Follow

Oh good. Facebook gives advertisers your two factor authentication phone number.

<< They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. >>

gizmodo.com.au/2018/09/faceboo

@natecull this seems double bad in the face of, uhhhhhh, sim hijack attacks and stuff????? and, like,the wild copious security of phone 2fa?

gawd

@natecull

Next week: Facebook hacks your device cameras to get nudes which it then sends to advertisers.

Following week: Facebook breaks into your house, scans your teenage diaries and sends them to your old bullies to chuckle over.

Week 3: Facebook steals samples of your DNA and sells it to cloning labs.

Week 4: Facebook secretly copies your fingerprints and puts them in sex offender databases.

@natecull glad i didn't use my phone number. i use anOSP for that kind of stuff.

@natecull only the truly naive would ever think otherwise. Good to know I'm not crazy. This shit should get even worse for people to actually pay attention. I'm glad it's like this.

@natecull 2018 is in the link so, not news? Bit don't remember reading about it. Oh wheel.

@natecull

holy fucking fuck

so glad I drew the line and cut the FB from my life

@natecull

(family was 😢 but I know they don't really like me much anyway, and so we're really all better off not interacting)

@natecull This is why I'm so bugged that outfits like The Register insist on pushing 2-factor auth despite the fact that it includes stuff like my goddamn phone number, and that evil-ass outfits like Facebook are involved.

@flugennock @natecull 2FA doesn't need to involve your phone number. In fact, to be secure, it shouldn't. I refuse to use any 2FA system that demands a phone number. And ironically, you can now set up 2FA on Facebook without a phone number, finally, so I've done so.

@natecull
It's beyond me why people still can't understand that phone number IS NOT A FACTOR at all. It's just a way to bind your account to your identity.
So the rule of thumb here is simple: some site tries to pry your phone number as a second factor "for your security"? Fuck this shit.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!