I've never been an FB "person", but maybe 6-7 years ago the local running club moved to scheduling everything on FB. For a while, the page was "public", but then you had to have an account (which required a phone number) to see anything other than the club's "landing page". So I ended up making an FB account which I've only ever used to be able to see the club pages (I haven't ever posted anything!) -- dumb of me I know, but FB had almost become a requirement to participate in life.
However recently, I've noticed that I now get a couple of junk text every day or two whereas up until a few weeks ago, I don't think I'd ever had a single junk text.
The cost of sending texts has gone to effectively zero, so there's no barrier to someone sending one to all the numbers in sequence. At least, until the phone company catches on and blocks you.
The one I got late last night was pretending to be from the US Postal Service, prompting me to click on an anonymous link in order to "rescedule delivery"
Going to get worse SCOTUS just ruled saying a very strict reading definition on robocall to be only random or sequential numbers. So if you already have a list say bought from a 3rd party company of all the phones in the US sounds like you can bulk send now no repercussions.
In my field - politics - campaigns use tools like Hustle which are basically mechanical turk clickers to get around these rules. I'm thinking personally this will change...
I haven’t seen a clear analysis of the decision’s impact. I’ve read it, it’s quite brief. As I understand it, this decision essentially guts the blanket prohibition on spam text messages to cell phones. The rest of the law refers to restrictions on calls to “residential” phone lines, which does not include cell phones, so it’s not clear that there are any other limitations on texts to cell phones - do you see it differently?
This brings up the side issue that the act doesn’t ever mention text messages at all ... everyone has interpreted them to be covered as if they were phone calls, but that’s never been tested at the Supreme Court level.
The decision was unanimous and is really the only possible conclusion from a plain reading of the law. The court didn’t “gut” anything, it’s just a bad law. It’s up to Congress to enact a law that says what they actually want the law to do.
That's because Congress has abdicated its role and we live in a appartjik state where the executive appoints the judicial body and the judicial body legislates from the bench while the admin creates executive actions or has agencies create rules that have the weight of laws.
The system will continue to not work when Congress does not do it's job.
It gutted it, in the sense that we've been operating under an interpretation of the law for the past 20 years and this ruling changes that interpretation dramatically. The law wasn't so much badly written, as technology has completely changed in the time since then.
As an example, if this law were written today, I'm not sure that cell phones would get special status. They were put in the same category as medical emergency lines, because "radiotelephones" were very rare and expensive to operate, whereas today every 12 year old has one.
No, the law was badly written, at least if the goal is to limit all robocalling and not just robocalling using sequential or randomized numbers.
The law essentially says "it is illegal to call someone using an autodialer, where an autodialer is a device that makes calls to phone numbers using a sequential or randomized algorithm." It's pretty clear then that automatically dialing from a prepared list of actual phone numbers is not against this law. If they wanted it to cover the latter case, they could have easily included that in the law, even 20+ years ago.
That's interesting. SMS wholesale prices in my part of the world (Western Europe) are still at around $0.07. This seems to indicate some kind of market failure. But whatever it is, it's fine by me, as I can still count the number of spam/scam text message I ever received on one hand.
So how can we cause the email market to fail in a similar way? ;-)
I’m not sure spammers pay wholesale rates. Pretty sure they purchase the cheapest SIM cards with unlimited texts and put them in gsm modems which spam out texts.
In Australia a SIM card can be purchased retail, with unlimited texts for $5.
At 750~ texts sent you’ve already beat that wholesale rate. That’s approximately one an hour, over the month. I’d be surprised if they couldn’t pump much larger volumes.
Wouldn't they block you or something if you send hundreds of thousands of texts to random numbers? It can't be that there isn't some kind of a monitoring system on the consumer SIM cards.
How many obvious spam text messages have you received? And how many have you reported to your telco provider....
You’re putting a lot of faith in telcos to care enough to put systems in place.
And spammers will burn through sims. They are looking for the most lax network for sending. Presumably the receiving network can block texts arriving, but wouldn’t actually stop a number on a competing network from being able to send messages (but would likely flag it to them).
And then there’s the time delay to be exploited. If it takes 3 days for a number to get blocked, can you send enough messages in that period to make it worthwhile?
> That's interesting. SMS wholesale prices in my part of the world (Western Europe) are still at around $0.07.
Isn't it rather they was it is supposed to be? - "Everybody" uses messengers for communication. SMS has lost that battle. Whoever uses SMS does so due to a need.
In the US, pretty much everyone I know uses SMS/iMessage (in addition to the use of SMS for verification, appointment reminders, etc.) The main exception is Google Chat at work because we use GSuite. Sometimes Twitter DM if I don't have someone's email handy. But I have a total of 1 friend in Europe who I use Facebook Messenger with.
I've known about this for awhile now but having only lived in countries where absolutely everyone uses a messaging app (particular app differing per country) it still baffles me every single time I hear about it.
How do you handle group chats? Especially with more than a couple of people? Is sending pictures and videos included with your plans too? If not how do you handle those? How about video calling? Sending a file e.g. an Excel file?
Let alone features like easily creating a vote/poll, a calendar event, a banner notification..
I get that most of these features may not be useful to everyone but surely they are to groups of teens and college students, demographics that have shown to often drive growth in communication apps.
We'll sometimes do SMS group chats with a small number of people. For videos, other files, scheduling video calls, etc. we mostly just use email. For video calling, we use Zoom, Google Meet, etc. I'm not sure I've ever seen someone doing a poll outside of Twitter.
No, many of my peers (30somethings in midwestern US) default to SMS. The only platforms you can guarantee everyone in a group can be expected to have are email, SMS, or phone calls, so for informal social stuff we end up in a text message thread.
You can explain to your friends that group text messages are horrible, and there are far better ways of having daily conversations with separate threads.
Nearly all of my 40 something friends from the Midwest have both telegram and discord, however telegram is primarily used as its just better on mobile. We have groups for all kinds of topics, cars, garden, tv, movies, sports, politics (ewww), etc. If you aren't interested in lawncare simply leave or mute the group in remain in touch via other mutual groups. The only guy not in the group is someone who still prefers phone calls.
I've yet to not be able to convince someone that separate threads/groups is way better than a bulk text group.
That's interesting. Where I live I have unlimited text messages and minutes for €5/month. So whenever I want to text someone, I just use SMS - I don't have to think if they use Whatsapp, Messenger or something else. (Apple hijacks them but is doing so more or less transparently, so I don't mind.)
I think the opposite is true: still quite high costs are the cause of SMS spam. If the carriers did not profit from this, they would have destroyed SMS spam as a phenomenon on the same day.
AT&T, Verizon, US Cellular and T-Mobile have all imposed fees on Application to Person SMSes, so they definitely are making more money off this: https://www.plivo.com/blog/a2p-10dlc/
> However recently, I've noticed that I now get a couple of junk text every day or two whereas up until a few weeks ago, I don't think I'd ever had a single junk text.
I think this is a symptom of living in the US. Been receiving robocalls and text messages all the time since I moved here.
You also have to consider that someone somewhere probably had your phone number before you did. There's no telling what the previous person did with that number.
I get an infinite amount of spam texts and I don't have a Facebook account. (I did have one in college when it first came out, but I don't think I gave them my phone number, and if I did, that phone number is no longer in use. I switch phone numbers every time I switch cell providers.)
I'm sure they have plenty of information on me. I doubt that it is the primary source of spam texts, that's all I'm saying.
Many of my spam texts seem to know what state I'm in despite my area code being assigned to a different state, so I'm guessing they get them from voter records, political donations, that sort of thing.
Why are so many HN users against Facebook, and quick to reassure others that they only signed up out of necessity? FB & Instagram present a perfectly acceptable entertainment vs privacy trade off. Sure, it’s also a waste of time, but so is everything else you don’t like.
Because the network effect reduces choice and competition. I don’t get to vote with my wallet with Facebook. I can participate in society or not have Facebook.
My mom was recently told by a state elected representative that she would have to contact them through Facebook to provide feedback on legislation. This is not a “valid tradeoff” nor does it have to do with “entertainment”.
That was one example, and personally, not a strong one. That does not stop one from participating in society. Society is much larger than the single example provided.
I miss parties my friends throw because I'm not on FB.
I miss neighborhood activities such as coordinated yard sales because I'm not on FB.
I miss out on events from my local Hackerspace because they often forget to post on anything but FB.
I miss out on family reunions because I'm not on FB.
I miss announcements from my kid's fucking school because I'm not on FB.
These are all things that have happened to me, personally. Sure, I'm a single data point, but if the above isn't society enough for you than I'd be interesting in what your definition is.
Two data points. I briefly caved and created a FB account, and I'm grateful for some of the life events that occurred as a result, but I couldn't handle it any longer and closed it.
And now I'm missing out on virtually everything related to my family, my hobbies, the club I helped found.
A citizen being unable to contact their elected official about legislation that could have an impact on their life because said elected official only uses Facebook as a contact page isn’t a strong example?
I highly doubt congress critters are only using facebook for communicating with their constituents. While the staff member may prefer people to use FB, the reps still have email, phone numbers, and physical mail addresses.
Facebook knows where you live, where you shop, who you meet, what you say, what you buy, where you go – perhaps when you wake and sleep –… and in exchange, you get some chat rooms, a MySpace page, advertised at, and to be a non-consensual subject in psychological experiments. (Libel notice: they might not do the last one much any more.)
> ... be a non-consensual subject in psychological experiments.
This makes me think of this one fascinating/frightening prospect I sense in respect to the vast collections of data of human behaviour which the big tech corporations have:
The data that Google and Facebook posess are so rich that they'd allow very insightful analyses of human behaviour.
I recon there are so many small questions about why people do what they do, how their whole personalities are wired, how they influence each other through internet/analog interactions, how societies develop dynamically through which mechanisms.
Many of these questions are being studied by scientists at universities but they usually don't have the same huge/rich data sets that the internet giants have.
So Facebook & Co have a huge advantage in understanding all these things about humans over public research. But whenever they actually do some analysis and get answers, the result is by default internal knowledge that remains unknown to the public.
Also, most of their analyses will be driven by commercial interest, rather than seeking anwers to philosophical questions that don't promise financial returns.
There are many questions about our world that could have been answered since years, using all this data ... but they haven't been and might never be.
Letting some big company have the power of understanding how people tick better than any other agent in the world. A thrilling prospect.
Even you don't sign up for FB, they keep a shadow profile on you from activity from people searching for you.
Even if you don't sign up for FB, they get your contact information from your friends. (That might just be WhatsApp, but at least one of the two gives people the "opportunity" to upload their contact list to find matches.)
Sure, FB knows a lot less about me than they could, but keeping off their radar entirely is effectively impossible.
Just loading a page that has the embedded Facebook Like button generates data points on you regarding your browsing and purchase history. I'm not sure if they can/do read the contents of a checkout form, but it would be simple to infer coarse location and strong identity from that.
You don't need to read the contents of a checkout form when the company just gives you the data. (Companies upload their customer lists, so Facebook can compute “conversions”. But, of course, Facebook doesn't let companies download the data Facebook has, and compare on their end… that would be a violation of privacy!)
See Facebook "shadow profiles", data collected on persons either through third-party activity (though the profiled individual is on Facebook), OR on persons not using Facebook at all.
Because this morning I tried to post a link to a Social science podcast from sage publishing and it was blocked because it violated community standards.. The topic, Unobtrusive resistance of people without formal power..
(and meanwhile on the FB watch video tab that no one asked for, "he thought she put the whole think up there XD. for entertainment only."(lady standing over coke bottle))
CA was a 3rd party developer that misused data users authorized them to use and it happened 10 years ago when FB was still essentially a startup. They’ve come a very long way.
I have also noticed this the past couple weeks. I don’t think it’s related to Facebook- I deleted my Facebook account before 2019. However, I’ve also recently had discussions with Twilio (all of the below is non-confidential information according to our conversation):
The carriers are cracking down on sms spam. They are going to force registration of all businesses sending texts, not just with services like Twilio, but with them. And prices / rent-seeking from the carriers is going up - they are going to charge for each campaign/brand you run. So in the end you’ll see less spam, but texting will also cost more for companies that send them.
The initial rollout by AT&T was supposed to start 5/1, though that’s now been pushed back. Spammers are likely in their death throes, trying to get their last spam out before they get shut down or priced out.
To get an account on Facebook, one can use an email address to sign up (no phone number), and if the email address later becomes invalid, the Facebook account still remains viable. As such, a "disposable" email address should work for the purpose of obtaining a Facebook account. One need never log in to the "throwaway" email account ever again after the Facebook account is established.
If one really wanted to use a phone number for sign up, a disposable number such as a "burner" phone should work.
What does the email-only flow look like? Every time I've tried that I've been redirected to various kinds of "additional authorization" or "proof of identity" barriers and haven't been able to find a flow around them.
Not sure what the sign up flow looks like today. What I know is that in the past students created Facebook accounts^1 using their student email accounts. They graduated, the student email accounts were deleted, but their Facebook accounts continue to work today, even though they never updated their email addresses with Facebook or added phone numbers.
1. The website was originally created for students and sign up used to require a university email address.
I have been getting a lot of spam texts and also an unusually large spam calls from the social security administration. I tell teh guy/gal on the line every time to quit calling me because they are wasting their time and i know it's a scam, they keep calling...
I don't think the little guy that's calling you cares that much, or that the organization that runs the call center is organizaed well enough to receive a piece of information from the bottom end employee and act on it.
My RA at uni used Facebook to coordinate floor wide games and events. Several on campus organizations exclusively used Facebook to inform people of events.
FB was not a requirement for attending uni, but it was a requirement for being fully involved on my campus.
I don't really agree with rantwasp and in his/hers answer to you I don't understand what he is talking about lawsuits.
In my university (in Europe) not only several student organizations used exclusiveley Facebook, but professors (well students really) as well.
For example, we would be teams of maybe ~10 -20 people at a given hospital department and because situations were fluid and changes constant we needed to coordinate. Times of impromtu lectures obviously weren't set, patients that may be of interest for all to see & know the case etc were always changing. The doctors would inform one student and then depend on the students informing each other for all these things and guess what they used. Facebook & messenger.
In this situation the only out was depending on a person who had a fb account to inform me which did add extra difficulties. That is what I did mostly but it wasn't easy.
That sounds horrible. Universities — especially public ones — should relay communications through either open standards (email) or through a university maintained website.
My university in Canada did well in this respect. I would have thought that European universities would be “enlightened” to the fact that using a private company to relay university communications is a mistake.
I'm at a public University in Europe and can say that we do occasionally rely on third parties, but only such third parties with which we have an appropriate contract.
We also have self-hosted equivalent for almost everything and a quick email to the data protection officer will get problems rectified swiftly.
Most student organizations are also very mindful about not using third party services for their events. However, we often get the feedback that many students would rather we just use Discord rather than Mattermost/Jitsu/...
sounds like a lawsuit waiting to happen if you ask me. How is uni tied to a crappy corporation?
i’m gonna bet you real money that 1) either they had multiple channels (ie you didn’t really need FB) or 2) they will pay legal fees through their noses once the shit hits the proverbial fan.
That would depend on where the parent is from. In Germany you would absolutely have a case if your public University tried to make you use Facebook. In fact, you could probably skip the lawsuit and just report it to the appropriate authority.
I don't think any public university is making someone use Facebook. The issue is that every single event is posted on Facebook so your options are either 1. create a Facebook so you can find out, 2. don't participate, or 3. inconvenience your friends by asking them to tell you about all the events.
There are cases where there might be a basis for a lawsuit (some professor at a public university hiding in Facebook)
But for the way the student leaning group organizes or the restaurant down the road takes reservation or what medium is used by the parents of my child's school class to discuss things is not a legal concern.
> i’m gonna bet you real money that 1) either they had multiple channels (ie you didn’t really need FB) or 2) they will pay legal fees through their noses once the shit hits the proverbial fan.
I'm interested in this bet. How much and what are the terms?
Not tied to uni but virtually mandatory to participate in social events. Sure you can just say to simply opt out but then it might be more difficult to socialize.
A friend of mine successfully quit for years. He moved to a small town recently made a new account because "small towns apparently run on Facebook".
While but true for everyone it's true in some places
Those don't discount Facebook being required. Fortunately this place didn't require hardcore christianity. (I'm hopeful it's not filled with white supremacists, time will tell)
What country are you in? In the US everything school related goes onto Canvas, Blackboard or Moodle. There's some other tools people use as well (Piazza being popular at some schools), but I've never heard of school info going primarily on Facebook, even for study groups.
nah. let’s not compare electricity to a bloated social media platform. if FB goes away tomorrow we can pretty much keep going. if electricity goes away our society would crumble.
I’d use “grid electricity” as my example. You can generate your own in the right circumstances, with a lot of benefits, but it can make things kinda difficult.
it does not. FB becoming a requirement is such a 1st world problem. Try living without clean water and come back to lecture me about “increased difficulty”
I am not arguing with you. I am pointing out FB is a POS and that it should not be required. Period.
Anything that uses FB as a way of keeping people informed should use at least another channel to disseminate that information, preferably not tied to big corporations.
one person that has the ethic compass to let you know when things are happening + someone who shows and loudly complains is enough to enact change.
i swear that people nowadays would sell their soul to the devil just to not go though minor inconveniences.
Partially! People of that age group don't trade phone numbers anymore. Nor are email threads a thing. The only thing unseating FB right now is Discord.
Great. When I was in high school, Facebook was used for organizing all the student activities. I didn't have Facebook and of course people said they'd let me know through other means. Spoiler alert: they almost never did.
So the alternative was to either bite the bullet and create a Facebook account or be left out of a ton of activities. And no, making them go somewhere else wasn't an option. I didn't have any leverage in that negotiation.
I can appreciate that by giving in I am at worst part of the problem and maybe today I'd do it differently, but I really didn't fancy crippling my social life and I wouldn't blame anyone for making that choice.
Maybe that would work now (while nowadays some people look confussed at me that I don't have an instagram account) but at least ten years ago that brought a reaction like "weirdo" and people continued to use their group. In some cases you have a friend who relates messages to you.
In these days, where in presence school in many places doesn't happen students know each other only virtually, if you don't hang out where the crowd is, there is no chance of getting information.
If some group of friends shuns you because they insist on you using Facebook, then I have bad news for you: they might not be such good friends as you think.
I’ve been off FB for close to 10 years now and I can say with confidence that it has not had any measurable detrimental effect on my social life. My friends know I’m not there and know how to contact me, and they do. An event that is exclusively organized on FB is not an event I want to participate in, so I don’t. Dumping FB probably improved my social life and mental health since I’m not wasting so much life “scrolling the feed” anymore.
I can tell you why. It's because you gave FB your personal phone number, while any number would work, e.g. a prepaid sim card (a one time 15 bucks expense).
I signed up before Facebook ever required phone numbers.
I never gave Facebook my phone number.
I never had a Facebook app on any Android device, ever.
When I use Facebook, it's in a sandboxed browser that I never log into any other site with.
Facebook, for a time, started autofilling a prompt with my phone number, asking me to complete my account setup.
When Facebook has an app and all the people you know send their contacts to it, they don't need you to give them your phone number for them to have it.
I did some research and it seemed as though the companies would auto-renew and make it incredibly tough to close the accounts. I wouldn’t be surprised if some went so far as to send people to collections for “fees”.
There’s no auto renewal, contract, or collections for a prepaid sim. In most states you don’t even show ID to get one. Just give whatever name you’d like on the caller ID and pay the first month.
Or a Walmart. Years ago, before Google Voice, I got one because I needed a local area code number for my apartment's buzzer. Mainly to see that if I could do it, I did things as anonymously as possible: bought a Tracphone at Walmart with cash. Turns out you needed an existing phone number to activate it, so I used the payphone that was outside a nearby gas station.
Used that method as my primary cell phone contract for many years.
I haven't looked into it recently, but it must be easy. Many games have SMS verification for accounts, and it seems that every person that streams those games has like 10 accounts.
With the amount of facial recognition going on at large stores....probably a good bet. I'm not so concerned with the privacy as the ability to cancel without repeated 30 minute phonecalls to customer service.
Please be aware that this is not true for all countries. I can, for example, not get a SIM without submitting ID and proof of residence (if not already covered by ID).
There's a good discussion on this by Troy Hunt[1].
> But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.[2]
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too. This data is everywhere already.[3]
> New breach: Facebook had 2.5M addresses exposed in an incident that impacted 533M subscribers' phone numbers. Most records contained name and gender, many also included DoB, location, relationship status and employer. 65% were already in @haveibeenpwned[4]
> If we look at the data, email is rare, DoB is rare so the greatest impact here is the phone numbers. Even though it’s “only” 20% of FB users, the number is obviously substantial thus so is the impact[5]
Anyone know if Haveibeenpwned will have this type of info? I'm super curious to search my name, warn people i know, etc - but i'm not sure i want to search for and/or download the data.
What's a good way to know if myself or my loved ones are in it?
"I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly."
Seems he'll only add the records with email addresses and not phone numbers:
> And no, I have no intention of adding phone number search in the foreseeable future. There's a User Voice suggestion for that and a comment from me which boils down to "much higher work and much lower value"
Not sure how this is too much work unless everything is tightly coupled with relating an email address to everything in their database and not a keyword to search for.
Seems the difficult work is normalizing all of the data and making it easily searchable for all:
> I also can’t parse the, out with a regex like I can an email address as they don’t adhere to a consistent format. Further, the inconsistencies in format make searching difficult as they’d have to be “normalised” and that’s something that’s very country (and even region) specific.
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too.
I made a Google search 8 hours ago. There were 10 pages hits of link spammers where you have won an Iphone, but they don't have the data. So, yes public interest seems big. I wonder why Google cannot catch those, after opening the first one I could recognize the rest from the address and the snippet. Google did not have a correct link that still had the data. Maybe they are not publishing those, getting bad reputation to big data is not exactly in their interest.
Not just Zuckerberg's, but Dustin Moskovitz and Chris Hughes are there as well. Interesting to see who has low user IDs in the dump.
Also mildly entertaining to see some names that are probably test accounts now associated with Facebook people in Google as people try to see who they are.
What a useless screenshot. Sure if we believe him then he actually added Zuck's number into his address book and he got this notification from Signal. But if I want to doctor a screenshot like this, I can rename my non-Signal-using friend in my address book to "Zuck", and make my friend install Signal, and voila, "Zuck is now using Signal"...
I’ll take it. “Thank you for calling the executive office complaint line. To file a priority incident at the cost of $99, enter your visa/MasterCard number now”
Saying "the executive office complaint line" isn't implying it's Facebook's complaint line. There is no legal obligation for the person on the other end of a call to be who you expect.
Who would even assume that such a thing would not be outsourced if it were affiliated?
And "a priority incident" can't be a misrepresentation inasmuch as "priority" is inherently relative.
As a matter of "legal realism" people might be right that it would land you in prison if you are just Joe/Jane Schmoe. But I see absolutely no logical justification for that when companies do things at least as shady all the time without serious consequences.
Is the phone number really that big an issue? I mean here phone numbers are 8 digits, randomly guess a phone number will almost certainly result in a working number.
The spam I see and hear about is just random dialing from Albanian numbers, hoping that you’ll call back.
sure any random phone number will connect. the point is that you know WHO the number belongs to. lots and lots and lots of places use phone number for auth. as a trivial example, calling to activate a new credit card.
Isn’t that mostly you calling in and not the other way around?
It might depend on your country, but I can’t think of a single service where you’re required to make a call anymore, it’s all online. There might be a few services for the elderly and handicaped, but again that’s you calling in.
I would take it and just automatically send all calls to voicemail and archive the text messages.
It will be a more modern '867-5309', however instead of people searching for love it will be a consolidation of the collective hate for a single entity/person.
Good comment. Why do people care if their phone number gets leaked? There use to be a yellow page book with everybody’s phone number. Also, phone numbers are not identities. I change phone number every year on average.
Many people never change phone numbers. I've had the same cell phone number since I was a teenager, and I suspect I will have it until I die.
It's the most identifiable thing about me other than my social security number. Even my driver's license number has changed more than my cell phone, and I don't always have a valid passport.
Typically don't just contain phone number or email, but also some other pieces of personal information. For example in this case it included at least the Facebook user id. This can give other tidbits of info like when you established you account, about your education, about your age etc.
Determined person can use the various leaks and other data sources to collect more detailed profile of you (and millions of others). This will eventually allow them to setup more targeted and personalized spam or phishing campaigns.
This is why I call for zero-knowledge information exchange, decentralization, and genuine end-to-end encryption. The most secure data is data you don't have, and any company which claims to store data "securely" is grossly irresponsible. Even the world's largest tech companies with access to truly staggering engineering budgets can and will leak your data. It's not if: it's when.
I’m curious to see if existing regulation in this regard has been effective. I know there is HIPAA, but does it actually reduce data leaks in the Health Care field?
I don't much care about my phone-number being leaked. Why because I don't answer my phone, unless I know who is calling. I do get lots of spam calls every day but thanks to my smart-phone spam-calls can be blocked. And if the hackers want to steal my identity, they cannot answer my phone and thus pretend to be me, can they?
Remember all phone-numbers used to be in a public book called "Phone Book".
Interesting. But isn't this more like something (re-routing of text-messages) that happens inside compromised telecom service-provider? If they can hack the telecom-provider they don't need to get my phone-number from Facebook.
I haven't read the article in detail, but I think the point is some versions of this attack can be carried out by pure social engineering. Go into a store, claim to be you, talk your way out of giving ID, then get a new SIM card associated with your number and walk out with it. In this case, name+number is indeed helpful info for the attack since it doesn't involve any actual "hacking" in the computer security sense.
Just putting this out there - I still haven't received any kind of message from Facebook about the breach... I'm pretty sure in some Countries they have an obligation to notify users.
in the EU, you have to notify your users about their data being compromised, otherwise you risk being sued for a LOT. Not facebook-hurting amounts, but not nothing.
I'm not on Facebook for 2years, but I'm thinking about downloading the database just to see If I'm in it. I don't care about other records. Or do I have other options to figure it out?
Edit: I forgot about haveibeenpwned.com. Any info about when they will add this leak?
Edit2: Haveibeenpwned added 2.5 million email addresses. But it's possible that my record doesn't have email.
Thanks. I just found my backup file(exported from Facebook when I deleted the account) and it's dated September 2016, so it's actually 4.5 years. Time flies and I don't regret that decision at all!
You can FaceTime call a person using their email as identifier, or use voice call button in whatever IM they're using. If all these internet communications were interconnected, we would not need phone numbers anymore.
UUIDs are horrible. While a computer doesn't really care about the way an identifier looks, humans sometimes do need to look at them and operate on them (compare them, transcribe them, dictate them, recognize them).
When I opened this post, I saw it was much wider than any post I have seen on hackernews. I tried looking into the css, I thought it was somehow different, for whatever reason.
I could not find anything and then I encountered your comment. Apparently, your unbreakable long word makes the site very wide.
I didn't know comments can affect how wide the page borders are. Is this not bad UI? I am unsure who to ask.
It's a bug. If anyone can figure out how to fix it without breaking something else, it would be great to hear about that at hn@ycombinator.com. My CSS is too meagre.
But I think in 2021, I'd be fine with a phone "number" in UUID format, because I can always send it by computer to anyone who needs it. The added inconvenience is easily worth not getting several spam calls a day.
I wish we all had SIP and our own gateways, we could ditch the carriers, the central directories, automate the dropping of SPAM, encrypt our calls with PGP, serve our keys and end points in DNS and just take calls at our email address.
The data is missing some people like former Facebook executive Jay Parikh. One possibility: they never put in a phone number into their Facebook account.
Me too. 35 millions of italian user is really near the 100% of italian internet users. So I need to understand how many info about me and my family are on the web.
Thank you, I am now downloading all the available data, can’t wait to play around with it.
One of the annoying things is that there's a timestamp making up the 10th column that has ':' in it, but the delimiter for the fields is also ':', so it makes a clean import to a database a bit of a hassle as the file may need some processing, probably will just do a find and replace as all the time stamps seem to be 12:00:00 AM. The column holding the current employment is also problematic.
I haven't seen the data yet and there's likely a better way of doing this, but worst case - couldn't you just script replacing :00: with -00- (through :59:)? Then, if you wanted, replace ':' with a better delimiter and then replace the -00- back to :00:?
I'm assuming there's a better way w/ regex but I'm not great with regex. Could probably find that with a few minutes of google though, just replacing the pattern of :##: with -##- using numeric wildcards.
I can say that this is interesting; the founder of Facebook itself is a victim of a leaked data. I wonder how much would it cost to buy Mark Zuckerberg's phone number?
I need to know what I need to protect my family and in-laws against this time.
Edit:
- yes, I also immediately downloaded the "manifesto" of the mad bomber in Norway ten years ago, not because I admired him but because I despised him.
- Troy Hunt keeps downloading data sets with peoples personal details (logins even) and is not getting into any kind of newsworthy trouble.
There are things you should be very careful with, both in physics (don't hoard fissil material), chemistry (same with various poisons), biology (don't try to get hold of smallpox etc) - and data science (certain images are forbidden for what I think is good reasons), but I don't expect police to show up on my door because I have downloaded a publicly available data set and grepped relevant names from it and then forwarded the relevant lines to the ones I found.
Edit 2:
I also had a copy of MyDoom somewhere, I think on a disk that is broken now. Never got in trouble for that either despite telling people.
Maybe don't say it online under an identity that is strongly linked to a piece of meat that might be put punished ;-)
Downloading illegal data is not research, particularly if you're not a security researcher. Research has ethical boards for exactly this reason.
Those certain images you described are publicly available too. That doesn't make downloading them _legal_.
The fact is you've a dataset containing personal data of millions of people is obviously illegal -- why this didn't raise red flags in your mind is curious.
Edit: I'd certainly not expect police to kick your door in either, much like if you pirated a movie.
If this were a game of intrigue, it would provide plausible deniability for anybody who got caught with his contacts. Would have been fun to include that in the article.
However recently, I've noticed that I now get a couple of junk text every day or two whereas up until a few weeks ago, I don't think I'd ever had a single junk text.
I wonder if this is why.