
Twitter used phone numbers provided for security to target ads (2019) - searchableguy
https://www.theverge.com/2019/10/8/20905383/twitter-phone-numbers-email-addresses-targeted-advertising
======
techlaw
"will likely owe a fine of up to $250 million"

[https://arstechnica.com/tech-policy/2020/08/twitter-faces-
ft...](https://arstechnica.com/tech-policy/2020/08/twitter-faces-ftc-probe-
likely-fine-over-use-of-phone-numbers-for-ads/)

~~~
dang
Currently discussed at
[https://news.ycombinator.com/item?id=24051665](https://news.ycombinator.com/item?id=24051665)

------
mgbmtl
Interesting bits: "No personal data was ever shared externally with our
partners or any other third parties." Advertisers uploaded lists with
email/phone, and Twitter matched them to users.

In any case, it does not help paranoid people like me, who are always
reluctant to share a phone number as a recovery method (I use self-hosted
email, it's the most reliable recovery method, but I understand it's not an
option for most people).

~~~
probably_wrong
Incidentally, this is why I don't use 2FA on my Google account: because they
won't let me enable it without giving a phone number first.

~~~
flotzam
FWIW after enabling non-phone 2FA, you can delete the phone number from your
Google account - this doesn't remove 2FA.

~~~
fantyoon
But that would require you to trust them to actually delete it, if you don't
trust them to not abuse your number that's kinda a non starter I would say.

~~~
londons_explore
In Europe at least, laws are very clear about "if I click the delete button,
you have to delete it". All big companies stick pretty closely to those laws
because the fines are huge.

There are also laws against using data for some other purpose than it was
collected for, but they're less well enforced, and it's pretty frequent that a
sneaky T&C clause let's them use data for something else.

~~~
kevin_thibedeau

        if(IsEUCitizen()) {
        ...

~~~
jusssi
I believe it's enough to be EU resident to get GDPR protections. So just
change your address for a bit.

~~~
ffpip
Phone number is associated to a non-EU country.

------
grazhero99
I think it should be fairly obvious to most here, but it bears repeating that
any service which requires a phone number for 2FA is to be avoided like the
plague.

~~~
ffpip
I hate the fact that Google requires a phone number to set up 2FA. Only then
does it show the Hardware/App options.

A phone number, or an Android phone logged into the account

~~~
three_seagrass
Which companies allow 2FA without a phone number?

~~~
mnem
Most of the services I use allow it without a phone number (as SMS isn’t very
secure). A bigger service that I can think of off the top of my head is
GitHub.

------
marssaxman
I am completely unsurprised. This is why I will not provide my phone number
for 2FA.

~~~
wlesieutre
It's also one of the least secure 2FA methods since you have to trust all your
phone company's call center employees to not transfer your phone number to a
new SIM controlled by someone impersonating you. Lots of reasons to not use
SMS for 2FA.

~~~
three_seagrass
Pixel phones are now preventing sim swapping, IIRC, and maybe a few others.

~~~
wlesieutre
Pixel phones do? Or using Google Fi as your phone provider does?

I would understand Fi having better protection because you have to manage it
online through your Google account (and same for Google Voice users).

Not sure what a phone would be able to do about it.

Anyway, Google as your phone provider opens up a different can of worms.
Instead of having an overly helpful support staff who can be tricked into
doing things they shouldn't, now you have Google's algorithmic account bans
and tie-in with Google Payments and no recourse for problems because the
customer service is a robot that says "no".
[https://news.ycombinator.com/item?id=18886804](https://news.ycombinator.com/item?id=18886804)

Nonexistent support is great in terms of resistance to social engineering, but
sometimes you _need_ support.

------
nkrisc
Facebook did this to me as well. I provided a number long ago after they
requested it under the premise of security (and it was used for that, as I
recall), but then they started texting me about all the people I know posting
stuff after I hadn't logged on for many months. I promptly blocked the number.

~~~
frandroid
You blocked your own number?

~~~
Kalium
I believe they mean they blocked the number Facebook was using to text them
from, after giving Facebook their phone number. Ergo, they did not block their
own number.

------
jb775
It's so frustrating being forced to use your cell # to register. Obviously
they're using it to tie together data.

For the developers out there reading this: please be the change you want to
see, or at least try. If your company wants to add a user requirement like
this, be the person who speaks up against it.

------
Ecstatify
Twitter seriously need a new C.E.O, really must be desperate to stoop this
low.

~~~
gukov
Any CEO of an ad-driven platform that willingly doesn't want to use everything
they have on users to increase the revenue won't be the CEO for long.

~~~
Ecstatify
$TWTR - $73.31 [26/12/2013] $36.30 [4/8/2020]

------
coffeemaniac
It's not a perfect "solution" but I've had so many instances of services
requiring phone numbers for 2FA that I've dedicated a voip number for it.

~~~
bzb3
Most websites have blocked VoIP numbers so you won't be able to use them for
2fa.

~~~
dvtrn
I’ve come across this as well, and having worked in VoIP the common rationale
is fraud prevention, which is a real problem that _does_ exist-but I think
it’s a rationale that has been quite misapplied or perhaps better to say,
inappropriately applied as a blocker for using VoIP numbers for 2FA.

------
Topgamer7
Linkedin did this and I started getting cold calls from recruiters. Never
uploaded my number, but I had the app on my phone.

------
andrei_says_
This is serious abuse of privacy.

I presume there are privacy laws covering this?

And therefore the possibility of legal action on a large scale?

~~~
rvz
> This is serious abuse of privacy.

Websites that use 2FA Phone verification: Abuse of privacy? What's that? This
is for your 'security' /s

Honestly, I avoid services or websites that do this kind of nonsense.

------
djrogers
Thought I’d read about this before, and yes - this is old (2019) news.

~~~
umeshunni
I thought so too, but couldn't find the previous discussion. Best I could find
was
[https://news.ycombinator.com/item?id=19487304](https://news.ycombinator.com/item?id=19487304)

~~~
jsnell
[https://news.ycombinator.com/item?id=21196833](https://news.ycombinator.com/item?id=21196833)

------
angel_j
Please enter your birth date so that we can wish you happy birthday! Emoji
emoji emoji.

------
gsich
"surprise"

