[HN Gopher] Cophone - Mobile work phones running in the cloud
___________________________________________________________________
Cophone - Mobile work phones running in the cloud
Author : t1tech
Score : 144 points
Date : 2023-07-28 12:59 UTC (10 hours ago)
(HTM) web link (cophone.io)
(TXT) w3m dump (cophone.io)
| contingencies wrote:
| Nice project.
|
| Commercially, I would suggest that you white label this at a
| heavily discounted wholesale rate to VOIP providers. They have
| existing channels and user base that should allow you to scale
| without huge marketing investment, and once one or two of them
| bring your service onboard the rest should buy in. Alternatively,
| just sell it out to a larger player and move on.
| t1tech wrote:
| Thank you!
|
| That's great input! This is all very fresh so I'm still
| building connections. I have to admit Voip providers were not
| on my list but it totally makes sense.
| contingencies wrote:
| More broadly you could look at global serviced office
| providers, people like https://www.servcorp.com/en/about-us/
| or even https://www.wework.com/
| SkyPuncher wrote:
| This is an amazing concept!
|
| Right now, I carry around two cell phones - work and personal. My
| use case for my work device is surprisingly limited. I basically
| need it for notifications and 2FA. For anything serious, I switch
| to my laptop. However, I _really_ need that work phone.
|
| BYOD/Shared devices is a thing at many companies, but that comes
| with it's own host of issues. Most notably, I don't want a
| corporate MDM on my personal phone. I also want to be able to let
| my family use my personal phone without worrying about breaking.
|
| This virtual device, effectively lets me carry a single device
| while having nice, clear boundaries. As long as notifications
| come through well, this could effectively replace my need to
| carry a work phone.
| rsync wrote:
| Leave the work phone plugged in at office and forward messages
| to an email inbox (or personal phone SMS) using the
| SMSForwarder app.
| SkyPuncher wrote:
| Can't do that. Breaks privacy barriers.
| t1tech wrote:
| Thank you for the feedback!
|
| Indeed, this is something that I have learned from the comments
| here: that cophone needs to forward the notifications from the
| virtual smartphone to the physical one(s). Will put it on high
| priority!
| paxys wrote:
| Having a VM doing 2FA that you access from your browser defeats
| the point of 2FA. You carry around a device in your pocket
| because that's the only way to secure the data inside it.
| SkyPuncher wrote:
| That seems like a pretty minor issue to fix once you have
| virtual phones running.
|
| I personally wouldn't want this to be browser only. I would
| enjoy it being device bound with a key.
| fcoury wrote:
| I subscribed but when I try to login I am getting this error:
|
| > Something went wrong. If you forgot your password, you can
| reset it.
|
| When I try to reset it I get a link and the link leads to an
| empty page.
|
| Any idea what can be the issue?
| t1tech wrote:
| Sorry for that, I'm checking it.
| fcoury wrote:
| The password reset page has some JS errors:
|
| 2.0b62168b.chunk.js:1 Uncaught SyntaxError: Unexpected token
| '<' main.b556c503.chunk.js:1 Uncaught SyntaxError: Unexpected
| token '<' manifest.json:1 Manifest: Line: 1, column: 1,
| Syntax error.
|
| Thank you!
| jarebear6expepj wrote:
| I have encountered a lot of problems trying to rely on virtual
| numbers from various VOIP providers. Very curious how that plays
| in to your stack. I know for instance a lot of Twilio is default
| blacklisted, but larger ORGS/ISP's who run essentially the same
| virtual VOIP (such as Comcast) but at different scale have no
| problems.
|
| Why is there a difference?
|
| Who is determining bad VOIP from good VOIP?
|
| Are there steps you can, or are, taking to work on having your
| numbers legitimized?
|
| Where are you sourcing your numbers?
|
| I'll take my questions off the air :). Thanks!
| rsync wrote:
| I don't think it is correct to say that twilio numbers are
| blacklisted - rather, they simply test/lookup as _not_ true
| mobile numbers.
|
| Which they aren't.
|
| Your bank then decides not to send codes to non mobile numbers
| but it's not because it is a twilio number per se...
| t1tech wrote:
| > Why is there a difference? Who is determining bad VOIP from
| good VOIP?
|
| I don't know :(
|
| > Are there steps you can, or are, taking to work on having
| your numbers legitimized?
|
| Sourcing the phone numbers from a company with a reputation to
| defend - Twilio - is the main method.
|
| > Where are you sourcing your numbers?
|
| Twilio
| xnx wrote:
| I love this as a way to circumvent per-device two-factor
| authentication that is increasingly being required to prevent
| login sharing.
| oaththrowaway wrote:
| This is something I could have used a few times over the last few
| years. Looks very cool, unfortunately I don't have a need for it
| at the moment!
| tjoff wrote:
| This seems great, and I've always wanted something like this
| (though for me, the cloud is a dealbreaker). A bit too expensive
| for my uses, I think the corporate use-case makes much more sense
| so good for targeting that!
|
| I'd prefer to have a virtual machine on the phone where I could
| isolate apps etc. Would be nice with a second phone number tied
| to that virtual machine, maybe a sip one could work.
|
| But since that doesn't seem to materialize I'm playing with the
| idea to have an old phone at home and remote into it using
| VPN+VNC or something from my real phone. Would work in theory but
| last I experimented with it the experience was pretty bad.
| jollyllama wrote:
| This is pretty cool. I could just carry a laptop around and pull
| up my "phone app" when I need to, and forego the need to carry
| around a phone.
| t1tech wrote:
| You can use your personal phone to access it, BYOD style but
| completely separated from your personal data.
| t1tech wrote:
| Hi HN,
|
| My name is Tudor and I am the maker of cophone. With cophone you
| can have your private virtual smartphone running in the cloud,
| complete with a phone number so you can use it just as you use
| your physical smartphone. And it works from your browser!
| Although cophone mainly targets companies, private individuals
| are welcome! At the moment only US phone numbers (+1...) are
| available, but more country codes are coming soon. Also having
| multiple numbers is in the pipeline!
|
| Signal app works - just choose "Call" instead of "Text" when
| verifying your number. You CAN receive text messages, but some
| apps that require you to receive one in order to register might
| still NOT work (i.e. Whatsapp). That's because they might not
| recognize cophone numbers as mobile numbers so you'll never
| receive the challenge message. Main desktop browsers are
| supported. Chrome on Android also works but on IPhone there're
| still some issues, esp on older iOS versions. I'm working on it!
|
| Cophone is marked as beta because I haven't tested it at scale
| and there are still some rough edges.
|
| I am exploring having a freeware version with a common, shared
| phone number and an extension for each user. So you'd dial
| +123456789 followed by #098765 to get connected via PSTN with a
| cophone user - let me know what you think of this.
|
| I'd love to get your feedback! Don't hold back if you have a
| feature request or something doesn't work as expected for you!
|
| If you'd like a deluxe tour please reach out (tudor at cophone
| dot io) and I'll be happy to show you around!
| wkat4242 wrote:
| How does it work with notifications? Is it possible to get a
| notification on the user's phone when one of the apps in the
| virtual phone pushes a notification?
| t1tech wrote:
| Not yet! For that you would need to install an app that would
| basically relay the notifications from the virtual smartphone
| to your smartphone.
| A4ET8a8uTh0 wrote:
| I want to offer some words of encouragement since I did not
| have a chance to play with it ( mildly busy Friday ). Still, I
| think it is a genuinely interesting project and I can see
| myself using it. I will check it out after the day is done. GL.
| I really think you got something here.
| ec109685 wrote:
| Doesn't seem like running Signal on a phone hosted in someone
| else's data center is the smartest thing to do.
| [deleted]
| alienthrowaway wrote:
| It's pretty smart if you're a spammer / phisher. Legitimate
| use-cases for this setup seem to be few and far between. I
| wonder how it handles (or skirts) the STIR/SHAKEN
| requirements in the US.
| politelemon wrote:
| Very interesting concept. I'm not a decision maker at my
| workplace but it's something I'd definitely mention in
| conversations. I really like the idea of not having to carry a
| work phone.
| yoshamano wrote:
| So it's an Android VM that can be accessed from a browser for
| $15/month. For an extra $10/month you can attach a phone number
| to it that has free incoming calls and SMS along with pay-per
| minute outgoing calls and pay-per message SMS.
|
| I see App Lounge in the screenshot so I assume the VM's are
| running /e/. Have you tried installing any of the MDM's out
| there like AirWatch or InTune?
|
| As a thought exercise, how about some light abuse. What would
| happen if I rammed a couple TB of BitTorrent data through that
| VM. Maybe used it as seedbox. Or maybe a proxy so I can access
| a streaming service.
|
| It feels like you're really trying to sell the phone part, and
| that the Android VM is a means to an end. However, this is just
| a random phone number that I suspect isn't portable. So if I
| stop using your service I can't take the number with me. So why
| wouldn't I get a Skype number for $6.50/month, Skype to Phone
| for $3.50/month, and then use the web.skype.com page to make
| all the phone calls I want. Or you can do what I do and use
| jmp.chat for phone calls and SMS and have it all routed to the
| XMPP client of your choice (as long as that client supports all
| the needed features).
| Obscurity4340 wrote:
| How does it compare to something like MySudo or SilentPhone?
| t1tech wrote:
| Cophone is a complete smartphone - but virtual. You can
| install any app in the App Store as well as place and receive
| calls and text messages, just like you are today with your
| physical smartphone. MySudo and SilentPhone offer a limited
| set of their own apps that you can use. Cophone does not have
| this limitation, you can install and use whatever app is
| available in the store.
| throwawayadvsec wrote:
| You do realize that a lot of apps are blocked on emulators?
| Do you manage to bypass those limitations?
| t1tech wrote:
| Yes, this is an issue that I can only partially bypass at
| the moment.
| janfromdaito wrote:
| Any plans to offer other country codes than +1 ?
| t1tech wrote:
| Yes, this is (also) on high priority. But it depends alot on
| the country, some have very strict regulations around this.
| Which countries are you mostly interested in?
| mgkimsal wrote:
| Is it something I can use for 2fa? I jump between a lot of VPNs
| and systems, and having to use my personal phone device for 2fa
| is annoying at best, and something I'd like to avoid in future.
| I don't understand quite what "App Store" means in this
| context. I can download and install stuff from apple's App
| Store? Or something else? Thanks.
| t1tech wrote:
| Yes, you can use it for 2fa. AppStore in this context is the
| e /OS/ App Lounge: https://doc.e.foundation/app-lounge#where-
| do-the-application...
|
| From the link: "Where do the applications in the App Lounge
| come from? App Lounge can be used to install Native as well
| as Progressive Web Apps (PWAs) from a single interface. Apps
| are managed differently depending on their source.
| Applications from the Google Play Store are fetched using the
| Google Play API. Progressive Web Apps (PWAs) and Open Source
| Apps from F-Droid are fetched using the CleanAPK API (more
| info on the CleanAPK is covered below). App lounge allows you
| to filter apps by Open Source, PWAs, or just show all apps."
| JimDabell wrote:
| > Yes, you can use it for 2fa.
|
| You say elsewhere you provide virtual phone numbers. If
| this is the case, you cannot use it for SMS-based 2FA
| reliably. Sometimes you will receive codes, but most of
| them won't be delivered.
| t1tech wrote:
| This is, unfortunately, true. Some codes will NOT be
| delivered to your cophone.
| stikit wrote:
| How are you planning on dealing with licensing for the iOS
| version you are working on?
| amelius wrote:
| And can it be used to run iOS apps inside a browser inside an
| Android phone?
| t1tech wrote:
| Cophones are running an Android version from e/OS/
|
| You can access the virtual smartphone from a browser
| running in a physical smartphone. Unfortunately not all
| smartphones/browsers support it.
| t1tech wrote:
| Sorry for the misunderstanding. Cophones run e/OS/, which is
| an Android based OS.
| JediPig wrote:
| some of us are trying to get rid of the smart phone ;). I want
| a flip phone but 2FA is a problem with flip phones. I recently
| started to use 1password paid just 2FA.
|
| on a serious note, this is unfortunately what scammers like to
| use, it would be prudent to lock it down before scammers put
| you in the middle of a legal cases. I have a long story, I tell
| people about scammmers, but in the case, please be careful.
| Grandma is getting conned by these telephone virtual numbers.
| CryptoBanker wrote:
| Agreed. This type of service is ripe for committing fraud.
| I'd be very very careful about the customers you serve
| t1tech wrote:
| Do you happen to know more about how the companies that
| only offer the phone numbers prevent fraud?
| lopkeny12ko wrote:
| I don't understand? If you need a computer and browser to access
| your "virtual smartphone," what's the point?
|
| This looks like a classic solution in search of a problem.
| t1tech wrote:
| Think BYOD, but without mixing personal and business data. So
| you can just open a browser on your personal mobile phone and
| access your work phone. Then, when you're in front of your
| (work) laptop, you just open a browser tab to access the same
| cophone instance.
| cj wrote:
| (iPhone user here) isn't there the concept of a "work
| profile" on Android phones to help segment work vs. personal?
| julianeon wrote:
| Because you're a business and you don't want to use your
| personal phone, or get a whole new plan for a phone you have to
| lug around that gets very sporadic use.
|
| That's not a made up use case; I think there are a lot of
| businesses that fit that description.
| SkyPuncher wrote:
| I would absolutely use this.
|
| I have a work and personal phone. For many reasons, it's very
| difficult to merge everything onto a single device. Further, I
| really don't need to do much "phone" stuff with my work phone.
| It's mostly a glorified pager, 2FA, and occasional Slack/Email.
| Anything serious gets a sit-down on my computer.
|
| This would effectively let me carry a full-isolated, properly
| segmented work phone without having to carry two devices.
| lopkeny12ko wrote:
| So you effectively want to merge your work applications onto
| your personal phone?
|
| If your employer mandated use of a dedicated work phone in
| the first place, why on earth would they allow you to use
| this product to do that?
| SkyPuncher wrote:
| No, I want the isolation.
|
| That's the thing about this. It creates very clear and
| strong boundaries which are easily enforceable.
|
| It lets me have a work phone on my personal phone without
| giving my employer any meaningful access to my personal
| phone.
| nikau wrote:
| Seems like its an android emulator attached to a real phone
| number.
|
| One use could be to run something like whatsapp to have a
| virtual US presence if in another country, or maybe have a
| business number separate from your personal number and use
| whatsapp web interface to read/send messages.
| RyanShook wrote:
| Main question I have is who is the target audience? If you're
| making this for work teams then it seems an app would be
| necessary. If you're making this as a burner line it seems
| there are cheaper options.
| t1tech wrote:
| I am exploring having an app, I think that makes more sense
| for everybody.
| [deleted]
| barbazoo wrote:
| I get the appeal of a virtual SIM but I don't get the smartphone
| part. I'm curious, when would I need a service like that?
| kytazo wrote:
| You might want to reach for some application which serves some
| unique functionality without having to leave your keyboard and
| grabbing your phone.
|
| Probably there are also people who'd like to get rid of their
| smartphone entirely so this pose as a solution to the ever
| growing dependency on such devices, be it exclusive bank or
| other apps, some forms of verification and others.
|
| Admittedly I didn't look into it much but I assume we're
| talking about physical devices, which likely holds true by the
| cost of the subscription as well as the considerable challenge
| of misrepresenting a virtual device for a real one, in which
| case the service looses any actual appeal.
| t1tech wrote:
| Some enterprises provide their employees with a physical
| smartphone. So they end up carrying 2 devices with them (1
| personal, 1 business). Cophone is a complete replacement for
| the second one.
| ec109685 wrote:
| What corporation is going to be okay with having their
| private data stored in someone else's cloud outside of their
| control?
| toyg wrote:
| All the ones using AWS.
| ec109685 wrote:
| AWS if you are doing it right, makes it quite for any
| individual at AWS to hack into your data.
|
| All bets off with Cophone.
| toyg wrote:
| I might be jaded but I assume the percentage of people
| "doing it right", among AWS customers, is in the single
| digit.
|
| Most companies don't care about anything but price. The
| rest is largely theatre, particularly outside the
| tightly-regulated sectors like healthcare and banking.
| count wrote:
| Lol, almost all of them. Email, DNS, file shares. Nearly
| every company today is using the cloud for some component
| of that...
|
| Even the US DOD is using the cloud for email storage.
| ec109685 wrote:
| True, I guess what company is going to be cool with their
| employee's phones being managed by another company, with
| full access to their data.
| j45 wrote:
| Also, The fortune 100 and 500 seem more and more content to
| use Azure and a mix of their existing infrastructure.
|
| It's not unreasonable to see a solution like this evolve
| into an on-premise hosted solution.
|
| The cloud definitely is someone else's computer.
| butz wrote:
| So they are using virtual phone on their personal phone?
| t1tech wrote:
| They could, but they could also access it from they work
| laptop/desktop. Only a browser is needed.
| [deleted]
| nerdbert wrote:
| How is a laptop a substitute for a work phone? The whole
| reason for work phones is that people carry them
| everywhere. I am confused by this entire concept, I
| guess. I mean, I understand what it does; I simply don't
| understand why.
| t1tech wrote:
| You don't need to carry a work phone anymore because you
| can access it on your personal phone, in a browser. Think
| BYOD, but without mixing the personal data with the
| business one. And when you're at work, you can access it
| on your (work) laptop, again by simply opening a browser.
| lopkeny12ko wrote:
| Ok...so what problem does this actually solve? I use my work
| phone so I can receive work emails, messages, and calls while
| on the go, away from the company laptop. There are also
| mobile apps for work tools like task trackers and source
| control.
|
| If I need the company laptop to access my virtual smartphone,
| then what's the point? At that point I might as well just use
| the laptop to do what I need to do. Which defeats the
| purpose, because _it 's not mobile_.
| t1tech wrote:
| You won't need to carry your work phone anymore, you can
| just access it in a browser on your personal phone or on
| your work laptop without any data being shared between
| them.
|
| Also you cannot lose your work phone as you would with a
| physical one. Which might be interesting for your employer
| if you handle sensitive data.
|
| The longer term plan is to also provide an app that you
| could install and therefore achieve the same mobility. This
| would be the only work app you would have to install on
| your personal mobile phone in order to access your work
| phone. This is still in brainstorming phase.
| lopkeny12ko wrote:
| This makes no sense. My employer provisions me an work
| phone so that they manage it end-to-end with MDM, and
| ensure that it stays physically separate from non-
| corporate assets. If this product just lets me use my
| work phone on my personal phone, then it completely
| defeats the purpose, and my employer might as well just
| allow use of work communications on personal devices.
| mappu wrote:
| The work phone VM here would still be MDM managed, have
| policies enforced, support remote lock/wipe, etc.
|
| It's a really elegant solution IMO.
| ajot wrote:
| Very nice, I like it. As a total ignorant on this space:
|
| a) how is this different from Canonical's Anbox in the cloud
| offering?
|
| b) could I use this to run banking apps that won't run in my
| phone (mainly due to the unlocked bootloader)?
| t1tech wrote:
| a) AFAIK Canonical's Anbox does NOT give you a phone number.
| Also afaik, they don't provide a _recent_ Android version, so
| you 're stuck with a really old version.
|
| b) This is a really good point! I don't know atm, I'll have to
| look into it.
| ajot wrote:
| Thank you for your answers! I'll keep your company in mind,
| hope everything goes great!
| phh wrote:
| Yet another innovation thing that Web Environment Integrity (and
| SafetyNet) (will) hinder.
| paxys wrote:
| Looks neat, but I'm curious what the actual use case of something
| like this is.
|
| What can you do on a phone emulator running on some server and
| accessed from your browser that you can't just...do directly on
| the browser?
| [deleted]
| danpalmer wrote:
| At my previous company we regularly had need for shared numbers
| that callers would not know were shared[^1]. We tried using
| Twilio/etc for this, and it sometimes worked, but we ran into
| issues in some cases where the systems we were using the phones
| with banned the use of virtual numbers. I don't know how these
| systems determine that numbers are virtual, but doing so appears
| trivial and mostly correct with US/UK numbers.
|
| So, question for Cophone, do these phones have a "real" number,
| or a virtual number? And, perhaps a follow-up, are these VMs with
| a virtual network stack, or are they physical devices with a real
| physical SIM/eSIM/modem with screen sharing?
|
| [^1]: This sounds nefarious, but we essentially partnered with a
| lot of retailers, and needed to interact with their customer
| service and operations departments who were a long way
| organisationally from those who signed the partnership contracts,
| and with little scope for deeper integrations. The lowest
| friction option was to pretend to be a completely normal customer
| rather than explain our special case setup every time. Fun fact,
| this is why we used a gender-neutral name on the postal address,
| so that anyone from our company could call up and claim to be the
| recipient.
| t1tech wrote:
| Cophone has virtual phone numbers. This is - one of - the
| reasons why some services like WhatsApp won't even sent you a
| text message, although it is possible to receive SMSes.
| Cophones are VMs with virtual stacks.
| baby_souffle wrote:
| > Cophones are VMs with virtual stacks
|
| How can this be determined? I'd imagine that only those with
| direct access to the "which number belongs to which provider"
| database could see that a given number belongs to
| $comapniesKnownToOfferTraditionalPhysicalService versus
| $comapnyKnownToOnlyDoVOIP can know this for sure? It it just
| that some companies with this access are selling a "we'll
| look that up for you" service? Or is it simpler and i'm just
| over thinking it?
| rsync wrote:
| No, this is easy.
|
| Twilio API has a simple lookup function (call over curl) to
| see provider and type of number. Also shows subscribers
| name (usually).
|
| I have this in a shell script and look up numbers all the
| time: /usr/local/bin/curl -s -X GET "https:
| //lookups.twilio.com/v1/PhoneNumbers/$number?Type=carrier&T
| ype=caller-name" -u $accountsid:$authtoken |
| /usr/local/bin/jq '.'
| danpalmer wrote:
| Thanks for the clarification, this makes complete sense for
| what you're trying to do.
|
| It's a little sad that there isn't a good solution for this
| yet though.
| rsync wrote:
| Here's the solution:
|
| https://kozubik.com/items/2famule/
|
| (sorry about the bad SSL cert - I stopped caring after
| acme.sh blew up)
| gottorf wrote:
| > sorry about the bad SSL cert
|
| I'm curious, why not just serve plain HTTP at that point?
| It makes little difference to the viewer.
| rsync wrote:
| I think I may do that.
|
| Or buy a "real" SSL cert that I don't need to fiddle with
| every few months.
|
| I think there are some browsers that won't even connect
| to HTTP/80 without a warning ?
| gottorf wrote:
| I've used Namecheap/PositiveSSL[0] for stuff like that in
| the past; under $10/year, and never had any issues.
|
| [0]: https://www.namecheap.com/security/ssl-certificates/
| rsync wrote:
| Bottom line: so pleased that I had acme.sh sandboxed in a
| jail to generate certs... what a shitshow that ended up
| being...
| danpalmer wrote:
| This solves 2FA codes, which was indeed part of our
| problem, but it doesn't solve incoming/outgoing calls
| that ideally needed to be on the same number as well for
| when we dealt with humans.
|
| This is probably possible to do, but probably hard to get
| right, and still requires having a device reliably
| available to receive calls, and has limited scale (what
| happens if there are multiple calls at the same time?).
| This is why it would have been great to be able to buy
| this as a service.
| JimDabell wrote:
| This is a very painful problem to have. Receiving 2FA SMS
| programmatically is surprisingly difficult because of all
| the safeguards against scammers, even if your usage is
| legitimate. As you say, normal providers like Twilio are
| blacklisted so they are unreliable at best.
|
| https://clerk.chat offers the ability to receive SMS on
| genuine non-VOIP numbers. They are ridiculously bad at
| pretty much everything - terrible communication, terrible
| customer support, terrible reliability, terrible UX, etc. -
| but they _can_ actually do this where other VOIP-based
| providers like Twilio can't. They may be your least worst
| option.
|
| Another option that's available is to set up an Android
| phone with https://ifttt.com and a genuine phone plan. Then
| get IFTTT to forward any SMS it receives to whatever
| service you need. There are open-source apps that do
| similar things as well - the sibling comment mentions a
| similar solution. It's a pain to maintain though.
|
| I'd love it if there were a better solution out there, but
| I haven't found one yet. Basically the only thing I need is
| a genuine phone number that will forward SMS on to a web
| hook.
| danpalmer wrote:
| There are lots of patchy solutions, but the issue we had
| was that we ultimately needed SMS and calls, inbound and
| outbound. 2FA only got us so far and wasn't usually the
| problem, more common was needing to call a company from
| the number on our account, or receive a callback from the
| company's support team.
|
| Our ops team had a physical phone for this, but it lived
| in a desk drawer somewhere and that didn't scale as the
| team grew and became distributed.
|
| I think what Twilio or others could do is offer non-VOIP,
| genuine, etc, numbers on the condition that the company
| and use-case is vetted and the usage is audited. A little
| like getting an EV SSL certificate, you'd give valid
| points of contact, undergo basic vetting of the company,
| perhaps even limit the count of numbers you can contact
| and require human review for increasing that quota.
|
| Maybe this would be too hard, arguably EV SSL failed
| because it wasn't strict enough. Or maybe I'm
| misunderstanding why VOIP/automated numbers are so easy
| to identify, I assumed it was because they were higher
| risk in this way and that this sort of auditing would
| circumvent the need for that, but maybe there's another
| reason.
| janfromdaito wrote:
| I was feeling the pain of 2FA and 2FA SMS for too long as
| well and thus build a product, Daito
| (https://www.daito.io), around the concept of shared 2FA
| as a service for companies and teams.
|
| In addition to TOTP 2FA (our main service), we also
| started to offer 2FA via SMS via _physical SIM cards_
| hosted in a data center in Germany (we are a German
| company) as every other solution we tried (Twilio +
| seemingly 50+ other, non-physical SIM card-based, options
| by now) was simply not working reliable.
|
| We have been talking to Twilio et al and a lot of telcos,
| carriers, ISP, providers and seemingly everyone in
| between: there simply is no easy and reliable solution to
| this. :(
|
| In our tests the best reliability we could reach for
| national and international senders&receivers on VOIP-
| based numbers was only every around 80%. We are still
| looking for other options, and specially non-VOIP options
| that are actually affordable, but so far we can only
| offer a German number (+49). This number however, is way,
| way more reliable than anything we have seen from others.
|
| We currently support forwarding SMS to an email address,
| and webhooks for incoming notifications are in the works.
| rsync wrote:
| Anytime I think about these issues and this model I
| always wonder:
|
| Can you get a cellular connection over a wire?
|
| That is, instead of having 500 little radios connecting
| to one or two nearby towers, can you negotiate a direct
| connection to the _tower_ and use the entire cellular
| stack _except for the PHY_ ?
| janfromdaito wrote:
| This is pretty much what we have been asking every
| supplier (telcos etc) over the past 2 years. The answer
| is always no. And if it is a "Maybe, I think so" it turns
| into a "no" weeks or months later when have finished
| digging through the corporate hierarchy.
|
| The only solution that seems to work is old school SIM
| card hosting in a SIM bank. In some narrow cases, e.g.
| sender is in the country and receiver is in the same
| country, you might have pretty good (95%+) reliability of
| receiving critical SMS (A2P traffic), but still far away
| from what you'd call reliable.
| rsync wrote:
| Interesting...
|
| I'll bet it's possible, just not _organizationally_
| possible...
|
| I'll bet there are $80k Agilent / R&S rigs that can wire
| to a tower and do the entire cellular stack except for
| the PHY...
|
| Would love to see pictures of such a connection in
| practice.
| rsync wrote:
| I'm surprised twilio doesn't offer a "sim hotel" where
| you just mail in your actual SIM card and then interface
| with it over their api...
|
| It solves all of their terrible new a2p 10dlc issues and
| would be genuinely useful.
|
| Actually, there are all kinds of ways to solve their
| 10dlc problems and make their platform useful (again) for
| something other than spam but ... that would be a boring
| and useful service and not _customer engagement at
| scale_.
| janfromdaito wrote:
| SIM banks used to be a thing, but they get less common
| and common every year.
|
| Why they are dying out? Because they are not that easy to
| source, maintain, scale or achieve super high reliability
| with them. Also, hard to offer a high availability option
| when the phone network only (well, in most cases) accepts
| one device per phone number.
|
| Edito: Additionally, important to note is that most SIM
| cards can only be used for a prolonged time in that
| providers phone network. You e.g. can not buy US SIMS,
| ship them to the EU and host them there. T-Mobile US (and
| others) cut you off after (usually) 2 months of roaming.
| yencabulator wrote:
| Meanwhile, eSIM has come into existence, and removes the
| annoyance of dealing with the physical SIM card.
| noAnswer wrote:
| > Also, hard to offer a high availability option when the
| phone network only (well, in most cases) accepts one
| device per phone number.
|
| 1. I guess it depends on your providers/region. From all
| three German mobile network providers (Telekom, Vodafone,
| o2) you can get up to three SIM-Cards for the same
| number.
|
| 2. The VoIP provider Sipgate (sorry again German) gives
| you as much SIM-Cards and eSIMs as you like (In exchange
| for money of course). You can route mobile as well as
| land line numbers to a VoIP-Phone, -Client or mobile
| phones. They can all ring in parallel.
|
| 3. Many years ago, I saw a presentation on a CCC event.
| (Sadly I can't find a video of it just now.) It was from
| a guy who documented how he became a mobile provider. He
| wasn't just reselling, because his numbers terminated in
| his own Asterisk server! So maybe, people looking for the
| best solution, should look into how to become a virtual
| mobile provider.
| Scoundreller wrote:
| I suspect they're still used for outbound scam
| calls/texts (and maybe inbound too), and probably gray-
| market voip-pstn interfaces in countries that make int'l
| voip interchange expensive.
|
| Some cool stuff on aliexpress with 128 SIM card slots and
| 8 or 16 gsm radios where you can program your choice of
| imei.
|
| As a Canadian with crappy cellular coverage, I've dreamt
| of having a couple French SIM cards that I could mail to
| France every so often so it looked while I wasn't 100%
| roaming just to have a cheap unlimited data plan with
| cheaper int'l calling.
| Terretta wrote:
| Thanks for this.
|
| We are hugely frustrated with providers insisting on SMS
| as a 2nd factor for commercial use because we value
| employee PII and feel they should not need to seed data
| brokers just do log into enterprise platforms.
|
| We are looking for a solution at scale for SMS 2FA that,
| according to the national number registry and KYC/anti-
| fraud checks, is a "real" mobile SMS number.
|
| We've found hardware devices that take from 4 to 32 SIM
| cards and are heading in that direction which seems ...
| nuts.
|
| But, we value employee privacy and these days when even
| your accounting firms' privacy policy say they're selling
| your contact info upstream, we want to give employees a
| way to log in without compromising themselves.
|
| Also, to anyone here running a B2B SaaS that offers TOTP
| instead of SMS, thank you.
| sifar wrote:
| Do you have a link for these hardware devices ?
| Terretta wrote:
| Example:
|
| https://www.amazon.com/Multi-Quectel-Module-Interface-
| Receiv...
| wesapien wrote:
| It's probably like Line2 and Fongo. Some SMS based 2FA get
| through.
| sitzkrieg wrote:
| if you're getting a lot of "i dont get the point" comments on HN
| from a very technical crowd, you're probably onto a new market
| need or WAY off depending :)
| hugs wrote:
| Software/app testing (manual or automated) is always a killer
| app for stuff like this. And my anecdotal observation of HN
| over the years is that most of HN doesn't get the point when it
| comes to anything that could be a killer testing tool. Running
| browsers on desktop OSes in the cloud? I don't get it! (My
| first startup) Robots to automate tapping on phones? I don't
| get it! (My second startup)
|
| I'm not surprised people don't understand the value of
| something like Cophone. It doesn't mean the value isn't there.
| It just means they probably don't spend enough time dealing
| with software testing issues to see the potential.
| t1tech wrote:
| Haha, only time will tell. But there are already some patterns
| that can guide me further, so I appreciate all the feedback and
| try to learn from it.
| toyg wrote:
| To be honest I only really need the virtual number, to redirect
| to arbitrary phones. The stuff Google never bothered to export to
| these godforsaken European colonies.
| gumballindie wrote:
| Are you telling me there is a concept out there for "virtual
| phone numbers"? I feel like i've been living under a rock. I'd
| find such a service particularly useful. I'd use a phone number
| for each type of activity. I get so many spam calls it's crazy.
| zeven7 wrote:
| I'll throw the provider in the mix that I'm happy with:
| numberbarn.com They make it easy to search for phone numbers
| you might be interested in and either park or forward them.
| JimDabell wrote:
| There are tonnes of these providers out there. OpenPhone is
| quite popular. Please be aware that these types of services
| don't receive 2FA SMS reliably. But calls normally work fine.
| noman-land wrote:
| I've been doing this with Twilio for years. It's great.
| lopkeny12ko wrote:
| Is there an open source server you use to proxy SMS/calls
| to your real phone?
| neilfrndes wrote:
| I use voip.ms, I'm very happy with their service. They
| have well documented REST API service for access.
| toyg wrote:
| Unlike most other suggestions in this thread, which are
| US/Canada only, this actually works in my corner of the
| Earth. Price is a bit high (yes, I'm a cheapskate, but
| I'll also be a very low-volume account), but might give
| it a spin. Thank you!
| andrewl-hn wrote:
| Yes, similar to Nginx or Apache for HTTP there are
| programs like FreeSwitch or Asterisk that serve SIP+Media
| traffic for you. You still need a service that does
| routing to your server based on a phone number. This is
| called "SIP trunking", and many companies like Twilio,
| Vonage, Bandwidth, etc. offer it.
|
| In some countries even phone carriers may offer SIP
| trunking for individuals. But most often they work with a
| handful of resellers, who in turn have smaller and
| smaller companies as their clients. So, if you only need
| to support a small volume of calls you'd find that your
| prices per connection or per minute are higher.
|
| Similar to sending email, telephony is a business of
| volume. The more call you make the less your prices are
| going to be. I worked in telephony space for a few years,
| and it's a fascinating industry.
| gregsadetsky wrote:
| You can have calls redirected on Twilio to another number
| easily by using a "Twimlet" which is a pre-built "TwiML"
| (Twilio's XML markup) generator.
|
| https://www.twilio.com/labs/twimlets
|
| I use the "Forward" one for calls.
|
| For SMS, it used to be not too complicated - I would host
| a file directly on Twilio (using a Twilio bin) to forward
| the SMS to another number.
|
| Recently, sending out SMS's has become a lot more
| complicated due to compliance (Twilio wants to make sure
| you don't spam people - but the burden on small
| developers was just too much for me, after ~2-3 months of
| back and forth emailing with them to get approved)
|
| I've switched my SMS forwarding to use
| https://pushover.net/ . I use Twilio's hosted nodejs
| platform to get the incoming SMS message, and use
| Pushover's API.
|
| It's potentially brittle-ish overall (lots of pieces) but
| it's also been working for years.
|
| A native mobile app that would let me just get calls and
| sms for my hosted Twilio phone numbers is really what I'm
| asking for... :-)
| rkangel wrote:
| Can you not "just" pay a subscription for a VoIP/SIP
| phone number and then use a compatible app on your phone?
| There are several providers you can just pay a per-number
| monthly fee and will handle calls and texts.
| gregsadetsky wrote:
| That might have been the easiest i.e. transferring my
| numbers to voip.ms (instead of Twilio) and then not have
| to do the forwarding at all.
|
| I'm a bit locked in for now (and am dreading transferring
| all the numbers I've accumulated) but yeah. Thanks for
| the perspective
| gumballindie wrote:
| I dont understand how i missed this. I own three phones,
| one real dumb, just to workaround the issue.
| threeio wrote:
| I've used tossabledigits.com for years... great service.
| janfromdaito wrote:
| To clarify: do you need to forward phone calls, or only
| forwarding incoming SMS to another phone? (We are working on
| such a product and would love your feedback and wish list)
| zie wrote:
| You might try https://jmp.chat. I'm very happy with them, I get
| SMS for everything I've tried(though I haven't tried
| everything/much).
|
| It's just an XMPP gateway, so you can use any XMPP capable chat
| client or gateway you want. XMPP isn't the worlds best
| protocol, but it works fine.
| nikolay wrote:
| I paid and now keep getting "Your phone is starting" and it's
| spinning forever and never finishes.
| t1tech wrote:
| Sorry again for that, we had some issues scaling up. Your
| cophone is up and running!
| [deleted]
| PaulKeeble wrote:
| Its not very price competive with a mobile phone contract or pay
| as you go.
| dmarinus wrote:
| mobile phone ui often use touch gestures, is this properly
| handled through the browser?
| t1tech wrote:
| Yes, from what I've tested. You obviously need a device with a
| touch screen though (a physical mobile phone, tablet or laptop
| with a touchscreen)
| rhasenack wrote:
| I've worked in a small consultancy where we'd use our personal
| phones to talk to clients - mainly using Whatsapp. It was hell,
| since there was no way I could get away from personal messages
| during work time and vice versa.
|
| This would've been something nice to have at that time - I would
| be able to, without having two phones, have personal and work
| related Whatsapp numbers on seperate places (but still accessible
| when needed).
| t1tech wrote:
| This is exactly one of the use cases of cophone.
___________________________________________________________________
(page generated 2023-07-28 23:01 UTC)