I was referring specifically to Twitter -- it's been a while since I checked, but doesn't Twitter require an email address for every account on signup?
If you're offering a service that doesn't rely on email, I do see a gray area there for using SMS as a fallback; but most services I use don't fall into that category. I've even seen banks go down this direction -- banks that both require me to have an email to make an online account, and that are only operating within the US.
Lyft in particular weirds me out, because (third-party services excluded) Lyft only works via an app and a web interface. And yet there's no option to sign into the Lyft website using anything other than SMS. I'm required to use an insecure SMS login even though I literally can't request a Lyft ride without an Internet connected device.
I understand having options for developing nations, I don't understand using those options as a default, or even going so far as requiring users to leave them open.
> I was referring specifically to Twitter -- it's been a while since I checked, but doesn't Twitter require an email address for every account on signup?
I see, I misunderstood. it does not require an email address on signup, they’ve been pushing more and more aggressively to force new accounts to have numbers tied to them in fact[1]. https://mobile.twitter.com/i/flow/signup in a private browser tab in fact defaults to phone number and the email flow is deprioritised.
I agree that it should never be required, much less the only factor. Nothing good can come of it but these companies get to lean on Trust and Safety as an excuse to collate this information for nonconsensual purposes.
Oof. That's disappointing to hear, but I appreciate the heads up.
My more cynical side agrees with you that the shift is probably mostly explained by data collection and user monitoring. I would like to give Twitter's security team the benefit of the doubt, or say that they're expanding into different markets and it's an accessibility thing, but... I dunno. I'm not sure I actually believe that.
If you're offering a service that doesn't rely on email, I do see a gray area there for using SMS as a fallback; but most services I use don't fall into that category. I've even seen banks go down this direction -- banks that both require me to have an email to make an online account, and that are only operating within the US.
Lyft in particular weirds me out, because (third-party services excluded) Lyft only works via an app and a web interface. And yet there's no option to sign into the Lyft website using anything other than SMS. I'm required to use an insecure SMS login even though I literally can't request a Lyft ride without an Internet connected device.
I understand having options for developing nations, I don't understand using those options as a default, or even going so far as requiring users to leave them open.