Change the Telephone requirements - Verified Accounts Only Chat
The new restrictions on verified chat requires using a personal mobile number only??? You want me to expose my personal mobile number to being hacked or used for your marketing purposes? I have a VOIP number associated with my my email and mobile number for the purpose of keeping things separated that I have used for SEVEN YEARS for security purposes. It is a shame that you don't respect your user's privacy and security. The recent hack of Twitch is proof I don't want you to have my personal mobile number. You need to change the requirement, since I have a verified email with Twitch (for years) and have a verified voip number that I have used for years.... not sure why everyone else accepts my VOIP but Twitch does not??? Oh, and 2fa that requires texting on SMS is NOT secure and is an easy way to have an account hacked... bad internet security on your part! Change the requirements or many channels will lose viewers/subs.
I agreed with @Lunar_Umbra
The feature implemented as, "Verified Accounts Only Chat" has already failed to be inclusive of accounts that have their 2FA enabled and an Amazon account association. I am not submitting my mobile number to a separate data field to be stored by Twitch again.
SMS is considered a severely flawed method of second factor authentication. Having a mobile number as part of any social media platform is asking for trouble, too many attack vectors already exist. Mass campaigns dealing with SIM swapping are a real threat. It is sad that so many financial institutions still rely on messaging mobile numbers, included in that is the initial setup and fallback method of Authy.
The feature implemented as, "Verified Accounts Only Chat" has already failed to be inclusive of accounts that have their 2FA enabled and/or an Amazon account association. I am not submitting my mobile number to a separate data field to be stored by Twitch again.
Yes, PLEASE DO THIS!!!
I have a troll (or a group, who knows???) who basically stalk me. They even go into other streams and talk crap about me and start making threats etc., etc., you all know the story.
They have been reported under probably at least FIFTY different accounts by now, but ban evasion is not a difficult thing to do.
Forcing users to have to register a phone number would very likely cut down on evaders, especially if throw away numbers or numbers that are not specifically cellular are not accepted.
Why are people crying about taking out their phone number? How many times you got call from unknown caller and it was some marketing crap? How they got your number? I have no problem to verify my acc with phone, bcoz even banks use your numbers for their partners you even dont know. ;)
Instead of having to verify by phone number when you make an account, you can make an account without having to do that, and they could add the option in the channel setting to "require users to have a verified phone number to chat in your channel" the same thing as the E-mail verification except you use phone, because it's not that hard to make a new e-mail.
Regarding Olle's comment,
"i am against this, not everyone wants to give out their phone number",
you already have to give Twitch your phone number if you want to use 2-factor authentication, which you should be using if you value keeping your account safe from hackers and social engineers.
i am against this, not everyone wants to give out their phone number
I thought of a way to implement something like this without it being draconian. Similar to the option "Require a verified email to speak", there could be one for phone number.
and restricting who can make an account would be a terrible idea from Twitch's perspective. Remember Adam Orth?
If someone doesn't have a phone, then they don't make an account. How many people don't have access to a phone? I don't have the numbers, but it's probably not a very high percentage, and probably not high enough to justify *not* implementing this.
How would people without phones (they do exist) be able to make an account?
Also, rate-limit the number of times that a phone number can be used to verify a new account beyond just the X times per year.
For example, say that you can only verify new accounts 3 times per year using the same phone number. In addition to that, make it so that you can't verify a new account using the same number if that number was previously used in the last 24 hours.
So there would be 2 types of rate-limiting for account verification using a phone number:
1. The phone number cannot be used to verify a new account if it was previously used for verification in the last 24 hours.
2. The phone number can only be used to verify new accounts X times in total per year.
Also, if a troll get a chat ban from a broadcaster like Total Biscuit, for example, and then requests for his account to be deleted, and then makes a new account with the same phone number (or email) used to verify the previous account, then the **new** account should also inherit the same chat ban from the old account.
This is an anti-recidivism system that Stack Exchange/Overflow employs to great effect, which you can read about at
1. http://modnewsletter.stackexchange.com/2014/05/may-2014-newsletter/, and
This is another anti-troll feature to combat trolls who evade chat bans by just creating new accounts. Whenever new users sign up for an account, they have to verify their account with a phone number, much like how Gmail and Hotmail verify new accounts. Each phone number can only be used to verify an address X times per year (for example, 3 per year).
This will make it harder for trolls to constantly create new accounts to evade chat bans. You can even give broadcasters the option of preventing people who haven't verified their accounts with a phone number from chatting in their channel, and sending them whispers and messages.