seanthomas (imported) wrote: Thu May 19, 2022 10:06 am There is light at the end of the tunnel wherein I have found a way to set up a “burner” phone number. I constantly amazed learning new things about this internet business. For a few bucks you can get a separate phone number, which may have some other advantages to preserve one’s privacy. Anyway, when I get some more time I’ll get it set up and be back on the blog and my email.

Stevenator I’ll address your question with a new post.

I think I found a way around this without using a burner phone. I just tripped across it and was able to recover my "throw-away" email I use when I expect others to spam me.

ambiguous (imported) wrote: Thu May 19, 2022 11:09 pm Sadly we are in a surveillance state now.

Snooping and censorship are rife.

Big tech are constantly configuring algorithms to catch folks out.

So can totally understand where you are with this.

Thanks for the blogs they were enjoyable and informative.

I just watched 2000 mules and what shocked me most had nothing to do with fraud but rather the geotracking of cell phones. It’s scary enough government has access to this Orwellian technology but it can be purchased by private concerns. Truly we are living in a surveillance state and despite being a law abiding citizen I don’t feel safe being tracked everywhere I go.

Yep.

It's a real hot-topic political subject.

Test Test Test

Test Test Test

icle, icle, icle

WheelyCurious

Yep.

Paolo wrote: Fri May 20, 2022 1:17 pm It's a real hot-topic political subject.

More social and technological than political, for no matter where you find yourself on the spectrum I don't think any American should be comfortable living in a surveillance environment. Most everything in life is a double edged sword and our increasingly invasive technology is just that.

In some cases, when a website wants your cell phone or number it's not so much to track you but for "two factor authentication." I don't know about the site(s) being discussed here, but if that's the case (the test: can you provide an email address instead?), they're not doing it to track people but to make their login more secure by sending your your device (or email address) a code that you have to send back to them to guarantee that it's really you that's logging in. (In most cases, unless you clear your cache, they only do this the first time you log in from a device or at fixed intervals like once a month).

racerboy (imported) wrote: Mon May 23, 2022 2:43 pm In some cases, when a website wants your cell phone or number it's not so much to track you but for "two factor authentication."

[rant mode on]

Sorry to burst your bubble, but phone number or text messages is NOT a two-factor authentication and should not be used as such.

First - it is controlled by corporate entity (or state) - thus can't be used as trusted authenticator.

Second - sim cards are trivially reissued to third party via minimal social engineering (more than enough cases of that happened in Russia, probably not much better in other countries).

Third - again, at this point - text messages are trivially interceptable by thirdparty (google SS7, and well: https://www.theguardian.com/technology/ ... exts-calls ). The protocols which run our phone network are... legacy of 80-90s and are not encrypted or authenticated. There are countermeasures to that, but the problem is basically unfixable at this point. Entry barrier for that is pretty low too, you do not need to be nation-state for that.

If you must use 2FA - use proper hardware token or some authenticator solution (TOTP is the protocol you are looking for, it is standard, and requires nothing more than shared secret and same time on both ends - authenticator and server). Doesn't even need internet connection for that.

[/end of rant]

PS. If you ever followed the history of use 'phone number as identity' - it all tracks back first to 'to prevent spam' (which is a lie, phone numbers are cheap, and it does not prevent them). But worse - it ends up as easily trackable identity - email can be had for free, but phone number is usually tied to you and some sort of ID

seanthomas (imported) wrote: Tue May 17, 2022 5:36 pm Sadly I will no longer be able to maintain my blog. An FBI friend once told me “it’s not Big Brother you need to worry about, but Little Brother”.

As far as I know - google uses 'dark patterns', when implementing it's UI. Sometimes it does not show the option or hides it.

Also - if you have second email - I think you can use it as a recovery option.

(I checked my google account, and it does not have phone number linked to it).

Reply to Rant:

1 - I have used tokens. The trouble is that they are expensive, everyone who is going to use your service needs one, they get lost, and their batteries have a finite lifetime, after which they must be replaced. Calling/texting/emailing you with the code certainly isn't foolproof (If I were a bank, I'd go with tokens for my employees who have to connect remotely!) but they are better than nothing. And remember I said most only need the reply the first time you login from an app or device -- although convenient for the user that is clearly is less secure than having to reply every time you login to their service.

2 - If they will only accept a phone number, and not an email address -- that's a danger sign! (As pointed out by another person here, email addresses are cheap and easy to come by. You can have one dedicated to such replies.)