When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security Another week, another Facebook privacy storm. This time, the Silicon Valley giant has been caught red-handed using people's cellphone numbers, provided exclusively for two-factor authentication, for targeted advertising and search – after it previously insinuated it wouldn't do that. Folks handing over their mobile numbers to …
Be careful as some PAYG schemes have some really arcane requirements in the Ts+Cs.
I have an old O2 PAYG SIM which is my "burner phone". It has the usual requirement of a chargeable event once every 6 months (I play safe and make a call rather than risking just a text) BUT it also has to be topped up with at least £10 once every 999 days (no, really). I guess they don't want people topping up £10 and stringing it out over 5+ years.
As a burner phone you may not be bothered if it does burn because you don't meet some obscure T+C like this but just make sure you can switch accounts that use it to your new burner number without the old now burnt number!
A THREE sim can receive texts with no credit! I bought one for a quid and once activated (just putting it into the phone) I received a text without spending any more money.
Yku can get a three sim for free from their website.. dunno if that would work too, but I suspect so (my £1 sim had zero credit on it - I guess the £1 was just for Sainsburys)
EDIT: How did I stumble into a month old thread?
"2FA using SMS is dangerous anyway; nobody should be using it."
It's a good job that credit card companies aren't forcing people into using it to validate some online transactions, then. Oh wait.*
* As a result of recent legislation ("strong customer authentication"), the card companies are required to take additional steps to validate some online transactions. Rather than implementing this properly with authenticator apps or giving people OTP pads, it seems they're going down the route of "SMS, e-mail, or phone us (but e-mail will go away), and no, there aren't any other options".
My bank used an OTP pad - until they used the "recent legislation" to stop using it, and now you have to use or SMS (+10€/year) or their app - but frankly I don't trust phone security at all, moreover I'm forced to use a phone that can run its app - and its tracking, while with the OTP pad there was no need and they could no track anything else but the transaction.
And they insist that now is "more secure" - I believe it means "cheaper and with more tracking".
I'm just waiting for the day their "security" will be utterly exposed....
Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.
THAT is why the use of WhatsApp is pure poison for your contacts: the first thing it does is give their numbers to Facebook - it won't even work if you don't allow it to do that.
This is why FB asking for your number is just insidious camouflage: they most likely already have it. They just don't want you to realise that.
Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.
For values of 'mobile phone' equal to 'smartphone'.
Tracking my phone[0] is restricted to the people having that kind of access to cell phone tower data. So not none, but severely restricted. And I've yet to see that info being used for advertising by entities other than my provider.
[0] apparently called a 'feature phone', even though its appeal is its utter lack of features.
Yes? An entirely different kind of tracking that Google et.al. want to achieve: knowing where you are, who you interact with, what websites you visit and what stuff you buy from whom. CONTINUOUSLY. So that they can determine patterns and use that data to sell advertising space.
Because he clearly is a moron. This "news" is about abuse of mobile number by Facebook, and he clearly didn't grasp that really simple point, and just fell back to the lame internet moron stance that Google are just as bad (which they aren't, as in my experience, Google do exactly what they state they do, Facebook are the true evil ones, proven now on many occasions).
Their shadow profile system makes for even more potential to have data slurping out of control.
In 2008 I uploaded my address book to Facebook. A few months ago before I closed my account I downloaded all my information. I was startled to find that acquaintances from ten years ago that I had not added as FB friends had had all their contact information updated and supplied back to me.
Anyone hiding from a dangerous ex-partner would nearly need to go off grid and use burner accounts and devices to avoid having their location volunteered by Zuck's Detective Agency.
IMO "Friends" sharing your personal data are not friends at all.
A co-worker not only added my phone to his contacts but full real names, address, spouse, children, including pictures every bit of info they thought they thought made them a caring friend (or something) all without asking or caring.
Of course Facebook feeds off such ignorance. It isn't a coincidence that those with the most complete contact lists are most likely to have google, facebook, and every other app on all their devices.
Yes Facebook should be classed as a criminal organization but those willingly feeding them other peoples information should also face consequences.
Yes, slimy shites. If somebody (a friend)has you in their phone contacts and they download the Faecebook app and accept the permissions requests, their contacts and your details are slurped by Faecebook. Some friend they are.
You might want to take into account that most people are utter innocents when it comes to privacy, they're no match for the conniving bastards that will use every psychological trick in the book to con people into giving permission to hand over details they should not share. It starts with roping in kids and establish the habit before they are old enough to judge their actions.
They're not bad friends, they are simply innocents who have their innocence used against them - the basis of every con job ever.
That's why you need to help them understand what FB is doing, in a language they can understand. Accusing people of something they're not even aware of is not going to help - we can (and must) do better.
Ignorantia juris non excusat
Although it's nice that you pull in the argument that didn't work in the Nuremberg trials either, the problem is that there are no specific clauses in GDPR et al that address someone's information that was volunteered to a data collector by others about that person.
GDPR only deals with data directly acquired from a data subject, not with indirect acquisition.
GDPR only deals with data directly acquired from a data subject, not with indirect acquisition.
That would be a loophole too big and exploitable to ignore so I don't believe that. For an organisation to acquire data indirectly there must be an illegal disclosure somewhere upstream and an organisation has no business using illegally obtained data, the onus will be on the organisation holding the data to demonstrate its permission to use it.
Anyway, how did the "friend" that disclosed the contact details acquire the contact details indirectly?
It worked reasonably well for me. I only had to go off on two people in my social circle about including me in any way with Facebook, and now (as near as I can tell), I don't have that problem anymore. Several of my friends and family think I'm being overly sensitive about it, but they respect my stance regardless.
If I discovered that someone routinely ignores my wishes on this, I would most likely cut them out out of my social circle entirely on the basis that they can't be trusted.
If I discovered that someone routinely ignores my wishes on this, I would most likely cut them out out of my social circle entirely on the basis that they can't be trusted.
I take it you're not married then :). It's a nice idea, but how are you going to stop everyone you're in touch with from adding your number to their WhatsApp infested phone book? The insidious side of this is that it only takes one single person to make that mistake and you're breached.
That said, there is one instance where IMHO the use of WhatsApp could indeed result in legal consequences: its use in business. We have it barred to the point of it being a sackable offence, but we are in the fortunate position that privacy is our business. If your business is indeed connecting to people because you're in sales, you almost need a separate phone for business so that you only have business contacts. The problem: most people only have one mobile phone for both private and business use.
All of the above shows that solving this privacy problem on OUR end end up mere symptom fighting. We need to rip out the cause with root and branch, and I for one wouldn't mind ripping out Zuckerberg's root. I take issue with anyone abusing someone's innocence against themselves for profit, and I have seen what can happen to kids and young adults in this context.
This must stop.
A 2.3 billion fee would be still not appreciated by investors and shareholders. It's all money they lose. Remember it's calculated on revenues, but paid with profits...
And that would be EU only - if other countries awake, that could multiply easily.
Plus the bad PR - some customers (I mean advertiser) could go when they start to think FB is too toxic even for the vampires working in marketing.
Yup, mobile phone numebrs are pretty obviously PID, and therefore protected under GDPR.
They must onyl be collected if there is a legitiamte use for them (in this case for account recovery) and not be used for any other purpose. The data controller (FB in this case) must also gain explicit consent for their use, for each purpose it intends to use them for, which it clearly has not done in this case.
Time to see which EU country's regulator has the teeth...
...we didn't expect this to happen, did we?
I deleted my FB account many years ago when they started to try and force connection information to be linked to group pages and preventing it being kept in separate 'silos'. No way should any, any company be telling us they will do whatever they want with our private data. We should have final say, always. If laws need to be made to force this to be so, then so be it.
"..we didn't expect this to happen, did we?"
Of course we did. I've posted it here and on every other forum / internet location I've ever visited. But sheep will be sheep: as long as they keep getting their snacks they'll happily follow their shepherds...straight into the meat processing plant.
But this is a sign of the times. "Fake news" is anything that they simple don't want to hear - truth is irrelevant over convenience or personal political beliefs. They gladly turn their heads in disbelief of any truth which simply does not pre-align with their worldview. "Capitalist corporations making money = Good", "Government = Bad" has been blindly pounded into their heads, by the very corporatists who benefit from doing such things, and they've swallowed the entire facade lock, stock and barrel.
Which only proves Goebbels was right all along. Sad to say :(
After creating a Facebook profile linked to a fresh email address and setting most of the privacy settings it was locked after 2 days for "suspicious activity" to "protect your safety". They then demanded configuring a phone for SMS or installing the app. 2 days later the same thing happened and it demanded submitting a photo. The only account activity was submitting one friend request and joining a group that person set up for a party. The awesome thing is that once locked out there is no clear way to delete the account or opt-out of further use of the information they collected.
Which is why it was set up on a burner email account and SIM card. People really shouldn't have to engage in spycraft to stay in touch with their family though.
Same happened to me. I used an additional cell phone number that noone had, and an email alias. Got locked out after half a day - I uploaded a sanitised (exif header removed) landscape photo. If there are no persons to run their nasty face recognition software against it they don't want it.
Yes, one can recover the account by sending in a scan of the passport / id-card. Not interested.
It does sound like we're up to something dodgy, doesn't it?
I had a Facebook account with my real name back in about 2007 for about 3 months before I got worried about privacy and, after a struggle, got it shut down. I opened a dummy one maybe 5 years ago to let me log onto some apps that require it. I used a PAYG SIM I bought for a holiday in Spain, a webmail with no IMAP/POP integration option and an address from a house due for demolition around the block from me (so my GPS didn't give me away) along with my own first name and a surname with the same first letters. I've only ever accessed from the android Tinfoil for Facebook or similar.
I'd probably make less effort if I was acting criminally, because I don't think the state (in my country) would have the resources to pull that much information together.
People really shouldn't don't have to engage in spycraft to stay in touch with their family though.
Just use the phone to talk to the family instead of using it as a burner to install FB. Famlies kept in touch before Facebook existed and they'll still be able to do so after it disappears from the face of the Earth - which will happen as soon as people realise they don't really need it.
4 or 5 years ago I struck this problem.
I had struck up a 'friendship' with a stripper. She was from this town, but had moved to a bigger city. Since she came back 3 or 4 times a year for a week or two to visit family etc, we swapped numbers so that she'd let me know when she came back to town so I could go down to the club and visit her (read: spend some money on her - but I had fun, and knew the limits of the 'friendship', it was a good night out).
But after we swapped numbers, suddenly my Facebook 'people you may know' suggestions started having all her friends listed in it. It showed her real name, and that of other strippers she was friends with. It turned out that mysteriously, sometime in the past, my privacy setting of "Friends Only" for my phone number, and some option along the lines of "Allow searching on your phone number: Disabled" had reverted back to "Everyone" and "Enabled."
I was mortified, we had no Facebook relationship or linkage, and didn't intend to have one, but because we had swapped phone numbers Facebook slurped the number from the phones and used that to link us even though there was no intention to be 'Facebook friends'. Since she had already told me her real name that aspect of it didn't matter, but many of her other friends who were strippers hadn't, and I felt like I was invading their privacy by doing nothing other than, IRL, swapping phone numbers with someone.
Needless to say, I uninstalled Facebook apps and only used browsers to access Facebook (to prevent it slurping that information directly from me), and went and tightened up all my Facebook privacy permissions again because I had them all at pretty much maximum privacy years before, but many of them had mysteriously (not really, it was Facebook 'updates' that would have done it) become more open.
Then I just gave up on Facebook entirely, I haven't used it in over 2 years now, and I don't miss it at all.
Judging by the downvotes, in case people have misunderstood that, these are names of android apps which allow access to Facebook without the Facebook apps' tentacles in your phone. They are wrappers for the website with no contact or phone number permissions, and do not share cookies with the Android browser.
Hence useful if you 'must' use Facebook from your phone.
... do people still think that phonebook harvesting apps are harmless?
How many data Facebook has about people who never accepted to have those data used by Facebook? Is it legal, especially under GDPR - a third party can't consent to have my data collected.
However, I pointed out several time that allowing data harvesting companies to use a phone number for 2FA or whatever was a big privacy risk, phone numbers are very good unique identifiers.
However, I pointed out several time that allowing data harvesting companies to use a phone number for 2FA or whatever was a big privacy risk, phone numbers are very good unique identifiers.
Of course they are. Our illustrious government ensured that for "national security" reasons each phone number is uniquely linked to a specific individual (to the point that it's fairly unsafe to lend someone your phone -- they do something nasty with it, you go directly to jail).
This rot started a long time ago, Facebook just found a way to monetize it. Pushing back may involve more than just the GDPR; the overall rights to privacy probably need to be enhanced. But who's going to do that, such double plus ungood speak about limiting power might just allow us to be voted out of office help criminals don't you know?
How many data Facebook has about people who never accepted to have those data used by Facebook? Is it legal, especially under GDPR - a third party can't consent to have my data collected.
It wasn't legal before GDPR, GDPR hasn't actually changed anything in that respect other than the potential penalties.
Under GDPR and earlier UK & EU data protection law, you would need the informed consent of EVERY other person before uploading their contact details (via a phonebook slurp) to the likes of FaecesBorg. To think that FaecesBorg weren't aware of that but just figured the potential costs were less than the realisable profits would be naive to say the least !
Under GDPR the penalties are such that FaecesBorg won't be able to ignore them forever, and when they find that the law does apply to them then they'll find their business model is dead. There are already cases that have been started, but it'll take some time for them to work their way through the system of various tribunals, courts, appeals etc.
Under GDPR and earlier UK & EU data protection law, you would need the informed consent of EVERY other person before uploading their contact details (via a phonebook slurp) to the likes of FaecesBorg. To think that FaecesBorg weren't aware of that but just figured the potential costs were less than the realisable profits would be naive to say the least !
Actually, no. There are zero provisions in GDPR that prevent a data grabber from obtaining people's information from OTHER people, nor is there any provision to force them informing people so affected that they grabbed their data. That is the big fat backdoor that WhatsApp has been using for years.
I don't know where you're based but here in the UK the current DPA, which enforces as much of GDPR as HMG decides it can't avoid, is actually the third (unless I missed one along the way). It tightens things up and increases penalties but the principles of data protection have been in place in legislation since the 1980s. I assume thinks are much the same for the older members of the EU and also for the new members but possibly with a shorter time-frame.
<emThere are zero provisions in GDPR that prevent a data grabber from obtaining people's information from OTHER people</em>
Wrong. Unless they have another lawful basis for processing (which would not apply here), then the data processor MUST have the consent of the person to whom the information relates. It does not matter where they get that data, they must have the consent of that person.
So if another person uploads their contact list with my details in, the data processor (in this case, FaecesBorg) would be breaking the law to use it.
If that wasn't the case, then it would be really easy for everyone to use these "got it from someone else" techniques to sidestep the law. But GDPR is clear on this - if a data processor gets information from a 3rd person, they must be able to show that they have the necessary processes/controls in place to be sure that that 3rd party did legitimately obtain the data and the data subject gave their informed consent for it to be shared.
Internet ads have a feature that previous types didn't.
Paper, radio and TV ads all required you to remember something, to be latently influenced. The effect was either subtle—subconscious reinforcement of brand awareness, more readily noticing 'Acme Inc' next time you saw the name—or direct, making you want to go and buy the great new product which the ad was selling. But you were rarely in a position to act immediately; to show an instant response.
The net is different, since you can click the link and buy the product—or: you can demonstrate your response by some other method.
So I propose that from now on, internet advertising is regulated to ensure that as well as being able to click on the 'Buy Now' or 'See More' link, there is also one labelled 'FOAD'. The law will require that the ad displays the number of FOAD clicks when it is shown, but, more importantly, the company in question is charged 1p/1¢ in extra taxation for each occurrence. The money raised will go directly into a national special educational fund, to be spent exclusively on improvements to schools, learning materials, teachers' and lecturers' salaries.
We'd need to solve the problem of robots, of course, but that aside you now have an excellent and effective way of making sure that internet advertising has to seriously improve.
Do you know why TV ads during Superbowl are of vastly better quality than the witless drivel vomited out by commercial radio? Because the former is expensive, of course. Radio ads are cheap as chips, which is why they are simply awful*¹. Internet ads are even cheaper, which is why they occupy the very bottom of the quality sewer.
So now we are using the interactivity of the internet to ensure that bad ads are punished, that advertising generally becomes more expensive so you'll start to see better ones, and money incidentally generated by bad ones goes towards a critically important cause: education. Crappy advertisers go out of business. You see better ads.
All you have to do is press the 'Fsck Off And Die' button ...
.
*¹ Radio: Embarrassingly poor fake-Scandi accent drones on for 30 seconds about yet another dreary car, telling you how little it will cost; followed by a hasty babble with the usual rhyme "Terms and conditions apply, all the above was a lie" as someone else explains the real cost is twice as much. Does this transparently deceitful garbage work on anyone?
Yep, totally agreed. And this is a good reason for adding fines and prison terms for the high executives, on top of the fines for the company as a whole. The risk of having to expend 10 years in a prison, separated from all that money and luxury, would probably improve Mark's -and the rest of the incumbents'- moral fibre a lot.
That's why I am personally for mandatory jail time for such people, or a multi-day stay in a pillory surrounded by rotten fruit and eggs for anyone to use (with free masks to prevent later retaliation - privacy matters here too).
Financial fines have zero effect at that level, they just become an accounting problem.
I'm having an interesting thing happen with my Live account, only used for Visual Studio 2017. After a few months of a new Live account, suddenly it's blocked for "Potential Spamming", and I have to unblock it. To do that, I find out I have to add in my Date Of Birth and my Mobile Number...and when I get in there the account says it's brand new and has clearly not been hacked, or used for anything other than running and registering VS2017 Community Edition.
As a result, I defend against what I see as a clear attempt at a data grab by creating another Live account every time they "Ban" me. Basically if a company isn't going to be forthright about what it's planning to do with my data, I try to give them as little as possible. So all hail Homer Kwyjibo (just deceased) and my new alter ego Marge Samson.
and eBay.
Whenever I login, they ask me to confirm my mobile number (not sure where they got it in the first place). I always reply 'Maybe later' as I don't want to lie 'I don't have a mobile number'. My profile information has no phone number.
Last month I made an order. A few days later, I get a text from DHL informing me of a planned delivery. So DHL got my number from the vendor. Now who did the vendor get my number from?
"Now who did the vendor get my number from?"
Possibly from another vendor (not necessarily on ebay) to whom you gave your number in the past. DHL the match it up with your address.
Given that delivery drivers frequently have problems reading a house name written in 6" high letters beside the gate I find it useful that that happens.
"Following online outcry over the weekend, a Facebook spokesperson told us today: "We appreciate the feedback we've received about these settings, and will take it into account.""
Translation: "We hear you. We don't care. We don't even care enough to write a proper response, or stop harvesting phone numbers for advertising. Now fuck off and look at some more ads."
FB is starting to lose the perception battle, just like the tobacco firms did. It's a long slow process but you can feel it in the air - reporting turns negative, they've become the punchline to jokes, politicians are jumping on the publicity opportunity, legislation is targeted against them.
In other industries this led to problems with hiring. Staff and potential staff didn't want to be asked round the dinner table about their new job in cigarette design or animal testing of cosmetics. Ethical people turn them down until the firms can hire only the sociopaths and the desperate and the unethical, rather than the smartest and best qualified for the role. That then leads to a decline in corporate performance and a slow spiral into irrelevance.
Are we there yet ? Do FB staff avoid admitting that's who they work for ? Are people turning down a FB job offer because of peer and family pressure ? Feels like not quite yet but right on the cusp. So do your bit. Put off everyone you know from ever contemplating taking FB's tainted money.
And are you responsible for advertising spend ? If so then move your dollars away to other channels. I know that's difficult while the duopoly has such a tight grip, but that will only change when you change, so do it today.
While I can only applaud the eventual and inevitable decline of the Borg, I am fearful of what Facebook would do with their data when that decline hits. You can be damn sure they'll continue monetizing it to whomever will shovel money through their doors.
The data is currently mostly kept inside the Borg. They don't sell the full data set, just certain processed data. They mostly just sell the processes.
But what happens when the bottom of the barrel starts getting into sight and someone promises buckets full for all the data? Facebook is already concerning in what they do with the data, but I'm afraid some other companies might be downright scary.
"Do FB staff avoid admitting that's who they work for ? Are people turning down a FB job offer because of peer and family pressure ?"
We'll be there when having Facebook in your work history makes it more difficult to find work elsewhere. That's a trend that I'm already seeing that start of.
Yet again this corrupt company has done something totally unacceptable. Just what does it need to issue a "Take Down" or stop the trading.
If this were a bank the license would be revoked, or even a traditional bricks and mortar company they would probably be bankrupted.
Just because this is tech, anything goes and any enforcement from government agencies takes years and is largely impotent. This is a fast moving, rule bending, and bluntly downright dishonest bunch of crooks that need locking up. It appears that just admitting "we have done this" makes it all right.
Zuck and the top execs need to be in court.
Fines need to really hurt
The company needs breaking up
I suspect that the first thing a data correlation outfit does is digging up dirt on its opponents. If the opponent is honest, a smear campaign is easily amplified through their means of manipulating what people see and the search results they get.
It gets kinda hard enforcing laws against companies that can blackmail you outright, IMHO these outfits have become the mafia of the digital world. "Nice website you have there, would be a shame if it no longer showed up in our search results or newsfeed" - just an example.
Why would any government agencies want to enforce anything that would bring down what s probably one of their first ports of call when they want to start investigating somebody.
The data that Faecebook holds is a wet dream for most goverments and I'm sure they wil have access o anything they want .
For a price.
This post has been deleted by its author
I've a facebook account that I probably check once a month or so for updates from old friends, but apart from that don't bother with. I've never put any address details or phone details in, so every time I do bother to look it always reminds me to "add a phone number etc". Fat chance Zuck, if they close it without having any details on me I don't exactly lose anything.
The latest media hyped response to this syndrome is Shoshana Zuboff's "Age of Surveillance Capitalism (etc)"
Downloaded the Intercept video podcast yesterday and listened to it last night (watching isn't necessary). Its a dual presentation with her and Naomi (Shock Doctrine) Klein.
Obviously I was sympathetic to their overall message but it was hardly news to any Reg readers, especially those of us who have been punting the "Privacy=Security" message since the tail end of the last century. And they're a bit short of technical grasp, which is forgiveable. It's not their field.
However, they were making a particular argument which I can only label as classic conspiracy theory and which even I, who recognise and preach the dangers of GooMazonSoftBook et al, found a bit of a stretch. And I don't know whether its the phase of the moon or this story which has pushed me over the edge, but this morning their analysis feels a whole lot more plausible.
Short version: They all started out with good intentions. Google, in particular, professed hatred of advertising and proclaimed it as a threat to the net. They also recognised the horrendous potential for intimate surveillance and set their pitch against that, most famously with their (now retired) "Do No Evil" mission statement.
Then came 9-11
And all plans to improve privacy protection (from legislators and businesses alike) were rolled into reverse. This (conspiracy alert) was orchestrated by the TLAs; who realised that private companies could get away with things they could not because (believe it or not) the TLAs were more accountable and couldn't ignore the constitution. Private companies could.
So, viritually overnight, the nascent talk of privacy protection became talk of the need to invade your privacy for your own - and the nation's - protection.
All the politicians had to do, to complete the coup, was to legislate mandatory reporting on demand, of any private data, the TLAs wanted, by those private companies; who were also granted huge leeway to get on with scraping all the private data they could eat. Add on the mythical oversight by the judicial rubber stamping process and you've squared the circle. You've introduced the Stasi-Panopticon 2.0 into what citizens laughingly think of as liberal democracies and nobody but us weirdos has even noticed or, if they have, don't realise they are now reverted to Serfdom with its new name - "users".
The book has already made a big splash. Be interesting to see if it can "wake" the "users" out of their soma inspired complacency.
wry note for the tinfoil hat brigade.
After writing that obviously enthusiastic support for Zuboff's analysis, I decided to throw caution to the winds and buy her book. (kindle version if you care). Accidentally found myself on Amazon.com (instead of .co.uk where my account resides) Was confronted with the unsurprising news that it is already the "#1 best seller" but this was accompanied by the somewhat less expected news that "This title is currently not avaiable for purchase" - which makes its #1 best seller status something of a miracle.
There's almost certainly a non conspiratorial reason for the current block on its sale. I'm sure even the TLAs don't have the clout to suspend a title on Amazon (not, at least, without the judicial theatre of a court injunction) but it did add some flavour to the moment.
Happily, the UK site let me buy it.
(I'm repeating a comment I made earlier, just putting it in its own thread).
Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.
Facebook owns WhatsApp, which is pure poison for your contacts: the first thing it does is give your entire address book to numbers to Facebook (it won't even work if you don't allow it to do that) WITHOUT needing to ask their permission.
Facebook asking for your number is thus just insidious camouflage: they most likely already have it. They just don't want you to realise that. I really don't buy it that they have not cross-linked those databases already, after all, there's money in it.
I want 2FA or even places I don't really need 2FA, some ask for phone numbers. I don't want to give our my number, but they simply won't let me create accounts. Even places that say they do landline auth (eg Ebay), it doesn't actually work. So what are my options?
I can get multiple numbers, an ensure only 1 profile (email account etc) get ever tied to that account.
The problem is then I will need multiple phone numbers, which I am sure cops/government will assume as I am up to no good. Also how many phones do I need?
In any case I will have to maintain a x number of phone, if one of them times out and I lose the number, when I come back to recover an account in say 5 years I won't have the phone number!
"So what are my options?"
Refuse to do business with most of them. You don't need to set up an account if you walk into a shop to buy something. Why should you need to set up an account to make a one-off or occasional purchase online? Just set up accounts when it makes sense.
Facebook is a vile company who will continue to abuse everyone until the day they go out of business. No surprise there.
"Users have the option to remove their phone number from their account, though that would preclude using it for account recovery."
Which they should absolutely do. Not just with Facebook, but with all 2FA. Nobody should be using a cell phone as part of 2FA, whether it's Facebook's system or anybody else's.
Here in Canada, I have not been required to give a phone # to maintain a fb account. Of course, I wouldn't. I'd rather abandon the account. Canada might be different, because for historical reasons not everybody has a mobile.
There are (at least) two identificatory (not a word, according to the spellchecker) universes: phone numbers and e-mail addresses. FB tricking you to give a phone # allows them to unite those two universes. It is pure gold for whatever nefarious purpose they have in mind. I would not worry so much about what they have done with a phone number. Rather I would worry about what they can and will do with it. Yeah, of course the home address and the passport number and the social insurance number are also identificatory universes. I'm sure they'll get to those! In a unificatory way, for themselves.
LinkedIn ransacked my gmail contacts. Don't recall ever giving them permission.
Talk about a completely untrustworthy company. I no longer believe a word of what they say because they constantly abuse our trust. They think they can just keep saying "sorry" time after time after time and it's all ok.
It's time some heads rolled at facebook.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
