The numbers are most of the time not premium in the 1-900 sense of the word. They can just appear to be regular mobile or landline numbers in another country and would not be picked up by that library, at least not reliably. There are databases that track some of these numbers but they are usually sold to telcos and are pretty expensive. The only solution is rate limits per number, per IP, and set a max price per SMS of $0.05-$0.10 or so (make your Papua New Guinea users use an Authenticator app instead).

IMO WhatsApp is also a great option for 2FA in many countries. OTP is one of the approved outbound templates that WA will let you deliver without an inbound message.

author here: Hey Adam - Elon has mentioned SMS fraud being the reason for blocking it on several occasions. See here: https://commsrisk.com/elon-musk-has-radical-solution-for-a2p....

Re libphonenumber: I think you misread me? I was definitely saying consider it :) I just don't have much personal experience with that approach.

Elon Musk said that they were being fleeced by SMS fraud when the change was announced.

And not for blue? It’s just a lame excuse foe the insane price of als using twilio.

If he stated the truth: sms validation is costing millions per week, twillio would lose quite some customers, because companies would finally realize there’s another way that’s cheaper

Blue means they’re spending $10 a month or whatever it is. No fraudster is gonna buy a VCC for Twitter Blue and pay $10 an account when there are a million other sites they could target for $0.

The point is, Elon's rhetoric is that sms is less secure, but then he only allows it for twitter blue. It's utter bs.. It's just that he doesn't want to pay 5-10ct per 2fa request for lal these users.

And I fully agree with him

Does Elon stating something make it more or less likely to be true?