……
I joined the Vivaldi around March 2019. Hope this happy news makes me more credible to you... if it is that you need.
You pick up this info from my forum profile because that's the first time I log in to the forum and post a message.
Yet it was easy to guess, just by looking at my message counter...And anyway I don't see how picking up such a personal detail, probably to try to discredit my point, is relevant...
-
On a positive note - this should fix the problem where new users were sometimes unable to create a blog because it got caught in the spam filter.
-
This is a thread I opted to follow for seeing if I learn and understand some of the matter.
Regreted. Neither learning nor understanding.
Unique asking: my Viv webmail will remain guaranteed for me? Or menaced? I've just given it to Microsoft for alternative communications, when and if needed. Result: it stays under MS special quarentine (though for 30 days!), with some MS recommendations to undo.
-
@JoaBravo The SMS verification is aimed at new users. For the time being, you are not asked to provide a phone number to log in the webmail (as far as I understand, new users have to provide phone numbers for a one time verification). Is this what you wanted to know?
-
But at the sequence of the multiple posts, there are doubts if it will not extend for the
formerpreexistent users, if, as is very possible, I have not misunderstood., -
@JoaBravo That's why I wrote «for the time being». But some posts are just speculation. It is not said by Vivaldi that there is a plan to introduce, later, SMS verification for all users, as it's (currently) a measure against spammers (according to Vivaldi). That said, who knows? (that's not very helpful, I know). I hope not.
-
@Pathduck said in Introducing SMS verification for new Vivaldi Accounts:
@0001 said in Introducing SMS verification for new Vivaldi Accounts:
due to what the utter incompetence of allowing the implementation
That's kind of harsh, don't you think? Not everyone can be a cYb3r gÜrU you know
A company that offers a browser as their main product needs people who understand security issues (even better than I do). However, even if the people at Vivaldi had no technical skills whatsoever, anyone who has taken as much as a single undergraduate course in marketing should have vetoed this due to the obvious damage it will cause to the Vivaldi "brand" that has emphasized privacy as a feature (and core value of the company, no less). I stand by my statement simply because it seems apparent to me that no one considered the consequences of this policy, and I fear similar shortsightedness in the future.
my field is security research
Well, since you're obviously such an expert on the matter, what would you suggest as an alternative, to get rid of spam from email and on the blogs?
The problem has no easy answer, as every site with a significant number of users struggles with bad actors (Amazon has said that 80 percent of the login attempts on their sites come from people trying to break in). The exact measures I would recommend would require an analysis of data that I don't have access to, but (from reading this thread) it appears that the blogs previously allowed commenting without an account. Obviously, when anonymous comments become a problem, instituting a requirement for registration represents a solid first step (which I agree that Vivaldi needed to do).
-
@0001 So far, the new verification process has not slowed new downloads or new site subscriptions.
-
Many new users are also not interested in having, in addition to one of the best browsers and an access to the forum, also a blog and an email from Vivaldi, without which they can live perfectly, if they don't want to leave the phone number. To use Vivaldi, have sync and full access to the forum, to repeat it, confirmation by SMS is not necessary. But I still think that SMS protection is somewhat obsolete and an obvious privacy hole, especially if this method is provided by an external company and therefore I think it is urgent another anti-spam system for the use of mail and blog. It is therefore a call to the geeks of this community to contribute ideas. Brainstorming time, guys.
-
@iAN-CooG Please don't misrepresent my comments.
- All of the verification methods have their flaws and have been utilized in either data collection schemes, phishing attacks, breaches or malware delivery. Even the popular RSA Fob was breached a few years back
- All of the above are run/manged by "Third Parties" whom I am reluctant to trust if I have no knowledge of them.
- Vivaldi - I trust implicitly. It is those Third parties that are an issue with me. Should Vivaldi decide on one of these Third Party systems I know they have the expertise, have done their research and have made the best decision for their users.
-
Thanks everyone for sharing your input. We understand some of your anger and disappointment and as you know we do everything possible to avoid using 3rd-party services wherever possible. We’re proud to have built this community in-house from the ground up using open source solutions.
With the mail service, unfortunately, very malicious users have been abusing our free service. We hate to see these bad practices in action. Not to mention the resources and people-hours required to keep some sanity. More recently it became so bad that scammers were using our name so we had to put a stop to it. We really wish we didn’t have to do it, but there is good news. Since the implementation of SMS verification the number of spammers, scammers and phishers has decreased massively.
We also wish to host the SMS service ourselves, but at this stage we don’t have the resources to do it and we needed to act fast. Captcha is not enough to counter such users. Some feel that adding 2FA by default is creating a worse experience as users would have to do it every time they want to log in. However we do want to offer it down the road as an option.
We hope this helps you understand our side of the situation. We’ll keep working on improving the services and implementing as many useful features as possible for the community. Thank you again for trusting us and using our services.
-
Sorry, but I have been following this topic for several days and I noticed a few suspicious things:
- Almost everyone who defends SMS verification is affiliated with Vivaldi and has colored labels (green, blue, red). I'm sure you express your own opinion, but for some reasons it looks like an "official party line". Hmm...
- You choose the cons that you can explain and ignore others one. You explained why you use a third-party service, but you ignore users who don't want to share their phone numbers. You explained that new roles works for new users only, but you still ignore people who don't want to share their phone numbers. What if new user don't want to give you a phone number? Say "Goodbye" to your growth (I can not recommend Vivaldi anymore). Do you want a tip? Just add the ability to remove a phone number from the database after verification.
- You did not warn us about your plans. Again! And now you want to discuss this. Why? For what? What will change? Nothing. The time has gone. You should open this discussion before you added forced SMS verification for all new users. That's why even old users are worried: we are afraid that it will be worse, we are sure that SMS verification for all users is a matter of time, we are worried that SMS verification will be changed to 2FA very soon (for "suspicious" users of course) and we are afraid that you will force all of us to use 2FA by SMS (the worst 2FA method), because this is so "private and secure".
I remember the time when I could change my nickname and choose URL for my blog. You did not warn me that this will change soon. And it was because of WordPress-based blog platform and new WebMail too. Coincidence?