{"id":24484,"date":"2019-03-04T16:28:39","date_gmt":"2019-03-04T21:28:39","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=24484"},"modified":"2021-07-03T14:16:37","modified_gmt":"2021-07-03T18:16:37","slug":"facebook-and-phone-numbers","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/03\/04\/facebook-and-phone-numbers\/","title":{"rendered":"Facebook and Phone Numbers"},"content":{"rendered":"

Jeremy Burge<\/a>:<\/p>\n

For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there’s no way to disable that.<\/p>

Facebook 2FA numbers are also shared with Instagram which prompts you ‘is this your phone number?’ once you add to FB.<\/p>

The original FB phone number prompt never mentioned “and more”. It was shown for MONTHS before a link was added in September 2018 clarifying “actually we’ll use this wherever we damn well please”<\/p>

WhatsApp also shares phone numbers with Facebook<\/p>

Facebook shares phone numbers with advertisers<\/a><\/p><\/blockquote>\n\n

Update (2019-03-05): Zack Whittaker<\/a> (Hacker News<\/a>):<\/p>\n

\n

Alex Stamos, former chief security officer and now adjunct professor at Stanford University, also called out the practice in a tweet. “Facebook can’t credibly require two-factor for high-risk accounts without segmenting that from search and ads,” he said.<\/p>\n

Since Stamos left Facebook in August, Facebook has not hired a replacement chief security officer.<\/p>\n<\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

The lesson some people are going to take from this is that enabling two-factor authentication is for suckers.<\/p>\n<\/blockquote>\n\n

Nick Heer<\/a>:<\/p>\n

\n

Ever since fears about SIM hijacking began spreading, some people have been claiming that using SMS-based two-factor authentication is worse than not using two-factor at all. I think that’s silly and myopic. It is worth noting that SIM hijacking is pretty easy for someone who has access — directly or indirectly — to a carrier’s SIM backend. But the circumstances under which someone’s phone number would be hijacked are pretty rare for the vast majority of us. People who are connected with low character count or high-valued social media accounts, higher-ranking employees, activists, journalists, wealthy individuals, and public figures are more susceptible to these kinds of attacks. Most of us, however, are not any of these things, and will likely benefit from using any kind of two-factor authentication. You should use a code generator or a hardware mechanism like a YubiKey wherever you can, but SMS authentication is not necessarily terrible, and is likely not worse than using no verification at all.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"

Jeremy Burge: For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there’s no way to disable that.Facebook 2FA numbers are also shared with Instagram which prompts you ‘is this your phone number?’ once you add to FB.The original FB phone number prompt never […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-03-04T21:28:41Z","apple_news_api_id":"e9412cfd-1369-4ce6-84e2-0c0bc99ca7b3","apple_news_api_modified_at":"2021-07-03T18:16:40Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAQ==","apple_news_api_share_url":"https:\/\/apple.news\/A6UEs_RNpTOaE4gwLyZynsw","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[354,25,1286,355,48,1393,2090,96,1363],"class_list":["post-24484","post","type-post","status-publish","format-standard","hentry","category-technology","tag-advertising","tag-facebook","tag-instagram","tag-privacy","tag-security","tag-short-message-service-sms","tag-two-factor-authentication-2fa","tag-web","tag-whatsapp"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/24484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=24484"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/24484\/revisions"}],"predecessor-version":[{"id":24497,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/24484\/revisions\/24497"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=24484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=24484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=24484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}