Sign in Subscribe

Do we need phone numbers anymore?

By Carson Woods

Recently, I have been inundated with a significant number of spam calls every day. At its peak, I was receiving 5 a day at semi-regular intervals. I'm down closer to 2-3 a day now. I never answer unknown phone numbers, but it is clear they are spam. No voicemails are ever left and the calling numbers are always different, but very similar. They are also from the same area code as my phone. There's no way (at least as far as I know) to block a wide block of numbers. I also don't want to start blanket-blocking calls since I assume that would be futile and could hurt my chance to occasionally (though rarely) get real calls I might need to answer. These calls have been ramping up in recent weeks for me, but I've also been receiving spam text messages for years now. As far as I can tell, they seem to be textbook cases of the pig-butchering scams that are becoming commonplace. My mounting frustration with this led me to recently to wonder... could I get rid of my phone number?

The answer is (currently) no, definitely not. Too many people, businesses, and government services depend on phone numbers as a primary method of communication. But hypothetically, if everyone got on board, would getting rid of phone numbers and traditional voice and SMS communication be a good idea? I think it would be for a lot of reasons. My ideas on this are not perfect and are probably incomplete, but what follows is my justification for why we probably shouldn't still be using phone numbers any more (and what we might use as an alternative).

Spam Prevention

I started this piece by writing about my recent issues with spam calls and texts. To be clear, no digital solution would effectively stop spammers and scammers from trying to exploit whatever new platform replaces traditional voice calls and SMS texting. WhatsApp is a widely used messaging and call platform that also suffers from spam issues. Despite this, WhatsApp and other similar platforms have certain controls that can be used to cut down on spam in a way that I've not seen on phones.

There have been attempts to cut down on spam and spoofing on cell networks, but as far as I can tell, they have either not been widely adopted, or are not effective. Efforts from carriers and regulators to fix this haven't worked to fix the problem. A big initiative in this space is the STIR/SHAKEN protocol which is designed to cut down on number spoofing for voice-over-IP (VoIP) calls. I don't know if this has been implemented, but I have started seeing a "Calls with a checkmark have been verified by your carrier" badge on some of my incoming calls. This would be great, except that all my spam calls have that badge too, so it's functionally useless.

I think spam prevention would be a MUCH less compelling argument for moving away from phone numbers if regulators and telecom companies offered better controls over spam. It is also important that these tools not be paywalled. Otherwise, they're helping to create a problem, and then selling you the solution.

Quality

Traditional voice calls are, in some ways, nice. It can be more reliable than cell networks, especially in regions with high network congestion or low coverage. It does have lower quality though. I admittedly can't say that I care too much about audio quality on most phone calls, but it would be nice to get as good of quality as is possible. I also think that the reliability issues are going to rapidly diminish in the coming years. Between ongoing rollouts of 5G, better and more available Wi-Fi infrastructure, and satellite-based data connections on our phones, I think current problems are not fundamental to the technology and can be engineered away.

SMS on the other hand is so, very bad. Fortunately, it is already on its way out. With Apple's recent adoption of RCS and Google being its long-time champion, it's only a matter of time until SMS is gone for good. This is great because RCS has better support for lots of modern features that users have come to expect when communicating over text. It's also worth mentioning that RCS has nominally better security than SMS. I'll talk more about security in a later section, but I wanted to go ahead and mention it now. Admittedly, RCS security is very device and carrier-specific. End-to-end encryption for RCS is being worked on, but implementation and subsequent adoption will likely take a long time.

Security

Security is an increasingly important aspect of communication. There are really 3 main approaches to security. The first is to simply not worry about security at all and even actively undermine it. This is clearly the approach taken by SMS and voice calling with traditional phone numbers. A backdoor designed for wiretapping and surveillance by law enforcement has long-since existed in our phone networks. I think this is already problematic, but recently the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have warned that this backdoor is being used illegally by non-law-enforcement to perform surveillance and spying.

The second security approach is encryption. This means that no one can intercept your messages as they leave your device. Importantly, the messages can still be read (and subsequently shared with anyone) by the platform owner. Telegram is an example of a platform that (as of writing this) uses this approach by default. Messages sent on platforms using this approach could be viewed by the platform and (with a warrant) shared with law enforcement or governments. They could also be hacked (or have a backdoor like the phone networks) that could be used legally or illegally to obtain your data. To be clear, I'm not saying that any specific platform does this, but that it is possible and could happen.

The final option is end-to-end encryption. Platforms using this type of encryption cannot view the messages sent. Only the sender and receiver have the keys to view message or call contents. This makes them impervious to backdoors or government requests. In theory, well done security should also make platforms more resilient to hacking since, even if a platform was breached, the hacker would be in a similar position to the platform owners and would not have access to message/call contents. This is clearly the best option from a security perspective.

So what is the alternative app/service to use?

From a security and quality perspective, there are a lot of great alternatives. WhatsApp and Signal are widely available and support end-to-end encrypted messaging. iMessage is another super convenient option with end-to-end encryption support (assuming you enable advanced data protections on your iCloud account). I hesitate to recommend iMessage because it is limited to Apple devices. None of the apps I mentioned are open protocols (Signal is an open source and open protocol, but you must be messaging people within the Signal platform). Of these 3, Signal is most likely to be the best long-term steward of their platform, but it is still not ideal. These platforms all offer secure audio and text communication, so they're all strong candidates, but still not what I would recommend.

One more thing I have not mentioned is that phone numbers are (typically) universally interoperable and portable within a single country. You can take your phone number to any phone and any carrier. It might be a painful process, but it can be done. You can also call anyone else, even if they're not on the same carrier. This isn't true of pretty much any other communication platform. Ironically, email is probably the best, well-known analog to phone numbers. You can generally email anyone else on any email provider and you can (if you have a custom domain) transfer between email providers on a whim. My recommended alternative follows this spiritually: Matrix. Matrix is, in many ways, just like the apps I've already listed. It's an end-to-end encrypted chat and call protocol. The key difference is that it is federated (read decentralized). A good way to think of it is much like email. You pick your server/provider when you sign up and get a username that is appended with your server name. You can also message or call anyone else on any other server. You can even host a server entirely for maximum control over your data (though end-to-end encryption should alleviate many concerns). There are also a variety of clients available, and since Matrix is a protocol, not a platform, you could in theory write your own. You can certainly choose any one that you want.

Sounds great right? It is!...mostly. Matrix is very new. The protocol itself has been around for a while, but the oldest client was only made in 2016. The most popular client, Element, is not terrible, but there are some pain points. I'll be spending some time on this app in particular because it is the most popular app for Matrix by far. There are, of course, other clients that you can use but I don't have as much experience with them. Element and terminology about its different features in the client can be confusing and unintuitive. The settings (especially the security settings) are downright intimidating if you're not a power user. Additionally, the app suffers from certain failures that are immensely frustrating when encountered. A big one in the Matrix community is the "Unable to Decrypt Message" error message that shows up when a client fails to decrypt messages from the server. These can be frustrating since, aside from the opaque error, there isn't any real way to reliably fix these issues. It won't stop you from sending new messages or calls, but it can stop you from reading old ones.

The good news is that these issues are all being worked on. The "Unable to Decrypt" error is being worked on in a major way. The Element app is also being re-written to modernize the underlying security stack, while also simplifying the interface for the user. If I were a new-user to the platform, Element X (the re-written version) would be the best mobile client to start using.

It's also worth noting that server/account portability is planned and being worked on, but is not widely available yet. What this means is that, for the time being, you can't jump between Matrix servers while persisting your data. You'd need to make a new account. This is another thing in the works, but it's just worth mentioning that it doesn't exist yet.

Generally, I don't recommend buying software based on future promises of features. I stand by that generally, but in this case, I think it's worth giving Matrix a try. It's free to use and widely available. It's rapidly improving too, and if you want to contribute to its development, I'm certain contributions will be welcomed! If we want good, secure, and decentralized communication platforms to take off, it's important to choose a robust base to start from. So I'd suggest we follow Metcalfe's law and try to make Matrix a more valuable protocol and platform to support.

Final Thoughts

Between when I started writing this post, and when it was published, I travelled to the UK for 2 weeks. During this trip, I decided to try Saily, a new E-SIM-for-travel offering from the company behind NordVPN. This isn't a review of Saily (though it did work well), so I'll keep it short. They provide you with a data-only SIM card with no phone number associated with it. Since most of my friends and family use iMessage (not Matrix... yet), I figured this would be fine and that data would be adequate. I turned off my existing Verizon E-SIM and activated the new one upon arrival. I could have left them both running, but Verizon charges $12 a day for roaming internationally through their travel pass program. This is a convenient but expensive program that I'd rather avoid since I almost never need my phone number... or so I thought.

Turns out, upon disabling my Verizon SIM, my iMessage unlinked my phone number as a reachable address without notifying me. In retrospect, this makes sense. If you get a new phone number, you don't want previous holders of that number receiving your iMessages. Unfortunately, this meant my friends and family could no longer reach me since iMessages they sent me would remain undelivered until I reactivated my number. iMessage does support messaging to and from email addresses, but it is clearly designed as a phone-number-first approach.

This experience has made me rethink my reliance on WhatsApp and iMessage. Alternatives like Matrix and Signal are much more appealing since they are never linked to a phone number.