RIP Philo

Facebook and 2 factor authentication

You decide to use 2 factor authentication to make your Facebook account more secure. You give Facebook to your cellphone number as part of the 2FA.

Facebook takes your number and sells it to creepy advertisers. 

How retarded is Facebook?  It is a breech of trust to use my 2FA that way.

Facebook is discouraging people from using a safer login System.
Permalink Legion 
October 6th, 2018 11:35pm
Anyone giving their phone number to fb needs their head read. But sheeple are old news so sigh.
Permalink ,ndo 
October 7th, 2018 12:02am
I don't think they are doing that.

What you are experiencing results from search harvesting attacks on their platform.

Facebook allows me, your good friend, to search for your Facebook account by typing in your phone number. It will then display your name and location.

Facebook does have limits though - I'm not allowed to search for more than 50 or so people a day, but this search limit is per ip address.

There's around 10 billion possible phone numbers in the US.

With an army of zombie machines consisting of IoT light bulbs and webcams, I can reconstruct all the phone numbers and names on Facebook from every account that provides a phone number.

And in fact, thousands of scammers have done exactly that already.

It's a known problem.

And then they use the info to try to scam you.

In most cases they are not really from the company they say they are.
Permalink McCain's Tumor 
October 7th, 2018 12:09am
Forgot to mention. Facebook has a "privacy setting" for your phone number. Telling it to keep your phone number private controls whether it's visible on your home page to everyone, to people in your network, or only to your close connections, or no no one at all.

Even if you set it to "no one", you are still in the search feature. You can't opt out of that, and they don't explain that either.
Permalink McCain's Tumor 
October 7th, 2018 12:13am
Hm, supposedly because of these issues they disabled phone search in the US only a few months ago.

It's still enabled on foreign accounts though since phone number is a primary means by which people in a lot of countries identify themselves.
Permalink McCain's Tumor 
October 7th, 2018 12:14am
So good news, the barn door is closed.

In news we'll not mention, the cows are all gone.
Permalink McCain's Tumor 
October 7th, 2018 12:16am
Once again you guys are missing the point.

The phone numbers I am talking about are NOT associated to the FB account!  They are just used for two factor authentication to control login to your account.

FB screws you if you add this level of security.
Permalink Legion 
October 7th, 2018 8:35am
I seriously doubt the OP

How does he know Facebook is the source?
Permalink Bored Bystander 
October 7th, 2018 8:43am
Yeah but when you use the phone number for 2 factor they add that phone number as one associated with your account and use[d] it with the phone search. You aren't given the option to not have that number associated with your identity for search purposes.

ALSO, you should know that if any of your friends imports their contact list into Facebook, Facebook pairs up all the entries with their Facebook friends list and emails, and ANY phone numbers listed with those people get added to the friends account as well as being additional numbers associated with that account.

So lets say Carol is friends with Bob. Bob uses his cell for 2-factor and lists no phone number and turns everything to maximum privacy.

Carol imports her contact list which has Bob's landline, his work phone, his wife's work number, and Bob's secret alternate cell phone he only uses to contact his mistress Carol.

All of those numbers get added to Bob's account as phone numbers associated with him. If you search on any of them, it gives you Bob's name.

Facebook has refused to admit they have this feature, but security researchers have found it by experimenting with adding contact lists to dummy Facebook accounts, following reports by people that FB was doing this.
Permalink McCain's Tumor 
October 7th, 2018 8:52am
Also, Bob's secret mistress phone he keeps in a Faraday sleeve with the battery removed, and only uses it when he is at least 5 miles from his house.

One day he decides to whistleblow on his employer (he's a farm accountant for ADM) for using DDT. His Carol phone is a burner. He makes the anonymous call from a town 100 miles away.

The regulatory agent at the EPA who takes the call is on the take from ADM and simply hands the number to his contact at ADM. That contact types the number into Facebook and gets Bob's name.

Bob is later tragically killed in a combine accident.
Permalink McCain's Tumor 
October 7th, 2018 8:57am
Bob can be as secure as he likes, but if his secret mistress gives Facebook access to her phone contacts then they’re going to get Bob’s number anyway.
Permalink Armchair Lawyer 
October 7th, 2018 9:04am
I've already seen the EFF one. They offer no evidence for their claims, like most EFF reports these days.

EFF used to do good stuff. Now they just shitpost.
Permalink McCain's Tumor 
October 7th, 2018 9:52am
"Bob can be as secure as he likes, but if his secret mistress gives Facebook access to her phone contacts then they’re going to get Bob’s number anyway."

Yeah that's the whole point. It doesn't matter how much security you have, all your friends are on facebook, which means they are idiots, and your idiot friends are going to out you because you have any friends at all.

You can maintain privacy by having no friends or family and never contacting anyone at all.

That or use nothing but false identities. Then the lack of social media presence by your true identity is marked as a red flag and you are subject to special interest in border crossings.
Permalink McCain's Tumor 
October 7th, 2018 9:54am
Smart security is like my crack dealer, right now called "Ice Man". He's listed that way in my contacts. He uses a burner phone and each time I see him he gives me a new number and alias. I am under strict orders to only refer to him by the current name when calling in.

What is his real name etc? Who the fuck knows. Ice Man does it right.

Now if Ice Man gives his number to anyone that knows his real name he is fucked.

People who know his real identity are under the impression he is studying to be a pastor. He dresses geeky when he sees his family. When he leaves he switches to his pimp clothes.
Permalink McCain's Tumor 
October 7th, 2018 9:58am
Hey Iceman! I know him as Rick the Vic.
Permalink Katrina McClusky 
October 7th, 2018 10:01am

This topic is archived. No further replies will be accepted.

Other topics: October, 2018 Other topics: October, 2018 Recent topics Recent topics