Oh good. Facebook gives advertisers your two factor authentication phone number.
<< They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. >>
@natecull this seems double bad in the face of, uhhhhhh, sim hijack attacks and stuff????? and, like,the wild copious security of phone 2fa?
@natecull Oh good.
Next week: Facebook hacks your device cameras to get nudes which it then sends to advertisers.
Following week: Facebook breaks into your house, scans your teenage diaries and sends them to your old bullies to chuckle over.
Week 3: Facebook steals samples of your DNA and sells it to cloning labs.
Week 4: Facebook secretly copies your fingerprints and puts them in sex offender databases.
You've got to wonder at what point -- after the now countless mainstream articles revealing FB's deplorable business -- does FB shrivel up and die.
But then the world thought the same thing back in early 2016 as they watched tRump up his bar, one shocking and inconceivable event after another, to election, and then some.
The signs don't bode well for the 'save the planet from climate disaster' imperative, let alone FB folding.
@natecull glad i didn't use my phone number. i use anOSP for that kind of stuff.
I actually just assumed Facebook and every other site was doing this with 2FA phone numbers, which is why I avoid 2FA wherever possible.
Seems my assumption was right, but a lot of other people seem shocked by this.
I mean it's a fundamental fact of life on the Net that if you give someone some data, they now have that data.
A lot of people seem to want and believe this not to be the case, which seems a bit like wanting and believing water to not flow downhill.
This kind of news is perhaps more significant for people (especially lawmakers) who *don't* make that assumption suddenly being forced to reassess their view of Facebook etc.
A lot of people, rightly or wrongly, assume the best about a company or organisation they depend on in some way. They are more likely to listen to warnings when they are accompanied by evidence of wrongdoing.
(Also, evidence makes lawsuits and prosecutions more likely.)
I've used KeePassX, Authy, LastPass, and I'm now on 1Password. I'd rate them in roughly that order as far as usability goes, worst to best, with 1Password being the best, albeit also the most expensive. (It also now supports Linux, which it didn't previously, hence my not using it previously.)
Key feature: 1Password has TOTP 2FA integrated into the main application and form filler.
@mathew I love 1Password. We just deployed it at my company as well thanks to the teams capability. I still use Authy for 2FA token generation, though. I'm still skittish about having all eggs in one basket.
@editor I have my 2FA token seeds in Authy and LastPass Authenticator as well, just in case.
@natecull only the truly naive would ever think otherwise. Good to know I'm not crazy. This shit should get even worse for people to actually pay attention. I'm glad it's like this.
@natecull 2018 is in the link so, not news? Bit don't remember reading about it. Oh wheel.
@natecull I'm shocked... not.
holy fucking fuck
so glad I drew the line and cut the FB from my life
(family was 😢 but I know they don't really like me much anyway, and so we're really all better off not interacting)
@natecull This is why I'm so bugged that outfits like The Register insist on pushing 2-factor auth despite the fact that it includes stuff like my goddamn phone number, and that evil-ass outfits like Facebook are involved.
@natecull What the hell?!
It's beyond me why people still can't understand that phone number IS NOT A FACTOR at all. It's just a way to bind your account to your identity.
So the rule of thumb here is simple: some site tries to pry your phone number as a second factor "for your security"? Fuck this shit.
That's not what the article says?
@natecull Technically they are not giving the number away to advertisers, as far as I can read in the article.
An advertiser who already have the number can target that number on the system.
I do not necessarily support this practice, just think it is important to speak about what actually happens.
That the advertiser might be able to connect the dots is a problem, but a different problem than Facebook simply giving them numbers.
Invite-only Mastodon server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!