Telegram's peer-to-peer SMS login service is a privacy nightmare

I remember reading an article (that I unfortunately can&#x27;t find right now, maybe somebody here remembers it?) about this being provided as a service to third parties, and it ended up getting used by banks and other high-risk businesses.<p>The scheme was something like<p>- &quot;Provide us SMS access in exchange for free in-game coins&quot; (with or without disclosing that the goal was to <i>send</i> outgoing SMS)<p>- Resell that outbound SMS gateway for much cheaper than Twilio to various third parties<p>- Third-party buys the cheapest message route available and doesn&#x27;t care how it can actually be that cheap<p>- Random people&#x27;s mobile games end up serving SMS-OTPs for banks

SMS auth fraud, where malicious users aim to receive auth codes to premium rate numbers, is a huge problem. This pushes that problem on to users.

It&#x27;s as ingenious as its reckless imo.

Even if you have free SMS this probably also runs in the face of any &quot;reasonable personal use&quot; terms with your provider.

Seems like a security issue too. User could be phished from another user&#x27;s number, or the user relaying messages can intercept OTP codes?

The main risk here is not to the sender but to the receiver. Receiver gets an OTP code from some number, it works, then they associate this number with telegram. So if sender, sends some secondary SMS like &quot;we detected an intrusion attempt, please secure your account by following [some scam link]&quot; they can have high degree of success.

It&#x27;s genius.<p>And finally my $1&#x2F;month 50.000 free worldwide texts burner phone is earning some $$$. Well $$$$$ to be exact.

I hope mobile apps can ditch phone number logins altogether.

Sounds like <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;White,_black_and_grey_routes" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;White,_black_and_grey_routes</a>

Telegram is fantastic. Amazing new breakthroughs and business IQ. No other social media company comes close.

it&#x27;s a really creative solution to sms delivery issues and high costs, but I think it&#x27;s pretty clear that the issues here outweigh the benefits<p>glad it&#x27;s opt-in, at least

What a hilariously insane solution

&gt;Telegram allows users to hide their phone numbers from strangers, but using your number as a relay could allow them to look up your Telegram account<p>You can disable discovery by phone number as well<p>&gt;Then there is a massive issue of privacy, which allows strangers to look up your number and use it for spam and fraud.<p>They have info that this phone number exists and nothing else. Ok, also that the user uses telegram. Not much. This info can be reasonably used for spam with lots of numbers, not 150&#x2F;month<p>Also I already trust sms to the centralized greedy third party usually acting against my interests called mobile phone operator. Now this also includes some random person and it suddenly becomes &quot;privacy nightmare&quot;