Go wild. Gets you like 90% of the way there.
> My caveat about this is some services will silently ignore you if you try to use a virtual number. It's more useful for IRL where you don't want to throw your real number around much.
How, specifically, do other services detect this? Is it like with IP address space where it's possible to determine things like "this C block belongs to Entity X, Inc"? Are you aware of mechanisms to avoid this detection/blocking that don't require using a "real" number.
I don't actually know specifically. I assume there are two different ways:
- The service is using Verify / Authy, which is owned by Twilio so likely Twilio themselves discourage it
- Looking up the number either through Twilio or some sort of central subscriber database. All virtual numbers are described as virtual numbers.
> Are you aware of mechanisms to avoid this detection/blocking that don't require using a "real" number.
Definitely gets into ethically gray areas since that would be super useful to nefarious people. I don't actually know for sure. I know from the recent Blizzard mobile 2FA controversy that this issue expands to also prepaid phone numbers.
So I don't know of a definitive way to get around it beyond using a postpaid number.
Somewhat related, near the end of my above mentioned service, I had pivoted into trying to launch a "21st century phone service" complete with SIM cards provided by Twilio.
The issue? They were still considered virtual numbers. At the time, in Twilio's defense, I was somewhat misusing their service because their SIMs were intended for IoT purposes not actual cellphone usage. That's all to say, it's likely provider / subscriber level vs something you can individually spoof.
