Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
2FA(dvertising)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Thu Sep 27, 2018 1:30 pm    Post subject: 2FA(dvertising) Reply with quote

Facebook Is Giving Advertisers Access to Your Shadow Contact Information
Quote:
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”


Just one more thing...

Project Verify.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 746
Location: The Holy city of Honolulu

PostPosted: Thu Sep 27, 2018 4:34 pm    Post subject: Reply with quote

People actually use social media on their phones. It is known that Messenger" (a facebook app) records everything on your phone.
_________________
People Of Love

Kindness Evokes Kindness

Peace Emits Positive Energy
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Fri Sep 28, 2018 7:22 am    Post subject: Reply with quote

Since Android 6 the user must grant permissions to access sensible data:
https://developer.android.com/guide/topics/permissions/overview
If the phone is older blame the vendor ....

The problem is that if the user doesn't grant permission the app won't start, there are other ways to protect personal data, like PrivacyGuard or SecondSpace that creates a virtual environment (possibly void of personal data) where risky apps can run.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Fri Sep 28, 2018 2:10 pm    Post subject: Reply with quote

erm67 wrote:
Since Android 6 the user must grant permissions to access sensible data:
What about Google remotely enabling features?
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Fri Sep 28, 2018 2:59 pm    Post subject: Reply with quote

pjp wrote:
erm67 wrote:
Since Android 6 the user must grant permissions to access sensible data:
What about Google remotely enabling features?


Remotely enabling battery saver, how very evil of them.
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Fri Sep 28, 2018 8:23 pm    Post subject: Reply with quote

Exactly. No need for concern. There's no way the capability goes beyond that feature.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Sat Sep 29, 2018 9:25 am    Post subject: Reply with quote

I don't even try to ask what has 2 factors authentication to do with all this ....
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5468
Location: Removed by Neddy

PostPosted: Sat Sep 29, 2018 4:06 pm    Post subject: Reply with quote

erm67 wrote:
I don't even try to ask what has 2 factors authentication to do with all this ....
On its own, nothing as 2FA is a good idea. The issue here is facebook. They recommended 2FA for the right reason but then once they had your phone number they then made use of this information to assist in targeted advertising

When is Facebook, Twitter, Google going to be fined into oblivion and broken up? They are destroying trust, society, democracy
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Sat Sep 29, 2018 4:27 pm    Post subject: Reply with quote

Naib wrote:
erm67 wrote:
I don't even try to ask what has 2 factors authentication to do with all this ....
On its own, nothing as 2FA is a good idea. The issue here is facebook. They recommended 2FA for the right reason but then once they had your phone number they then made use of this information to assist in targeted advertising

When is Facebook, Twitter, Google going to be fined into oblivion and broken up? They are destroying trust, society, democracy
I would say the issue is the behavior, not the specifically observed perpetrator.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Sat Sep 29, 2018 5:18 pm    Post subject: Reply with quote

Naib wrote:
erm67 wrote:
I don't even try to ask what has 2 factors authentication to do with all this ....
On its own, nothing as 2FA is a good idea. The issue here is facebook. They recommended 2FA for the right reason but then once they had your phone number they then made use of this information to assist in targeted advertising

When is Facebook, Twitter, Google going to be fined into oblivion and broken up? They are destroying trust, society, democracy

I don't understand what have 2FA to do with phone numbers .... SMS 2FA is insecure and no longer used, there is a new mechanism .......
https://support.google.com/accounts/answer/6361026?co=GENIE.Platform%3DAndroid&hl=en
facebook uses now a similar mechanism .....
There was a related standard some time ago. No need to give your phone number to anyone to use a dangerously insecure 2FA like SMS.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5468
Location: Removed by Neddy

PostPosted: Sat Sep 29, 2018 5:29 pm    Post subject: Reply with quote

erm67 wrote:
Naib wrote:
erm67 wrote:
I don't even try to ask what has 2 factors authentication to do with all this ....
On its own, nothing as 2FA is a good idea. The issue here is facebook. They recommended 2FA for the right reason but then once they had your phone number they then made use of this information to assist in targeted advertising

When is Facebook, Twitter, Google going to be fined into oblivion and broken up? They are destroying trust, society, democracy

I don't understand what have 2FA to do with phone numbers .... SMS 2FA is insecure and no longer used, there is a new mechanism .......
https://support.google.com/accounts/answer/6361026?co=GENIE.Platform%3DAndroid&hl=en
facebook uses now a similar mechanism .....
There was a related standard some time ago. No need to give your phone number to anyone to use a dangerously insecure 2FA like SMS.
*sigh* because that was the method Facebook used initially... THAT was how they got your phone number, THAT is how they started targeted ads. How is this hard to understand? 2FA was the argument used to get your number, it doesn't fucking matter if there are better ways todo it, THAT is how Facebook did it and then they used your number.
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5468
Location: Removed by Neddy

PostPosted: Sat Sep 29, 2018 5:34 pm    Post subject: Reply with quote

pjp wrote:
Naib wrote:
erm67 wrote:
I don't even try to ask what has 2 factors authentication to do with all this ....
On its own, nothing as 2FA is a good idea. The issue here is facebook. They recommended 2FA for the right reason but then once they had your phone number they then made use of this information to assist in targeted advertising

When is Facebook, Twitter, Google going to be fined into oblivion and broken up? They are destroying trust, society, democracy
I would say the issue is the behavior, not the specifically observed perpetrator.
exactly, it just happens to be via 2FA that the request for the info was made. the institutionalised behaviour then abused this data
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Sat Sep 29, 2018 6:40 pm    Post subject: Reply with quote

Naib wrote:
erm67 wrote:
Naib wrote:
erm67 wrote:
I don't even try to ask what has 2 factors authentication to do with all this ....
On its own, nothing as 2FA is a good idea. The issue here is facebook. They recommended 2FA for the right reason but then once they had your phone number they then made use of this information to assist in targeted advertising

When is Facebook, Twitter, Google going to be fined into oblivion and broken up? They are destroying trust, society, democracy

I don't understand what have 2FA to do with phone numbers .... SMS 2FA is insecure and no longer used, there is a new mechanism .......
https://support.google.com/accounts/answer/6361026?co=GENIE.Platform%3DAndroid&hl=en
facebook uses now a similar mechanism .....
There was a related standard some time ago. No need to give your phone number to anyone to use a dangerously insecure 2FA like SMS.
*sigh* because that was the method Facebook used initially... THAT was how they got your phone number, THAT is how they started targeted ads. How is this hard to understand? 2FA was the argument used to get your number, it doesn't fucking matter if there are better ways todo it, THAT is how Facebook did it and then they used your number.



Ahh ok once upon a time 2FA used SMS and it was a trick used by facebook to get people's phone numbers, how silly are facebook devs, there is a lot more people that uses messenger to manage their SMS and phone number than people using 2FA, on older phones it wasn't possible to install messenger without giving facebook access to all SMS and phone numbers on the phone, but hey the problem is 2FA ....
Not counting that probably there 100 times more people that just put their phone number in their facebook profile than people that uses 2FA ....... btw facebook recommended to put the phone number in the profile as a way to recover a lost password, not for the 2FA, since SMS based 2FA has been deprecated more than one year ago.
So yeah it is hard to understand what have 2fa to do with all this.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5468
Location: Removed by Neddy

PostPosted: Sat Sep 29, 2018 7:22 pm    Post subject: Reply with quote

It really doesn't matter if you don't understand it or whether there are better 2FA ... Facebook made use of it to link people together and that isn't actually up for debate as it happened
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Sat Sep 29, 2018 9:38 pm    Post subject: Reply with quote

erm67 wrote:
So yeah it is hard to understand what have 2fa to do with all this.

erm67 wrote:
SMS 2FA is insecure and no longer used
Quote:
Configuring two-factor authentication

You can configure two-factor authentication using a mobile app or via text message.


Quote:
There are several two-factor authentication methods you can use with your Facebook account when logging in from an unrecognized computer or mobile device. To get started with two-factor authentication, choose either:

Text message (SMS) codes from your mobile phone.


Quote:
You'll be asked for something else

Then, a code will be sent to your phone via text,


https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

https://www.facebook.com/help/148233965247823/

https://www.google.com/landing/2step/#tab=how-it-works
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5468
Location: Removed by Neddy

PostPosted: Sat Sep 29, 2018 10:49 pm    Post subject: Reply with quote

pjp wrote:
erm67 wrote:
So yeah it is hard to understand what have 2fa to do with all this.

erm67 wrote:
SMS 2FA is insecure and no longer used
Quote:
Configuring two-factor authentication

You can configure two-factor authentication using a mobile app or via text message.


Quote:
There are several two-factor authentication methods you can use with your Facebook account when logging in from an unrecognized computer or mobile device. To get started with two-factor authentication, choose either:

Text message (SMS) codes from your mobile phone.


Quote:
You'll be asked for something else

Then, a code will be sent to your phone via text,


https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

https://www.facebook.com/help/148233965247823/

https://www.google.com/landing/2step/#tab=how-it-works

exactly :) FB were basically selling the number a user uses for 2FA to advertisement agencies

Quote:
First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.)

But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.

There are many types of 2FA. SMS-based 2FA requires a phone number, so you can receive a text with a “second factor” code when you log in. Other types of 2FA—like authenticator apps and hardware tokens—do not require a phone number to work. However, until just four months ago, Facebook required users to enter a phone number to turn on any type of 2FA, even though it offers its authenticator as a more secure alternative. Other companies—Google notable among them—also still follow that outdated practice.

_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Sun Sep 30, 2018 6:55 am    Post subject: Reply with quote

The problem is that it wasn't possible to setup a phone number in facebook for 2FA only before, the main phone number in the contact informations was (and still is) used and it's more than one year that Facebook no longer uses the phone number in the contact information for 2FA. Probably several hundred millions person have their phone number in the contact information and only a tiny fraction of them uses 2FA (do you?), what makes them different and 2FA relevant? Nothing, 2FA has nothing to do with the fact that Facebook abuses the phone number in the contact information that users still enter for recovery purposes. Probably the number of people using 2FA and not having their phone number in the contacts is not statistically relevant.

It's a fake news.
Why should media outlets diffuse such fake news?

Well let's suppose you are a company that developed a 2FA system not based on SMS and phone numbers more than one year ago but are not satisfied by the number of adopters, and think that many do not use it because they fear they will be required to enter their phone number in the contact information, it might be a good idea to diffuse a fake information like that, after reading it it will be clear to everybody that it is more than one year that is possible to use 2FA without entering the phone number in the contacts.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Sun Sep 30, 2018 3:41 pm    Post subject: Reply with quote

I provided sources that disagree with your statements. Do you have any sources to clarify your claims? You may be correct, but official documentation does not appear to support your claims.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5468
Location: Removed by Neddy

PostPosted: Sun Sep 30, 2018 3:52 pm    Post subject: Reply with quote

It's quite simple... Read the actual research paper.
Those involved ONLY used Facebook 2FA which relies on a phone number, they were also able to show that advertisment agencies were able to target them with this one piece of info,the only piece they gave.

"But people already give their number and lots more " is not the point here. Yes people are stupid, yes people give too much info freely just for a glimmer of significants in the narcissistic world of social media BUT this shows this was one of the data collection points used to sell your info.
One of Facebook's defenses on this was that people agreed but this isn't part of 2fa
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Sun Sep 30, 2018 4:38 pm    Post subject: Reply with quote

In fact that is what I did

https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051

Quote:
They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. So users who want their accounts to be more secure are forced to make a privacy trade-off and allow advertisers to more easily find them on the social network. When asked about this, a Facebook spokesperson said that “we use the information people provide to offer a more personalized experience, including showing more relevant ads.” She said users bothered by this can set up two-factor authentication without using their phone numbers; Facebook stopped making a phone number mandatory for two-factor authentication four months ago.


2FA is just mentioned as a possible source , it is hard to find the relevant bits in the research since it was focusing on other things, there is a small paragraph at page 13-18 about it. Basically the phone address might be indirectly leaked if entered through some 2FA interfaces, enabling it on the phone is not the same as enabling it on the web page.
How did it become the main source of phone numbers and the most relevant problem since it was apparently fixed?

pjp wrote:
I provided sources that disagree with your statements. Do you have any sources to clarify your claims? You may be correct, but official documentation does not appear to support your claims.

You don't use 2FA or Facebook right?


No answer to my question:
How many user possibly have not entered their phone number in the contact info but did in the 2FA dialog?


BTW I don't mind if they give my phone number and call center operators do call me, I like to have somebody to verbally abuse and insult on the phone .... it's relaxing. Too bad they almost never call me .. it's funny there must be a database of numbers that is better not to call :-) because other people receive a lot more calls than me.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Sun Sep 30, 2018 7:46 pm    Post subject: Reply with quote

erm67 wrote:
Quote:
Facebook stopped making a phone number mandatory for two-factor authentication four months ago.
Who said it was mandatory? The Facebook documentation I quoted listed it as the first choice. First.

erm67 wrote:
2FA is just mentioned as a possible source , it is hard to find the relevant bits in the research since it was focusing on other things, there is a small paragraph at page 13-18 about it. Basically the phone address might be indirectly leaked if entered through some 2FA interfaces, enabling it on the phone is not the same as enabling it on the web page.
I have no idea what point you're trying to make. Facebook collects phone numbers as part of 2FA. Yes, alternatives are also a choice. As part of collecting the phone numbers for 2FA, they also appear to use them for targeted advertising. I don't think anyone has claimed that no other options exist.

erm67 wrote:
How did it become the main source of phone numbers and the most relevant problem since it was apparently fixed?
They still list phone numbers as the first choice for 2FA. Fixed what?

erm67 wrote:
No answer to my question:
How many user possibly have not entered their phone number in the contact info but did in the 2FA dialog?
Which is no answer to my question. Everyone who signed up for 2FA with their phone number is still the same number. Your question isn't relevant to Facebook's use of phone numbers in 2FA and apparent targeted advertising.

erm67 wrote:
BTW I don't mind if they give my phone number and call center operators do call me, I like to have somebody to verbally abuse and insult on the phone .... it's relaxing.
Your appreciation of that service has nothing to do with sending ads based on phone numbers harvested via 2FA configuration.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Mon Oct 01, 2018 9:33 pm    Post subject: Reply with quote

My complaint was/is that a small paragraph was taken from a 200 pages book full of Facebook mispractices a lot worse than this and it become the most important one. Some people might think that the articles are not really interested in denouncing Facebok malpractices but have a different agenda and lose faith in what could be a joust argument.

BTW Exactly where did Facebook say that the phone number associated with the account was not going to be considered a contact information. After all they send messages relative to the account to that phone number, it is de-facto a contact information, and Facebook is not directly giving the phone number to anyone ... so exactly what is the problem?
That facebook let advertiser use phone numbers to target the audience matching them to contact informations?
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum