Comment on SIM binding in India: What it means for WhatsApp, Telegram users and why the government wants it
CameronDev@programming.dev 18 hours ago
Charitable explanation: by allowing people to use WhatsApp/signal etc without holding onto the sim card, it opens them up to risk that someone else gains control of the phone number, and can then take over that account.
But that doesnt really require that the number stays in the same phone, just under the same persons control. Periodic SMS code check-in would be sufficient.
sonofearth@lemmy.world 17 hours ago
If a phone gets stolen, you can easily file a complaint, get that sim deactivated and a replacement within an hour. Put it in another phone and logout of any accounts from the stolen phone. If the stolen phone has a lock, then it is pretty difficult for a random thief to extract the data from the phone.
Source: My phone was stolen in 2014 and had my brother’s phone number in it who was in another country. My parents lodged a complaint the next day, deactivated the sim and got a replacement in 3 hours. My phone didn’t have a lock but thankfully I did not have any sensitive data on it and I reset my google account password ASAP after I lost it and logged out of all devices. I still use all the important accounts that were on that phone till this date.
CameronDev@programming.dev 17 hours ago
I’m more thinking along the lines of getting a cheap sim, signing up for signal and them letting the plan lapse and the number is released for use again. And then someone buys a new plan, but gets the recycled number. Not sure how realistic that is as a risk vector though.
sonofearth@lemmy.world 12 hours ago
But I don’t think it would make any difference. What would actually secure the account is the internal account password which both Signal and Whatsapp already have.
CameronDev@programming.dev 11 hours ago
If you hold the number it can’t get recycled into distribution. Signal does fall back to MFA codes over SMS from memory (I’ve recovered the signal account for my grandma, as I own the number), so anyone who controls the number controls the account.