Y'all know we used to publish everybody's phone number in a book along with their address and then distribute copies to every household, right?
We did it for many decades and it was fine. Every pay phone, which was a phone anyone with a couple coins could make anonymous calls from, had this giant book right there for your reference. Everyone knows this, right?
If you didn't know someone's number you could look it up and call them. They wouldn't have caller ID so you'd identify yourself and then you could talk to them.
This was 99.99% of the time not a problem.
We need to stop freaking out about a "security vulnerability" that does 1/50th of a system that everyone used mostly without incident for decades.
Besides, none of this information is actually private now, it's all still for sale. These companies freak out about this stuff because your data is their product, it's not supposed to be free.
I'm sure not everyone knows this, because there are are people on this site who have not grown up with phone books.
The article talks about a reverse phone book: according to the author, given a phone number, you are able to look up name (and profile picture). To my understanding there were no reverse-lookup phone books like that back in the day.
-In the good old days (sixties, presumably also earlier) police forces in at least some countries had phone books sorted both by address and by number.
(Source - flea market find, a Norwegian book on the state of the art in criminology, published c. 1965)
Edit: Oh, I just remembered that locally, the athletic union published a phone book with all subscribers in the municipality listed by number.
This was c.1990 - after call ID was an option if you bought a decoder (or was an ISDN subscriber), before Internet phone directories were a thing.
While this is factually correct, what you are missing is the point that most people have mobile phones these days, and their phone numbers are tied to a ton of other accounts and services. These include second factor auths (using text or voice calls) for other websites, bank accounts, social security ids (I'm not talking about the US), insurance policies - the list goes on. You would not want your number to be available to the general public - because that makes you vulnerable to social engineering attacks.
Here in Finland many if not most mobile phone numbers are in the phone book. Well, no physical book has been printed for years, but you can call directory enquiries or look them up online. Even reverse look-ups are possible. (Only an ever shrinking minority of households still owns a landline.)
How exactly would that subvert 2FA via SMS? Except for calling and ask please read the SMS you just received for me. While that will work with some people, I am not worried in my case.
It subverts 2FA and SMS because of SIM hijacking. If a bad actor has your mobile number and you use that for 2FA, they can socially engineer (or bribe) a rep from your mobile company to assign your number to a new SIM/phone.
I did this recently in my own number after loosing the sim card. I just called up the phone company and convinced the customer service agent to assign the number to a new sim card I had just bought from the petrol station near my house.
I provided no authentication for this and they had no way to prove I was the owner of the account.
The phone book was always opt-in in Germany, and reverse lookup was declared illegal after some time too. They suggested in when you signed the contract, but it was a clause you could easily not accept, at no extra cost.
Part of the issue is the meaning of privacy now. Decades were spent fighting for the right to not receive, or to receive targeted phone calls.
We're now (at least my cohort) in a world where no one, ever answers the phone. Either you're in my phone book, or I'm never answering the phone. It's rather liberating.
That's not really a privacy issue, though. That's marketing issue. That is, we let marketers destroy phones as a medium of communication. The answer to that isn't to legislate hiding your phone number. The answer to that should be to legislate this type of marketing away.
Advertising is cancer, and I'm constantly surprised by the ends to which people go to justify its continued existence.
US until very recently wasn't even trying. EU is, and our phones are quite usable. Things could be improved - I wish there was a way to get rid of the few marketers that find their ways to skirt the regulatory boundary. It doesn't seem impossible to achieve.
That's only because calling is the new fax. Would you ignore an SMS from an unknown number? Let's say the content was "Hey, how've you been? It's been a while!"
Actually yes. I ignore all SMSes. WhatsApp is the go-to communication method in Israel. SMS is only for government services and a company from whom I've ordered from in the past.
I get zero advertising now that I moved. It's liberating.
Yes they get ignored because that's the entry point for scammers building lists of active numbers. Same as one should mute but not disconnect spam voice calls as that gives them info about your presence.
I’ve heard this “active number” and “active email” thing for a while, but isn’t the fact that the message wasn’t “returned” undeliverable a sign already? If I send an email to a GMail account that doesn’t exist, Google will reply that the account doesn’t exist. It’s the same with calling (every carrier) and texting (at least with AT&T; I just tested it)
It might depend on your IP and other factors. I tried to make a new one about a year ago and could not do it without phone verification.
Maybe they'll let you sign up without a phone number via Tor or something though.
It's not just Facebook that requires a phone verification now, I can't even make a Google or Yahoo Japan account without it. At least on these services you can "reuse" previously used numbers by unlinking them, at least a few times. But services like Discord lets you verify with each number once and only once as far as I know.
On the one hand I get that there's a room for abuse by spams, but on the other hand, I really wish I could freely sign up to services.
I have an old Facebook account without a phone number linked to it. Every time I log on they badger me to link a phone number. Recently the field is pre-filled with a phone number I use that I never explicitly gave them...
If it is possible to make a new account without a number I am assuming it is not made easy.
I would be very surprised if it weren't browser prefilled. Although scummy things like that are not unusual when it comes to facebook, maybe they took it from instagram or whatsapp.
Attitudes have changed. A friend recently posted a newspaper clipping from nearly 40 years ago when he won some sort of "attractive baby" competition in Guildford, UK. The paper included his name and full address. Can you imagine that now and the "BUT WHAT ABOUT THE PEDOS!" response it would illicit!
I get it that the right to privacy has not been such a priority in the past, especially outside Europe, but there's nothing wrong in trying to strengthen it.
What was maybe fine a couple decades ago is no longer fine in a world where anyone from any jurisdiction in the world can abuse your privacy for fun and profit.
There's a reason why the most famous confidence tricks have names that go back hundreds of years (eg, spanish prisoner) and there's fun named people like Soapy Smith that mastered things like mock auctions https://en.wikipedia.org/wiki/Soapy_Smith or "Kid Dropper" named after his love of the "drop swindle" scam: https://en.wikipedia.org/wiki/Nathan_Kaplan
The idea that we need to "lockdown" things because we live in unprecedented times relies on someone not really reading any history. Things are relatively pretty safe these days.
The fact that these risks existed a century ago is a poor argument for suggesting they shouldn't be taken seriously in the present.
We live in an era where things can be done instantly online with sufficient information. A sophisticated conman from the 1800's can now execute fraud in seconds instead of plotting for weeks, and they can do so in an automated fashion. The risk isn't anywhere near the same.
A white pages phone book hooked up to pay phone is bound to the region in which it is distributed. A bug on a website that links phone number to full name is exposed on a global scale. Not to mention, a landline number is not anything like a mobile phone number, which is a unique identifier to tons of PII.
Right but if I presented this problem to you without using the word "phone" I'm pretty sure the answer would be "throttle and rate limit" and ban for abuse, not kill off the feature.
These lists are still available for purchase and thus they are still available. I'm not a criminal so I don't know what websites to go to but I'd be shocked if a file with a name like "US-ATT-SUBSCRIBERS-2020-12.sql.gz" doesn't exist.
As an example, my friends pool together as a "family plan" and we get a discount. I frequently get texts and calls from people asking for the person who pays the account. I don't use their name in anything I sign up for and they don't use my number. We don't even live at the same address - the phone bill is literally the only paper trail that connects us.
Therefore, the only way this mistake is possible is if these marketers bought the subscriber list or found a copy online somewhere.
There was also opt-out, even decades ago. You could tell the phone company that you wanted an unlisted number, and you would be excluded from the phone book.
You can do that with Facebook, too. In fact, Facebook does not know and has never known my phone number.
Or rather, I'm sure it does know because my friends have me in their contact lists and shared that with Facebook, but it's not tied to my account in any UI way. I didn't have to opt out because I never even opted in.
> Y'all know we used to publish everybody's phone number in a book along with their address and then distribute copies to every household, right?
By user choice. You had to register your phone number and address to be in that book.
It was immediately obvious to everyone what was going on: everybody received the same complete book of information and knew how that was published, with at least a system of opting-out (it was always opt-in, from what I remember).
We did it for many decades and it was fine. Every pay phone, which was a phone anyone with a couple coins could make anonymous calls from, had this giant book right there for your reference. Everyone knows this, right?
If you didn't know someone's number you could look it up and call them. They wouldn't have caller ID so you'd identify yourself and then you could talk to them.
This was 99.99% of the time not a problem.
We need to stop freaking out about a "security vulnerability" that does 1/50th of a system that everyone used mostly without incident for decades.
Besides, none of this information is actually private now, it's all still for sale. These companies freak out about this stuff because your data is their product, it's not supposed to be free.