[lucideer]

The rationalisation here is mindblowing.

By the same logic, no company should ever be held responsible for harm to users of their products caused by product defects: after all, they never made any claims regarding their products being safe to use.

[Spivak]

I mean I think the ship has pretty much sailed on this one but I think they've got a case when companies just started using "can receive a text at a given number" as a security verification which suddenly made it the telco's problem to make sure such a thing was secure when before it was a more informal system.

[phicoh]

Normal defects are 'easy': you have a contract to obtain a product or service with certain features. If the product or service doesn't have those feature, it is defect and failure of the providing party to comply with the contract.

Of course, no phone contract says anything about securing SIMs (for the purpose of authentication). So it cannot be a defect.

Safe to use is often in relation to bodily harm, which doesn't apply in this case. Outside any specific law, if you use an unencrypted text messaging service between subscribers for authetication purposes, then you are on your own.

In this case, the actual harm is caused by the companies that decided to use text messaging for authentication purpose without verifying that the underlying service is fit for porpose (or having a contract with telcos that explicitly lists this purpose).

Of course, nobody is going after twitter to recover damanges from them.