Introducing SMS verification for new Vivaldi Accounts
-
The other day I also read another method to avoid at least the bots. The idea is quite simple, just add one more line in the registration form, which a real user must leave empty, this can be notified in the form text. A spambot is programmed to fill in all fields, with which it is reported as such.
-
That's what appears.
The SMS Verification is just for WebMail and Blog - as someone said -.
@Semenov-Sherin
So,
V would still be recommended as a Browser, for the rest of services there are other options if you or they prefer. -
@Zalex108 said in Introducing SMS verification for new Vivaldi Accounts:
I will create a new account just to add Vivaldi as a contact!
Birthday cards
Christmas best wishes...Whatsapping...
--
You will not. Don't forget a 3rd party service is used for this
-
The SMS Verification is just for WebMail and Blog - as someone said.
So, V would still be recommended as a Browser, for the rest of services there are other options if you or they prefer.I see several problems:
- New users has no choice. Vivaldi force them to use SMS verification even if they don't want to do this. Are you sure that the world without choice is so cool?
- "SMS verification" sounds as "we need to make sure you're a human", but I'm almost sure that it will work as 2FA and you can not remove you phone number when verification will be complete (sorry, if I'm wrong, I'll try to translate the article tomorrow).
- Phone number is highly sensitive data (if you don't think so, just check the next point). Look on Facebook, Twitter or other websites. Why when Zuckerberg forced users to give him their phone numbers it was bad, but when Von Tetzchner does the same it's so cool?
- I'm almost sure that if you think that phone number is the best way of 2FA and verification, you live in a country where you need only a few dollars to get a new number. It's hard to explain if you don't need documents to get a phone number, but that's why many people don't use so "private" Telegram or Signal. Phone number is more sensitive data than just an email.
- Simple example: "Syncing browser data or posting to the Vivaldi Forum: email verification only". What if the email service you use has been compromised? What if you can not use it anymore? You can not just change your recovery email, because "Vivaldi is more than just a forum". This is the problem that did not exist yesterday, but now this is your problem, because Vivaldi didn’t warn you that they were going to do this.
And this is the main problem for me: Vivaldi don’t warn us about their plans, but very often their actions become a problem for me. But they think this is OK: "This is how our services work now". But yesterday your services worked different and I like it!
Are you sure that tomorrow they won't ask you for something else? Copy of your documents to verify your identity, a security deposit to make sure that you will not use their services for fraud, fingerprints to be sure you are not a dog and your immortal soul to... show you that Terms of Service is really important to read! "Terms and Conditions may apply" and this is bad for a "privacy focused" company: use our services or get out!
P.S. There are many other methods of 2FA and many other ways to deal with spam. Vivaldi chose the simplest, but the worst. Why is this good news?
P.P.S Sorry, if I was too rude, but for me this is really important problem. I can write a huge opus "Why identification by phone number is the worst mankind invention" and now I'm disappointed that the team chose this way...
-
@potmeklecbohdan said in Introducing SMS verification for new Vivaldi Accounts:
@Zalex108 said in Introducing SMS verification for new Vivaldi Accounts:
I will create a new account just to add Vivaldi as a contact!
Birthday cards
Christmas best wishes...Whatsapping...
--
You will not. Don't forget a 3rd party service is used for this
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. -
@Semenov-Sherin said in Introducing SMS verification for new Vivaldi Accounts:
I see several problems:
On my side, I don't use the V Webmail, nor the Blog - yet -, but even in case I will and needs the Phone Verification, I've been accustomed from other Services, so for me is not a big deal.
On the other side, if you avoid that everywhere for privacy I would understand it.
But if that would compromise you, then you should use another services.
I don't know how many users uses Webmail and the Blog, but I suppose they are sane.
The verification seems to be for those other users who uses their services for other purposes.
--
Are still there any WebMail or Blog services without the must of Phone verification? -
@kahukura Sure. But they should avoid reducing the grade of privacy to fight against spam.
I am sure there are other ways to get these things sorted out. -
If you have a blog on Vivaldi.Net you know how many spam comments are here. But I'm almost sure that the reason is simple: a week ago you didn’t need an account to write a comment, a week ago you could just provide your "name" and your "email". That's why I have 3.5K spam comments and only 35 comments from real people. After these changes the amount of spam on my blog for this week is 0, but I don't think this is because of SMS verification, this is because now you need Vivaldi account to write a comment.
-
@LonM said in Introducing SMS verification for new Vivaldi Accounts:
@gaelle Some notes:
- The page says "Nexmo" but the privacy policy is for "Vonage" - I see theres's some kind of subsidiary relationship, but this a bit confusing. at first.
- "We store your information until it is no longer necessary to provide the services" - I take it to mean they don't store it at all, because as far as I'm concerned this activity can be carried out almost immediately
- "Syncing browser data [...]: email verification only." - Excellent! I was hoping that would be the case. We don't want to turn away potential users of the browser.
"We store your information until it is no longer necessary to provide the services" - I take it to mean they don't store it at all, because as far as I'm concerned this activity can be carried out almost immediately
Or if you are a pessimist like me it reads: "We store your data forever so we can sell it (as G, FB...) or in case you you post something in 230 years."
-
Although I applaud Vivaldi's efforts to try to eliminate spam in the Vivaldi Blogs, I do not think this is the best method.
Saying that I do not have the expertise to offer up a better solution.Personally I do not have, nor do I want a mobile phone.
If I were a New user I'd have to buy a phone and then a contract. In Canada that can lead to bankruptcy as mobile rates are among the highest in the world. (See: CBC and CBC again.
Yes I can get SMS messages over landline, but I would either have upgrade my phone plan or pay individually to receive the messages. Not something I'd be inclined to do.Re: reCaptcha, there has been at least one Blog here regarding this subject and many other articles on the inertnet. As it is a Google product it may require opening up to Google Services, which I do not believe Vivaldi supports.
I suppose they could go the of Opera and use something like Disqus (it was breached a couple of years ago with 17.5 Million userrs data on the loose), one of the reasons I did not continue with my "myOpera" account.
I simply do not trust most "Third Party" services. -
@greybeard If you think Vivaldi is going to do that on our data, you can remove your "Vivaldi Ambassador" tag right now. I either give them your trust or not
-
I don't like it at all. I would think twice to join the forum with phone/SMS verification...
-
This is a truly awful idea. It makes me question using Vivaldi in the long term simply due to what the utter incompetence of allowing the implementation of this implies for future decisions.
Note, my field is security research.
NIST (the body which sets standards for information security in the United States) has long hated the idea of using SMS for out-of-band verification. They attempted to deprecate it completely a couple of years back, but after a huge pushback from industries reluctant to make the investments required to raise their security processes to current practices, NIST has instead placed the use of SMS using the PSTN in "restricted" mode. Restricted mode demands that the server provider offer an alternate unrestricted authenticator. See the SP 800 series, and in particular, 800-63b for details.
SMS messages have no security, and are relatively easy to divert or intercept. They should absolutely never be used for anything important. I would argue that they should never be used for anything unimportant either (meaning without the association of a user with a number using government-issued photo identification).
Nothing at all exists from preventing a programmer with the most rudimentary skills to automate the creation of accounts on a smartphone by parsing the message for the OTP code, automatically entering it into a web page, and submitting it. If that hasn't happened yet, then it surely will within months, not years.
In summary, this is completely ineffective, and will only annoy legitimate users.
-
Did you know I made over £500 in my first week after going to the link below
Oh wrong forum
-
@Stardust said in Introducing SMS verification for new Vivaldi Accounts:
I don't like it at all. I would think twice to join the forum with phone/SMS verification...
The verification by SMS is only to be able to use the mail service and the blog, it is not necessary to use the forum nor for sync.
-
@0001 said in Introducing SMS verification for new Vivaldi Accounts:
due to what the utter incompetence of allowing the implementation
That's kind of harsh, don't you think? Not everyone can be a cYb3r gÜrU you know
my field is security research
Well, since you're obviously such an expert on the matter, what would you suggest as an alternative, to get rid of spam from email and on the blogs?
-
@Gwen-Dragon said in Introducing SMS verification for new Vivaldi Accounts:
I am happy to have registered many years ago.
With the new SMS registration i would not have done. I dislike spreading my phone number to any company.
The Policy at Vonage is not trustful for me. And i fear, after Brexit UK is outside of EU, there is no way to restrict Vonage data usage/transfer to GDPR laws.
I think the same, especially if there are other methods to prevent spam that do not depend on third-party services. Simply delaying confirmation by mail has already proved effective.
-
Vonage/Nexmo privacy policy: we collect about anything and if your data we collected gets stolen, you just have to accept that. No legal guarantees whatsoever.
-
@gaelle So, what does that mean for already registered users of your email service? Yeah, it's only for new users, for now, but how long will that last? I've seen many things change with time. Maybe migrating away from this email provider before I'm locked out and my account is hostage is a good idea…
-
@tenno-seremel, as I know this is not about 2FA, this is just a one-time verification. And if new users have a problem, this is a problem for all of us. SMS verification may be a problem for many potential users.