- T-Mobile is apparently offering a SIM swapping protection feature, but they’re not advertising it.
- This feature requires the physical presence of the customer on a shop in order for the number porting to take place.
- An alternative protection system is a PIN-based “port-validation” system offered by T-Mobile.
As reported by Motherboard, T-Mobile has a feature that protects its customers from SIM swapping attacks, called “NOPORT”. This feature is activated upon the client’s request, but as it is not advertised or included in the company’s service detailing web-pages, almost no one knows about it. This means that no one is asking T-Mobile to activate it for them, and thus they stay vulnerable to SIM swapping attacks. This type of attacks has become very popular lately, targeting mainly cryptocurrency owners, but not being limited to them.
Motherboard got to know about the “NOPORT” after a reader’s tip, and called T-Mobile to ask them about it. While the carrier didn’t offer further details about how the feature works and how effective it is against SIM swappers, it looks like the NOPORT feature requires customers to visit a real T-Mobile store for the port to take place. There, the rightful owner must demonstrate their photo ID in order for the number to be ported on a new SIM card or another carrier. This makes it a lot harder for malicious actors to port the victim’s number onto their own SIM card, as this would require them stealing more details to craft counterfeit IDs.
The protection feature that T-Mobile is actually promoting is the “port-validation” system, which requires the customer to set a unique PIN or passcode that will be used for the porting. When someone tries to port the number to another card or carrier, the customer will be required to provide this code for the change to take place. This is very different to NOPORT though, as it doesn’t require the physical presence of the customer on an actual shop. Moreover, if the customer is using the same PIN or pass elsewhere, the SIM swapping actors could have gotten their hands to it.
Our opinion on the matter is that whatever protection measure you can activate you should do it immediately. That is especially the case if you have a valid reason to fear targeting from SIM swapping actors. If you are a T-Mobile customer, call them right away and ask to activate NOPORT. If for any reason you’re not eligible for this service, at least set a PIN for the “port-validation” system. If you own cryptocurrencies, you’d be better off using a hardware wallet, a verification USB key, and a secret email address for 2FA.
Did you know about the “NOPORT”? Have you asked your carrier about it? Let us know of their response in the comments down below, or on our socials, on Facebook and Twitter.
To the Edge and beyond
Above: Microsoft’s Edge browser.
BitDepth#1233 for January 23, 2020
A rewrite of Microsoft Edge using the Chromium browsing engine was released to wide distribution on January 15, as the company doubled down on efforts to push Internet Explorer (IE) off a digital cliff, a browser they worked hard to embed into general Internet use.
As the company has since discovered, nothing may succeed like success, but nothing else is as effective at hobbling future innovation. Internet Explorer, a wildly out-of-date browser lagging behind in almost every modern Web standard, simply refuses to die.
In 2002, IE had 95 per cent of the browser market. By 2014, it had 20 per cent of the global market share for browsers. In 2019, it was holding on at 7.4 per cent.
From one perspective that’s a slow, steady dive into oblivion. If a plane descended at that rate, you wouldn’t notice it at all. From another point of view, it seems perfectly reasonable to ask why anyone is using it at all, most of two decades into a new century.
As a benchmark, consider this. Apple’s Safari had 4 per cent of the market in 2019. There are almost twice as many IE users than there are people browsing with iPhones and Macs.
To be fair, most of those IE users aren’t sipping lattes while they tap away at their novel or browse Instagram, they are open on the screens of harried cubicle dwellers waiting on Web apps coded before they were born to hesitantly appear.
There are so many Web apps created for business that depend on IE’s existence that after Microsoft boldly declared that it was shipping Windows 10 without the ancient browser, the company quietly let its corporate clients know that they would still have access to IE.
South Korea passed a law in 1999 that required bankers and retailers to use digital certificates issued by Microsoft – which are only available in IE.
Similar links, enforced as if they were actual laws, have kept It departments linked to IE for the last two decades.
Proving that the dictates of law are roughly equivalent to the stubbornness of large companies, even those who should know better.
The new Edge replaces the version introduced in 2015 using a Microsoft built browsing engine. The new version uses the open-source Chromium. That’s great for open-source generally, which will benefit from Microsoft’s contributions and frees the company to build value into its new browser.
A July 2019 Windows blog outlined a critical vision for the new Chromium Edge – nothing less than 100 per cent compatibility with IE 11. As many as 36 per cent of Microsoft’s corporate users are still using Windows 7 and are bouncing between a modern browser and IE 11.
Nothing less than full, flawless backward compatibility is going to get any of those customers to upgrade. For users without those concerns, the new Edge is a frisky, friendly puppy.
On first launch, it offers to import your Chrome settings, asks politely to be your default browser and then offers to sync with other versions of itself. I pressed it into use on Android and Mac OS. You can also install on Windows versions (10, 8, 7) and iOS.
A Windows ID allowed me to sync the two browsers with no effort beyond logging in. Behind the scenes, Edge works much like Chrome, since both are based on the same code base. Chrome’s most notorious characteristic is the spawning of a host of Renderer and Helper apps for each open window or tab.
All browsers have to handle these tasks, and separating the processes makes it easier to just quit an unresponsive window without having to restart the entire browser. Since I routinely abuse web browsers by leaving dozens of tabs open, the efficiency of this process is important to me.
Chrome’s processes are notoriously leaky, grabbing more memory and processor power than they should and sometimes gobbling up all the available resources on a running system. Edge seems a bit tidier in its handling of multiple windows as processes, but that’s something I’ll need to keep an eye on for a few weeks to be sure about.
Is Edge a necessary browser? For Microsoft it is, particularly if it wants to be faithful to a hefty part of its legacy corporate business.
For everyone else, its developers will have to demonstrate an eagerness to push browser performance and fidelity to web standards it hasn’t shown since the great showdown with Netscape’s Navigator in the first browser war of 1995.