Phone numbers social security numbers
Stop making personal information into digital ids because when it inevitably ends up in some kind of data breach. These companies all throw their hands up saying sucks to be you.
Yeah, just generate a unique ID and ask only for the information you actually need.
Nah, man. Gotta get my $2.97 check.
Computer technology is fundamentally insecure so long as everything is connected all the time. It drives me mental that idiots keep trying to foist the whole of human society onto devices which are clearly unfit for the task.
Bane of my life as about a year ago my dad switched his sim and immediately started pestering me about not being able to log into his accounts.
Yes he got rid of the old number completly and expected me to somehow make his logins work. This is still going on to this day when he complains to me something doesn’t work it’s because he’s tied it to his old phone number.
It’s not an accident. They’re not stupid. It is intentional. They want your personal information. Most of your personal information is tied to your email but it’s easy enough to spin up an alias to sign in with. Requiring a phone number ensures that they know exactly who you are and can buy/sell/use your data accordingly. They also know what a giant pain in the dick it is to change your phone number. They also know sales conversion rates are much higher if they can get you on the phone. So yeah, they’re not going to stop doing that.
I absolutely love this.
I’m in a quest to find a good email provider that doesn’t ask for a cellphone or another email address while creating an account, cock.li used to do this but now it’s “getting back on its feet”
create 2 proton mail account und use each other as a backup e-mail
Don’t u need an existing email to bootstrap that process.
nope, you can skip for the first account and then validate after the fact
Selfhosted email I guess.
Is that even feasible without getting marked as spam by all the major players?
There used to be a way to make Google accounts with no number but that’s probably been patched. I generally refuse to add numbers if I can help it.
Proton, Mailbox & fastmail are all good options. Best way to avoid it is self-hosting but that is beyond most people (as in time-consuming).
Personally I use mailbox.org, it’s not free, but you are not the product
To the same audience: quit selling my fucking phone number!
I ditched a phone number I had for 10+ years because it was leaked everywhere. Only a few short months after updating my number with the DMV and a handful of other government agencies I started receiving scam calls/messages again.
At some point we need to adopt some fucking privacy laws. This is absolutely bonkers—is no one else fed up??
lists sourced from drivers licenses and motor vehicle registration records are literally sold by some states.
Yep, wish I’d known that a couple years ago.
quit
sellingdemanding my fucking phone number!FTFY
I have an app called Silence that lets me block calls from numbets not in my addreasbook. Highly recommended
https://github.com/x13a/Silence
Reminder: Dont blindly trust random internet sources!
I set my phone to decline calls from unknown callers years ago.
These calls are already illegal. I used to report them to the FTC but I never heard anything back so I have no idea what happens, but I presume nothing. If I had the time to take them, and if they spoke English, I would record them with the Cube ACR app (which no longer works) and convince them to incriminate themselves. Ask their name, company, location, time/date, whether they ran my number through the DNC registry.
At some point we need to adopt some fucking privacy laws. This is absolutely bonkers—is no one else fed up??
Look at you, trying to use the government to solve every day problems that face pretty much all of us.
Don’t you know we only focus on gridlock issues to distract us from real issues now?
I do, unfortunately.
Don’t worry, here in Europe we are full of privacy laws but I still receive tents of spam calls per day. Usually from non UE countries faking the number with my country numbers.
Anything with a London 020 number is guaranteed to be a man with an Indian accent pretending to be from British Telecom.
I’ve been considering getting a pager or a burner phone just for this
Most phones are dual Sim these days
Better to not associate this number to your main phone anyway. Less likelyhood to have the info stolen from you.
Can pagers receive text messages? I thought they are closed ecosystems, basically?
Internet security and internet privacy are only incompatible goals when combined with incompetency and shit user-exerience design.
This should be what digital ID looks like:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZ26+ARYJKwYBBAHaRw8BAQdAsUGMjbGNUyyz9PHsHKP4xj/tIfYIuHb4miPH 0iCPpu60K0VSUk9SOiBFYXJ0aC5leGUgaGFzIGNyYXNoZWQgPG5vQGVtYWlsLmV4 ZT6IcgQTFggAGgQLCQgHAhUIAhYBAhkBBYJnbr4BAp4BApsDAAoJEI6E3uMn31Z3 028BAM5o8ER0dqTsxFlZSgZOvvgFHGuy2eFgF3rULkGKl1KrAP9fdE7WwnYbBer/ AVmw5jr0P5m/XsEQQrSueuk/FLYBBbg4BGduvgESCisGAQQBl1UBBQEBB0BDR0Bv pf4jxbwp9rVowFTnL59NGqnnh6XyF/LjAoYDGgMBCAeIYQQYFggACQWCZ26+AQKb DAAKCRCOhN7jJ99Wd1dMAP45xmN03SodkWHi7PYOORqNXJUBdMzzfsRXdqE8ZXaW vAD+PqNqPcbwJYCOEAXkg7DlZ0SX3o9MViZLdzHFQ3TpUA8= =krDh -----END PGP PUBLIC KEY BLOCK-----
PGP Key Fingerprint: 857957d40f06cc816fd3d29a8e84dee327df5677
Should be good until quantum computers come around
Now type it a form that doesn’t allow copy and paste.
Or even just a paper form.
Why?
The California DMV requires you to renew your vehicle registration every year by paying with a bank account number (no card) which is like a 30ish digit number and they disable paste. If you get it wrong they won’t notify you in any way until you get pulled over by a cop who is one bad sneeze away from murdering you. It’s a great system.
I have renewed my CA registration with a credit card going back to at least 2016. A responsible driver would know their renewal failed when their registration document did not arrive via mail.
Nah dude fuck that. The burned of compliance with laws shouldn’t fall so hard on people.
Thanks, gonna need your phone number to verify that though.
No you don’t! That’s why we have key-signing parties!
I’m sad PGP didn’t become a popular way to log into websites. A challenge-response protocol could have even been built into web browsers. Big tech is reinventing that idea as Passkey, but with a very big tech flavor.
I mean, passkeys are… sort of… PGP… 🤷♂️
I’m already hearing about restrictions on exporting passkeys and some apps requiring that you’re not running a custom ROM on Android and stuff like that. Makes me worried they’re going to fuck that up and make it restrictive bs
Why should my OS be any of their concern?
I’m living this pain with a custom ROM already, with some banking stuff, Google Wallet, WhatsApp passkeys and I think Netflix (haven’t installed it) block you for tripping up Google’s security tests.
If passkeys become a big thing and they’ll start enforcing them and apps that have those security measures I’m going to fucking firebomb something. REEEEEE
Shit like this is why I don’t have a smartphone anymore. I have a brick phone that half the time I don’t even take out with me.
From what I heard passkeys need google services framework for some reason. Don’t know technical reasons behind it but I would assume its bs given its google.
Yes, they don’t work without Google Play Services. Google didn’t implement passkeys in Android, only their own services.
Passkeys or WebAuthn are an open web standard, and the implementation is flexible. An authenticator can be implemented in software, with a hardware system integrated into the client device, or off-device.
Exportability/portability of the passkey is up to the authenticator. Bitwarden already exports them, and other authenticators likely do, too.
WebAuthn relying parties (ie, web applications) make trust decisions by specifying characteristics of eligible authenticators & authentication responses & by checking data reported in the responses. Those decisions are left to the relying party’s discretion. I could imagine locked-down workplace environments allowing only company-approved configurations connect to internal systems.
WebAuthn has no bearing on whether an app runs on a custom platform: that’s entirely on the developer & platform capabilities to reveal customization.
Nah, there are more than enough algorithms available that won’t work on quantum computers, I’m not too worried about that
-----BEGIN PGP MESSAGE----- hF4D7cLqolaUp8cSAQdAOCdAgwhjdDgwk6TsYbey9XLZrKT7ny+KRAORyTPJsmUw Fl1llKK3dYtwrPDUts8CA71uU8D2SOWwrk/mrQxlrP/btjNNj6j1vXehQJ0+FIuc 0sBPAU3onDQoAiPLDU7qky1cgtbgitMp4nGEnZ48Xh8OhWS03d9YfU4iIIuf/AWA MTzzbMLZCLqZrIiJGyE2EgJOLIMAOToxidQ6Z/blrT6W9effeu4GwEB622O0eIv5 ct0jm/e2A6j1Gf/7UsnzeC21ME55/JkDIFQQ5ZrYqRGp9+M0yNHXIhJXQvO+QmHz 1CclNIdwbnupIIy0+eiy+Wn41An/IUV2NJy+bmCxRmqTXZyNrfnPMrelY5imknd9 1oZGuHc6tWqNq0ntjV1sBBsxHtAXtFIBWcqEmUgnpxEBglRxx20thoWvQINisCB4 9ptHAUM9Qjr3tWFdvL5MqOHZ14XQ65bbKXhx5MJmr5yijA== =JKT0 -----END PGP MESSAGE-----No one except this guy will be able to read this. Die out of curiosity muhahahaha
That… very thoughful… 😅
I’ll make sure to remember your kinds words and never give you up, and never let you down 😎
It is the same thing that happened with US Social Security Numbers, which were originally just tracking numbers for that one purpose that were coopted by capitalists and treated like something special.
I remember I was flipping through some of my mom’s old college stuff and there was a club that she was involved with and everyone listed their address and social security numbers. It was wild, no idea why they felt the need to collect socials. But this was a very long time ago.
It’s not just “capitalists” (whatever that means), every government agency seems to want it, employers and banks are required to ask for it, etc. It’s more than just “some people misused it,” we actually wrote it into regulations.
Are Internet security and Internet privacy incompatible goals?
They are if the security is tied to knowing that an account is a person.
