Our IMEI is your SSN
When governments rolled out social security numbers in the 1960s, privacy activists warned it would allow bureaucrats to learn everything about us. (SSN in USA, SIN in Canada.) End-times enthusiasts warned that this was the 666-like "mark of the beast," without which, the Book of Revelations apparently predicted, no one would be able to buy and sell -- buy, like food, and sell, like hold a job.
With sufficient government oversight, SIN numbers are now required only for financial transactions, such as holding a bank account and doing our taxes. Laws prohibit unnecessary use, such as by rental landlords and grocery store points programs.
Which is a problem for pan-national agencies like Facebook, who want to track us everywhere. A SIN is good only in one country and is illegal for them to use, in any case. What in the last decade has steadily replaced the SIN as a world-wide identity number? Our cell phone numbers (h/t Dare Obasanjo).
While many sites suggest (or require) that we enter our email address as our uid [user identification], the cell phone number is even better at identifying who we are, what we do, and where we go. The IMEI-as-SIN problem lept onto the front pages after Facebook screwed us over our privacy, again. (IMEI is the unique serial-style number assigned to every cell phone ever manufactured.) I think Facebook is averaging an oopsie, what, one every six weeks now?
Two-factor authentication (2FA) is a better way to keep the unwanted out of your accounts. The first factor is that you give the Web site a password; the second factor is to provide them with your cell phone number so that they can text you a query: is it really you wanting access?
2FA is better than 1FA, although it fails should someone get access to your phone, which isn't all that unlikely. Privacy Matters notes that the 2FA-failure problem get worse due to cell phone number recycling.
The solution is to have a second set of email addresses and phone numbers for 2FA use. It is easy to have burner email addresses because they are free, but it there is a cost to owning a burner-style phone with an active number. Here in Canada, the cheapest plan is $100 a year. Subrahmanyam Kvj suggests tech companies hostile to Facebook should hand out free numbers, such as from Google Voice.
Nevertheless, we can count on Facebook to turn our (somewhat private) cell phone numbers into advertising beacons. Once you provide your phone number to Facebook for 2FA purposes, advertisers have access to it within two week (h/t Gizmodo). Once you realize your mistake in giving Facebook your golden keys accidentally, TechCrunch found that Facebook does not permit you to completely hide it from friends and non-friends alike.
In its traditionally robot-like manner, Facebook says it's not sorry: “We appreciate the feedback we’ve received about these settings and will take it into account.”
Even when you avoid giving the mothership your phone number, Facebook gets its Instagram subsidiary to innocuously ask, "Hey, by the way, would this happen to be your phone number?" And then you find yourself handing out the same phone number to your car repair place and the electrician, all of whom may or may not be feeding the info back to Facebook.
As Facebook becomes ever more frantic at undermining our personal lives, I fully expect them to access the motherload of all cell phone numbers, WhatsApp. So far, they haven't, but only due to technical problems, not moral ones.
Antonio Garca Martnez says, "It's not just bad, it's dumb. The fraction of users that have 2FA enabled must be small, so the usage gain is minimal, while the PR risk is huge. Dumb trade-off. Assuming it wasn't just: team A writes 2FA #s to database; team B, 'Oh lookie here, new data to use!'"
Ryan Ford summarizes what happens with Facebook: “Give us a number to secure your account.”
Okay, here you go. “Cool. So we're going to use this for ads and make everybody able to look you up with it too. Also security, I guess.”
No, that's not what you said. “Sorry can't hear you la la la la la.”
Comments