VoIP.ms sends ID documents over plaintext email (RE: Michael Bazzell Leaving Twilio for VoIP.ms)
In his latest post Michael Bazzell recommends the use VoIP.ms for getting a VoIP number. I like to counter this recommendation and warn you about this company.
When you sign up for VoIP.ms they will require you to upload a form of identity document with picture. This alone should be a red flag.
Now what happens if you actually submit a picture here, I wondered? Who is verifying this, and where does this end up? To figure this out I uploaded a test image and proceeded. If you read the title you know what is next. I received an email from VoIP.ms with an attached image including my uploaded test image sent using helpdesk[.]com. Your official documents would end up in some vague ticket system should you actually supply this data to them. This ticket system on their end uses Postmark for sending this email to you, your sensitive data spreads.
It's not often that I disagree this much with Michael Bazzell's recommendations. In his post he also explains how he doesn't care about the KYC because the phone number is tied to your real name in most ways. What he forgets to mention is that you are not only exposing your real name but also picture, and all other data available on the ID. This significantly increases the risk of a potential data leak and abuse in identity fraud amongst others.
