They're using the number as an identifier for the person behind it. Telesign is integrated into fraud and risk management systems. The clients aren't asking "should we market to this phone number?", they're asking "should we accept the credit card of this e-commerce customer with this billing phone number?". If you have a bad rating, you won't be able to do business with some companies you might want to, like having a bad credit score except nobody has to pull your credit.
To put the shoe on the other foot, if you wanted to create a startup that offered anonymizing VPNs to privacy-conscious techies, and offer a free trial, you'd have a spam/scam problem. That site would be very attractive to a large number of people wanting to do illegal things with it. You could filter a lot of them out by requiring a phone number on signup, verifying ownership of that number, and rejecting registration from any with a low reputation score. People using burner VOIP numbers or the same number to make accounts reported as fraudulent at other businesses would have a low score.
You probably don't want to have a bad reputation if you care about signing up for things online. Like they said, Telesign has a huge number of clients. Lots of other fraud detection systems, like MaxMind's which are recommended occasionally on HN, are built on top of Telesign's APIs as well.
Most burner numbers are for legitimate purposes. It is probably only way to avoid spam. Or other way: I did not gave my phone number to most of my paying customers, why should I give it to some random website?
If you wanted to offer anonymizing VPNs to privacy-conscious techies, and first wanted to verify their identity, isn't that contradicting your own business model?
Sigh. When are we going to stop trying to use things that are not meant to be identifiers (ip addresses, phone numbers, email addresses, SSNs) as identifiers?
Ok. So you have me on one thing: it wasn't originally intended to be used as a personal identifier. You learn something new every day.
But then according to your very own link, it has universally been used and repurposed for this exact thing for the last 45 years, without issues, and with duplicate SSNs no longer being a problem.
I'd say that sounds like a very proven form of identification. So what problem do you (OP / ams6110) have with people using it as such?
> So what problem do you (OP / ams6110) have with people using it as such?
A SSN is the "secret" bit to a small amount of otherwise-public info (name, address, some other bits) to getting a loan or credit card or other credit-related actions in my name.
I went to a small two-year school that used SSNs as their personal identifier numbers. Someone broke in and stole student records. Now the school's poor identity choices has put thousands of students' financial identities at risk.
One problem with using an SSN as a identifier is that the number exists for the administration of the Social Security system, so only people who pay into or will receive money from the system are eligible for a number.
Not everyone in the US is eligible for an SSN (e.g., some non-residents living in the US). When I first came to the US as a student, I had difficulty doing things like signing up for a credit card or a cellphone for this reason.
There are other numbers that systems sometimes but do not consistently accept, for instance an ITIN, which is the tax ID number the IRS will issue you if you aren't eligible for a SSN.
The entire point of my phone number, or my email address, is to identify me. Email doesn't get sent "to whoever is interested", it gets sent to designated people. How are those not meant to be identifiers?
They are intended to be delivery points for messages, not identifiers for non-messaging uses. The fact that the two functions are similar does not mean they are identical. Treating them as if they are identical just creates all kinds of (often unexpected) failure modes where the two functions don't overlap.
On Wikipedia, we tend to not use indefinite IP blocks (there are some, but not many).
For business and organisation IPs, if we get vandalism from that IP, we'll stick it on a long-term block (usually a year) and renew that block if there's recurring vandalism when the block expires.
That doesn't affect the fact that the email address exists to identify the person. You'd need to say "people often share email addresses in common", which they don't.
we have a shared email address between us that the kids use, and I use to sign up for some stuff.
My parents have 3 emails addresses between themselves, and use them pretty much interchangeably.
I worked at a distance education provider for a couple of years, and we commonly had entire families using the same email address.
It turns out that when you sign up with an ISP, they give you a single email address by default, and you can - if you wish to, and know how, add more of your own.
I've found it very difficult to convince some people that my wife and I have separate email accounts -- sufficiently so that I set up a shared alias that forwards to both of us so I can give it to those people. I know plenty of couples who share an email account.
This is an interesting concept. I had talked to Telesign about including their initial PhoneID offering into the CRM product I was working on. At the time it was simply a reverse lookup with a bit of metadata, such as wireless or landline, etc.
As a consumer though, the risk score makes me a bit weary. These mechanisms are notoriously opaque and when they misfire, they do so spectacularly. I would hate to have the type of the phone number I use be tied to my credit worthiness or something...
I've had a few issues lately with my Bank Simple card being flagged as a prepaid card because of companies using "old" databases (as far as I can tell).
My account at Western Union was literally banned. I spent 2 hours on the phone with the American Express fraud department after linking my Simple debit card and getting flagged.
This sort of reputation system usually works 98%+ of the time, but when you get a false positive, there is literally no recourse.
I hope they are forced to provide profile information and "correction" services to consumers in the same way credit reporting agencies have to.
There's some text missing:
"Its immediately verifiable"... AND "normally linked to your real life name, full address, age, and social security number".
That's the scary part.
Not even mentioning that the phone number reputation score won't really just be a phone number score. it's going your human score - just like your CC Credit score but worse. Scary much? Welcome to the future. Just as bad as predicted.
The data's not scary, what's scary is how people use it. Credit scores are designed to quantify the risk of loaning someone money. If you use them for anything else (like screening job applicants), you're going to get bad results.
At that point, you might as well go back to measuring the distance between facial features.
Well data is data its never going to be scary. Even a picture of chucky is just a bunch of bytes :P
We'll more facial recognition scariness soon enough. Right now its mostly just used for security cameras all around big cities, drones and in some databases at facebook and google.
This is already almost the case (albeit qualitative)
Try to register an account with some websites using a Twilio number, and it will get blocked / stopped. Try the same with a Google Voice / Skype number and you might be OK. You'll also see challenges with land lines vs mobile numbers.
What I have seen is some airlines unable to text my GV number, because they are working with an SMS provider that is only integrated with the major US wireless carriers and cannot send outside of those (Verizon, ATT, Sprint, T-Mobile).
At first I thought this meant they would use the phone number as a proxy to your personal reputation, which was very troubling, but then I realized that's not the case. They are merely trying to predict whether a phone number is real or fake (fraud detection).
It doesn't sound like an end-run around around anonymity, but more like the way retail stores crunch data to predict personal purchase patterns.
Criminals can spoof the callerid and use your number whenever they want. It's easy to do and happens very often in the UK. Your rating is going to be "scammer" quite quickly if you're unlucky.
It's not a kind of captcha, it's an "account discrimination" system. Everybody who cares about the privacy is affected, not only the criminals, and the text shows why: use the throwaway phone, get rejected at the site.
My point was only criminals would use throwaway phones to register accounts. The only time I've ever used a throwaway was when I left my real phone in a cab.
Your point that "only criminals would use throwaway phones to register accounts" is completely wrong (I'm surprised you haven't even used "terrorists" witch such a line of reasoning). There's no site that I want to give my phone to, and I'm certainly not involved in any illegal activities. Ever heard for privacy in the digital age? Anything you won't protect will be sold and replicated in as many databases as possible.
If some site like Google would insist on the phone number, I'd buy a SIM card only for that purpose.
But now there is a push to even not accept such "for one purpose" phone uses. Bad, awful for privacy.
thought this was particularly interesting especially when thinking about how Android 4.4 / Google is now attempting to display unknown caller id by using data collected from companies like these
Nothing new afaik. I thought telephone numbers have been used all the time as one part of assessing reputation. As well as when you order cabs or pizza (or what ever), if 100% of hundreds of the calls you have made this far have been pranks, I'm quite sure they won't send more pizza or cabs. Or if you're making 10th bomb threat today, and you'll keep doing that on daily basis as local village idiot.
Same applies to telephone marketing companies, I haven't ever bought anything, and they're not trying to sell me anything anymore.
I would warrant a guess that they're doing a number of signalling queries against a number: checking for call-forwarding, asking what the location of that number is versus a proposed location from a customer and then based on a number of these factors, producing a score. How they recon they can profile a number without associated history of a number, I don't know.
If you know SS7 signalling and MAP queries, you can probably guess how to do this.
If you receive a customer service call from a number with a higher klout score, you could send them to a 'VIP' agent that's been authorized to give them better deals or whatever. If you give better support to a few users who have a lot of twitter followers then that person is a lot more likely to tweet about a good experience and help the companies reputation. Otherwise if they have a bad experience they have enough followers that if they tweet about a bad experience, there's obvious harm there.
It's the same reason someone will have a bad experience and e-mail a company but get ignored. Once The Consumerist runs an article about it though, it gets fixed.
I very much do not like Klout because it essentially assumes that you are a active social media user. There is a large percentage of people that I deal with daily on a professional basis that do not use social media whatsoever.
There should not be a penalty for not using social media.
Go the other way then -- come up with a service that protects people from ending up in these guys' database. Like a bugmenot for phone number validations.
I want my reputation to be "Never answers unrecognized numbers and never buys anything over the phone ever, so don't even try".
Give me the most deadbeat phone number rating, please.