[DaiPlusPlus]

This.

A service I built+run started getting overrun with bot users. The signup CAPTCHA didn’t help because they’d sign-up for accounts using humans - then after that’s done they’d copy their access tokens to the bot users. We couldn’t use a CAPTCHA for every operation on the platform.

But by requiring a real phone number that we verify (by placing a TTS phone call - not an SMS - as processing received TTS calls is much harder for the bot makers to automate) - but also looking-up the phone number’s SS7 info to prevent people from using Skype, Google Voice, and Twilio users - all commonly used by bot operators.

(Legitimate users that want an account but can’t make it past our bot screen can still contact us directly to be set-up - and to-date no-one has done this or complained about the (admittantly user-hostile) verification process.

[AlchemistCamp]

I don't know what your service is but I simply wouldn't be able to use it as my only phone number is Google Voice.

It's highly likely that prospective users just leave when encountering your restrictions and having their phone numbers rejected.

[DaiPlusPlus]

It’s a B2B service (“B2SB”?) - not targeting people/consumers - so it’s reasonable to assume they have a real phone number.

[JumpCrisscross]

> it’s reasonable to assume they have a real phone number

Just an anecdote, but I rarely give out my non-Google Voice number on sign-up forms. I don’t want my mobile in a database to be spammed.

If a phone number is required on sign-up, and my Google Voice doesn’t work, I usually pass. Whether for personal or commercial use.

[AlchemistCamp]

I run a business. Why is it reasonable to assume the use of legacy phone numbers?

[DaiPlusPlus]

We target a particular subset of retail-customer businesses which all generally have a phone-number.

[driverdan]

It's not reasonable. Voice is the only phone number I use and I use B2B services. If you prevented me from signing up I'd go to a competitor.

[erik_seaberg]

Which mobile carriers do you support, if not Google Fi (which is mine)? Or only landlines (which barely exist at my day job)?

[theelous3]

My last position was for a b2b voip telephony replacement type of deal. It would be trivial to load up on real geographic numbers from anywhere in the world and automate it all for bots.

[sheepdestroyer]

I despise services that require to have a real phone number. Being locked out of something when you travel, have no reception, lost your phone or got it stollen is just a pain. Bonus hate points for banks that implement a sms code check for online payments with your visa/mastercard (common in France at least). I changed bank for one that provided me with a device generating one time codes from my CB

[DaiPlusPlus]

It’s only used for sign-up/registration in my case.

[NikolaeVarius]

Goddamn Paypal MFA

[bosswipe]

> but also looking-up the phone number’s SS7 info

Does that really work? I'd like a service like that for my personal phone.

[Atlas]

Truecaller is the easiest way to access this data for consumers. https://www.truecaller.com/. The two commercial data providers for this are Telesign and Neustar.

[Atlas]

Also https://www.opencnam.com/