[janfromdaito]

I was feeling the pain of 2FA and 2FA SMS for too long as well and thus build a product, Daito (https://www.daito.io), around the concept of shared 2FA as a service for companies and teams.

In addition to TOTP 2FA (our main service), we also started to offer 2FA via SMS via _physical SIM cards_ hosted in a data center in Germany (we are a German company) as every other solution we tried (Twilio + seemingly 50+ other, non-physical SIM card-based, options by now) was simply not working reliable.

We have been talking to Twilio et al and a lot of telcos, carriers, ISP, providers and seemingly everyone in between: there simply is no easy and reliable solution to this. :(

In our tests the best reliability we could reach for national and international senders&receivers on VOIP-based numbers was only every around 80%. We are still looking for other options, and specially non-VOIP options that are actually affordable, but so far we can only offer a German number (+49). This number however, is way, way more reliable than anything we have seen from others.

We currently support forwarding SMS to an email address, and webhooks for incoming notifications are in the works.

[rsync]

Anytime I think about these issues and this model I always wonder:

Can you get a cellular connection over a wire?

That is, instead of having 500 little radios connecting to one or two nearby towers, can you negotiate a direct connection to the tower and use the entire cellular stack except for the PHY ?

[janfromdaito]

This is pretty much what we have been asking every supplier (telcos etc) over the past 2 years. The answer is always no. And if it is a "Maybe, I think so" it turns into a "no" weeks or months later when have finished digging through the corporate hierarchy.

The only solution that seems to work is old school SIM card hosting in a SIM bank. In some narrow cases, e.g. sender is in the country and receiver is in the same country, you might have pretty good (95%+) reliability of receiving critical SMS (A2P traffic), but still far away from what you'd call reliable.

[rsync]

Interesting…

I’ll bet it’s possible, just not organizationally possible…

I’ll bet there are $80k Agilent / R&S rigs that can wire to a tower and do the entire cellular stack except for the PHY…

Would love to see pictures of such a connection in practice.

[__d]

There exists FOSS that could do this too (start with "osmocombb").

But the real problem here isn't technical, it's a business/legal issue: the carriers and their regulators are trying to minimize (or at least, reduce) the ability for bad actors to operate large numbers of "cell phones" at minimal cost/complexity.

So everything that could be done (technically) to make this work is, in practice, prevented by those business/legal considerations.

[Grimburger]

> osmocombb

Open source stacks are already or basically on the verge of being obsolete in most of the world's telco networks if you want to actually use them. They are incredibly cool and a huge undertaking but no one is saying they are practical for actual usage, and that's ignoring the clear illegality of broadcasting with such firmware.

Osmocom and others like FreeCalypso only work on very old devices with TI Calypso chipsets.

[__d]

But in this context, I think the supported devices don't matter: the idea is to interface with one-or-more telcos directly at a higher level of the 3GPP stack?

[numpad0]

You won't need the air interface - hypothetically just an appropriately rooted femtocell, carrier HSS/HLR/MME that can authn/authz you, and Asterisk server that is secure. Or a flooded Nokia Flexi on a rack shelf, I mean, they look cool, don't they...