Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Facebook Doubles Down on Misusing Your Phone Number (eff.org)
157 points by panarky 21 days ago | hide | past | web | favorite | 39 comments

The other day I logged out of Instagram on my phone, created a totally new account (for our dog), cleared all the cache and it STILL found my coworkers.

I didn't want my coworkers to see my dog account because I act silly and want to be professional.

I'm CERTAIN they just sent data I didn't agree to send (phone number, etc).

They didn't re-prompt to access my contacts so I assume they think that since the APP has permission every account I create ALSO has permission to access my contacts.

Fuck facebook!

Might be the wifi network if you logged in while at work...

So the only way to keep your number from being searchable on FB is by not having 2fa?

Or by not having a facebook, obviously. If you have one, you're part of the problem :)

not having an account won't prevent fb from creating one for you and storing your phone number when one of your contacts uploads their address book

True :(

Here's an idea. Use a service that generates phone numbers that redirect to your actual phone number. Maybe Twilio. Just as some do with email addresses.

Create a new number for each use. For each family member and friend. For each site registration. For each whatever.

Have an app that searches periodically online for all of those numbers. If any of them show up linked to Facebook, or whatever else concerns you, nuke them. And maybe ping whoever/whatever got that number with an admonition, saying that they're no longer a trusted contact.

That would be extreme, I know. And you'd need to cut some slack for close family, your employer, etc.

But would it be doable?

Or use non-SMS 2FA, which is a good idea anyway (not that I'm defending FB for a second here)

You can use OTP 2FA with Facebook.

Which do you prefer: privacy or security? Because you can't get both.

EDIT: you can do 2fa without SMS: https://thenextweb.com/facebook/2019/03/04/psa-dont-give-out...

Sure you can. Just go back in time and have the foresight never to sign up for Facebook.

It’s weird to have spent almost a decade with people on and offline scoffing at everyone who never signed up for FaceBook. Now it’s a case for time travel. I’d argue that with only a modicum or foresight it was possible to see that FB was to be avoided, but the hard part is withstanding the peer pressure.

I’m glad that I did.

I am too. The unstated sales job that has been so effective for hooking and keeping so many is fear-based, specifically the fear of missing out. I don't think I've missed anything at all important by never having had Facebook. But every time the discussion is had, a high percentage who say they wish they didn't have it also hang onto it with "it's how I stay in touch with people." My counter argument is, Delete it and find out who really wants to stay in touch with you.

Is there any other authentication method like google authenticator for 2fa to use facebook?

Facebook supports U2F security keys for 2 factor auth [1].

[1] https://m.facebook.com/notes/facebook-security/security-key-...

The UX I'd say is following dark patterns for this.

You cannot enable U2F without first enabling SMS Auth and or OTP Auth. Once u2f enabled if you delete both SMS Auth and OTP auth it disables 2 factor auth and takes you to a welcome screen to get started enabling it again with the only 2 options SMS / OTP, once enabling one of them you can add U2F again.

Also I have "security.webauth.u2f" enabled in Firefox but Facebook is the only U2F service I use that doesn't work in Firefox so it falls back to the SMS / OTP methods on login.

> Also I have "security.webauth.u2f" enabled in Firefox but Facebook is the only U2F service I use that doesn't work in Firefox so it falls back to the SMS / OTP methods on login.

I noticed this as well. I was able to add my security key via Firefox, but for some reason Facebook decided that you need Chrome to use U2F when logging in.

I can’t see this site because I use Pihole and this: https://github.com/jmdugan/blocklists/blob/master/corporatio...

In that case, a help article on FB isn't going to be very helpful for you anyways

Don’t get him wound up, or he’ll start in on how he doesn’t even own a TV, err, I mean have a FB account.

Yes, you can use Google Authenticator for Facebook 2FA.


People are still beating the rigged election dead horse?

You rather it was swept under the rug and forgotten about?

Facebook did the same thing Fox News and CNN did: Accept advertisements that affect who votes and for whom.

It's not something Facebook created. Nor is it something that happened for the first time in 2016.

It's a significant historical misunderstanding to believe propaganda was invented by Facebook in the 21st century.

I despise Fox News and CNN, but unless they took foreign money for those ads and didn’t go through the proper declarations making that clear, you’re presenting a false comparison. Fox and CNN, for all of their hideousness, also didn’t host bots and people having conversations with themselves to manipulate public discussion. They didn’t give the IRA a platform, and didn’t allow the likes of Cambridge Analytica to target high value voters in close states.

Fox certainly took plenty of NRA money, and they were/are taking tons of foreign cash.

The NRA is a domestic lobbying group, and citation on the second point? Remember we’re specifically talking about buying political ads, not just investment in the company.

That’s a problem for the NRA, and if you don’t understand the difference between that and what happened with FB, I can’t help you. Have a nice night.

I don't think you understand the significance of the Facebook incident...

1: Facebook is implicated in knowingly accepting and failing to report funding from foreign agents. No news channel is implicated in such. Doing so would end that channel.

2: Facebook + Cambridge Analytica were in a unique position of power to apply ML as a propaganda tool capable of targeting individuals rather than segments. This unique position of power was allowed to exist due to lack of regulations on what data Facebook collects and how that data may be used.

It's funny that you think that a foreign country can legally be sold ad space in the US for propaganda.

I am curious as to the reason for this objection.

Whoever is appointed as the US President has an impact on 'Rest of World'. So why shouldn't RoW have an input on the selection process?

Foreign companies buy ad space in the USA all the time to influence customer behaviour. An election isn't much different on principle.

> So why shouldn't RoW have an input on the selection process?

Laws against treason and foreign manipulation of elections exist so that foreign nations don't conquer and kill us all. There is no doubt Russia and many other nations want to do that. I guess that's not a good enough reason for you? Do you have a self-preservation instinct? Do you want to live? There's a few really good reasons not to treat advertising for elections like advertising for toilet paper. It's literally a matter of life and death. Lying about how effective your toilet paper is, is not.

This type of propaganda is typically misleading in that the sources and claimed intents are flat out lies (Advertising is regulated against this too).

They're not saying "Russia wants you to vote for Trump" — they're doing things like sowing discontent and divisive rhetoric. The current propaganda efforts are absolutely fueling a lot of the divisiveness in the US right now. It's dangerous.

You think it would be a fair election if Xi Jinping could drop a trillion dollars in the US to advocate for his favorite candidate?

Historical facts are now dead horses? That's news to me.

[Citation needed]

People say things like "what do you want, privacy or security?, you can't have both".

But something I always think about, we're talking about Facebook here. It's a social media platform with pretty pictures and comments. What's the big deal?

It's not like we're talking about your online backing or medical records. Why does the "security" of something as unimportant as Facebook really matter enough to require 2FA?

To boogy-man "Security" has escalated so much it's like everyone wants it everywhere, no matter the cost.

Facebook is one of the main identity providers on the internet, next to Google and Apple. Access to facebook can imply access to a wealth of other apps.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact