• Follow us

Technology

Facebook's 2FA 'Security' Practices Violate User Privacy | Privacy

By John P. Mello Jr. Mar 5, 2019 10:56 AM PT

Facebook has undermined privacy on its network by exposing mobile phone numbers provided to secure user accounts through two-factor authentication. That's because anyone can use the numbers to look up a user's account. One doesn't even have to be a Facebook member to do so.

Moreover, there's no way to opt out of the setting, although it can be limited to "friends" only.

The security gaffe came to light Friday when Jeremy Burge, a UK entrepreneur, posted this tweet:

For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that. pic.twitter.com/zpYhuwADMS

— Jeremy Burge 🐥🧿 (@jeremyburge) March 1, 2019

The alert triggered responses that ranged from concern to outrage, including this tweet by Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, Chapel Hill:

See thread! Using security to further weaken privacy is a lousy move—especially since phone numbers can be hijacked to weaken security. Putting people at risk. What say you @facebook? https://t.co/9qKtTodkRD

— zeynep tufekci (@zeynep) March 2, 2019

The settings that expose user accounts through the phone numbers are "nothing new" and they apply to any phone number added to a profile, said Facebook spokesperson Jay Nancarrow, according to a TechCrunch report.

Facebook did not respond to our request to comment for this story.

Just a Bug

Two-factor authentication is a technique for securing online accounts. When a user logs into an account, in addition to their user word and password, a code is sent -- typically in an SMS text message to a mobile phone -- that serves as an additional security layer.

After Facebook introduced 2FA, it relentlessly encouraged their users to use it. Concern over its users security apparently wasn't the only reason for the social network's enthusiasm for 2FA.

Facebook was using 2FA numbers to target advertising at users, according to reports in TechCrunch and Gizmodo.

"It was not our intention to send non-security-related SMS notifications to these phone numbers, and I am sorry for any inconvenience these messages might have caused," Facebook Chief Security Officer Alex Stamos wrote in an online post. "This was not an intentional decision; this was a bug."

Nevertheless, if a user has 2FA enabled, anyone who obtains the number associated with 2FA can use it to look up and confirm the user's profile.

'Ethical Rot'

"Two-factor authentication is usually recommended to users as a security measure to see if someone else logged into their accounts," explained Alexander Vukcevic, director of protection labs and quality assurance at Avira, a security software company in Tettnang, Germany.

"Yet when the feature is being misused by any service, it also leaves the possibility for third parties to look up users' sensitive data, and even worse, allow them to be exposed to different threats such as phishing attacks," he told TechNewsWorld.

"Asking for something as private as your mobile number under the guise of security, and reusing it for advertising and search, is about as wily as it gets," observed Shane Green, U.S. CEO of Digi.me, a personal data management service in Washington, D.C.

"It points to the complete ethical rot at the top of the company that employees and managers could ever think something like this is acceptable," he told TechNewsWorld.

Facebook's phone number fiasco could have general consequences for consumer security, Green noted.

"It absolutely hurts the willingness of people to improve their security by undermining trust," he said. "That's one of the great tragedies of something like this. The consequences reverberate well beyond Facebook. It could be a consumer's bank or health data, next time, that wasn't properly protected."

Ironically, Stamos said as much: "The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications."

Data Mining Uber Alles

This latest social network contretemps is classic Facebook, said John Carroll, a media analyst for WBUR in Boston.

"They will do anything to data mine their 2.2 billion users. They have absolutely no shame in manipulating people's information to the company's advantage," he told TechNewsWorld.

"Despite the incessant apology tours that they go on, they never essentially change the nature of what they're doing," Carroll pointed out.

What's more, when a gaffe is exposed, Facebook places the burden on the user -- or, as in the case of 2FA phone numbers, the company acts dismissive.

"Facebook didn't even bother to mount a defense this time," Carroll observed. "They just said this has been around for a while, as if they were a politician dismissing something as old news so they don't have to address it head on."

Risky Business

As incidents of privacy abuse mount, Facebook could be courting risk for itself and its advertisers.

"Facebook is gambling on its ability to avoid regulation, especially in the U.S.," Carroll said.

"What's protecting them is the incredibly complex infrastructure that they've constructed," he told TechNewsWorld.

"You wonder if politicians in the U.S. Congress have the slightest idea of how any of this works, and the extent to which Facebook is sucking up data to sell to advertisers at an accelerating pace," Carroll said. "If they can't understand it, there's no way they can engineer meaningful safeguards."

Although Facebook has been in and out of hot water with politicians and regulators in the past, this latest kerfuffle may be different.

"This does stand apart from many of the concerning revelations at Facebook. It is just so clearly deceptive and wrong," Digi.me's Green said.

"I imagine regulators in Europe and even the U.S. will have far harder questions for Facebook as a result," he continued, "and even though their quarterly advertising growth numbers are still healthy, this is definitely chipping away at the trust of advertisers."

Tone Deaf

If the privacy flaps don't encourage advertisers to take their business elsewhere, the changing demographics of the social network may do it.

"Among young people, the group most inclined to use Facebook is lower-income young people," said Karen North, director of the Annenberg Online Communities program at the University of Southern California in Los Angeles.

"Why are people leaving? Part of it is they're seeking new experiences, but part of it is Facebook is no longer the trusted, friendly community it was," she said.

"People talk about Facebook now in terms of its advertising and exploitation," North told TechNewsWorld.

"It also seems to be tone deaf," she added. "After being under fire for privacy and meddling issues, you'd think it would stay away from anything that had the appearance of impropriety. But it hasn't."

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Read More



Leave A Comment

More News

TechNewsWorld

August Adds Wireless HD Video Doorbell to Smart 2019-03-06 08:00:00The August View is a wireless doorbell that can stream sharp 1440p HD video. It supports two-way audio, so you can talk to guests via an Internet conn

Facebook's 2FA 'Security' Practices Violate User Privacy 2019-03-05 13:56:58Facebook has undermined privacy on its network by exposing mobile phone numbers provided to secure user accounts through two-factor authentication. Th

EasyOS Teaches an Old Dog New Tricks 2019-03-05 08:00:00EasyOS is an experimental Linux distribution that either will renew your passion for using something different or leave you disappointed in its oddbal

Michael Cohen and the Creation of a Deep 2019-03-04 08:00:00Like many of you I was fascinated by the Michael Cohen testimony last week in what was more performance art than fact-finding. It tends to be fascinat

Why Children Should Learn to Code 2019-03-01 13:33:47Learning to code, regardless of the path a child chooses to take, is crucial today. Research shows us that this knowledge will be important in any car

Google Taps ML to Boost Wind Farm Output 2019-02-28 08:00:00Predicting the power output of wind farms has been challenging, but it's becoming less so with the use of machine learning. Google and British AI com

B0r0nt0K Ransomware Threatens Linux Servers 2019-02-27 15:21:56A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's file

Microsoft Defends Jumping in AR Bed With Military 2019-02-27 13:31:55Microsoft CEO Satya Nadella has defended the company's $479 million contract with the U.S. military -- a commitment that some Microsoft employees str

Android Addition Opens FIDO Password Killer to Billions 2019-02-26 08:00:00The FIDO Alliance hammered another nail into the passwords coffin with the announcement that devices running Android 7.0 or higher will be compatible

The Latest Efforts to Make the iPhone Obsolete 2019-02-25 13:18:10The Mobile World Congress is the annual event where everyone who hates Apple goes to grouse about their profits and point out Apple's lack of real pr

The 3D E-Commerce Revolution 2019-02-22 11:42:56We're living in a time when customer expectations change particularly fast, and retailers that can't keep up get left behind. A consumer who enjoys

GhostBSD: A Solid Linux-Like Open Source Alternative 2019-02-21 13:54:20The subject of this week's Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open sourc

PCWorld

6 big questions cord-cutters should ask about AT&T's 2019-03-07 06:00:00AT&T's management shakeup raises new questions about its streaming TV plans.

WebAuthn: What you need to know about the 2019-03-07 06:00:00WebAuthn is a new way of logging into websites that may finally free you from remembering passwords. Instead, you’ll use you: your fingerpr

Why you should or shouldn't buy a GeForce 2019-03-06 19:58:00Nvidia’s GeForce RTX GPU for laptops has arrived, hot on the heels of its announcement at CES. Unfortunately, all the hand-wringing and chest-be

Zuckerberg, Facebook commit to building 'privacy focused platform,' 2019-03-06 15:19:00Facebook chief executive Mark Zuckerberg said Wednesday that Facebook would commit to building a new “privacy-focused platform” that would

Best Fitbit: We help you choose the right 2019-03-06 13:30:00What is the best Fitbit? Our guide will help you find the one that best matches your activity level and habits, without spending more than you need.

Sonos is shipping a second-generation Sonos One smart 2019-03-06 13:17:00The Sonos One (Gen 2) features Bluetooth LE connectivity, a faster processor, and more memory.

Fitbit Versa Lite and Inspire HR hands-on: Affordability 2019-03-06 12:23:00Fitbit slims its lineup, trims prices with new Versa, Inspire, and Ace 2 in an effort to attract first-time wearable buyers.

Devil May Cry 5 review: Satisfying, slick, and 2019-03-06 11:00:00The problem is when Devil May Cry is at its best, it defies explanation. Sure you can try, and I’m going to for professional reasons.

Up your PC game with an all-time low 2019-03-06 09:52:00Switching to a good mechanical keyboard can completely transform your PC experience, especially if, like us, the majority of your day consists of tapp

How to add music to your PowerPoint presentations 2019-03-06 06:31:00You can add music to your PowerPoint presentations—and if done right, your audience will thank you. It can't replace good content, of course, b

Cambridge Audio Alva TT turntable review: Spin all 2019-03-06 06:00:00This easy-to-use, high-performance turntable lets you stream your favorite records to any audio system with a Bluetooth receiver, including wireless h

HP Spectre x360 15 (2019) review: A prettier, 2019-03-06 05:55:00The 2019 edition of the HP Spectre x360 15 convertible has a hard act to follow. We previously awarded HP’s Spectre x360 15 (2018) an Edito

TIME » Time Sections »

Nintendo Just Announced Cardboard Virtual Reality Goggles for 2019-03-06 22:30:33The new kit is part of Nintendo's Labo series of DIY Switch accessories

Top Democrats Introduce Bill to Restore Obama-Era Net 2019-03-06 15:19:43The bill will face a tough time becoming law

Facebook CEO Mark Zuckerberg Makes Big New Promises 2019-03-06 14:43:35Mark Zuckerberg laid out a new "privacy-focused" vision for social networking

Google Street View Now Lets You Take a 2019-03-06 13:41:49Just don't stick your head inside

Review: The Samsung Galaxy S10+ Is Perfectly Fine, 2019-03-05 16:06:40It's the latest and greatest in an era of smartphone design that's coming to an end

How Nintendo’s Embrace of Indie Games Is Helping 2019-03-04 13:22:48Nintendo is helping indie games makers find an audience — and it stands to reap the rewards

SpaceX’s New Crew Capsule Successfully Docks at the 2019-03-03 08:49:49The station astronauts offered congratulations to SpaceX

Elon Musk’s Silly ‘Elon Tusk’ Twitter Profile Kicked 2019-03-01 10:17:49It turns out the name change was meaningless

Tesla Launches Its Highly Anticipated Model 3 Starting 2019-02-28 17:31:39Musk is scheduled to hold a conference call with reporters

YouTube Bans Comments on Millions of Videos Featuring 2019-02-28 16:56:28The Google unit announced the move after criticism and the loss of advertisers

How This Politician Put Britain at the Forefront 2019-02-19 05:00:48Damian Collins is leading the global drive to rein in Facebook's power

Your iPhone’s Contacts App Is More Powerful Than 2019-02-15 06:00:18Here are 5 ways to get the most out of it

TechCrunch

SoftBank launches the Innovation Fund, committing $2B to 2019-03-07 08:05:22While SoftBank continues to make big bets on startups out of its $100-billion Vision Fund, it has also launched another investment vehicle to invest i

Cabify returns to Barcelona with a workaround for 2019-03-07 06:41:00Well that didn’t take long. Despite warning loudly and publicly that incoming changes to private hire vehicle (VTC) rules in Catalonia would dri

Playfair Capital, the U.K.-based seed firm, announces $32M 2019-03-07 04:00:22Playfair Capital, the U.K. seed investor, has raised a new $32 million fund to continue investing in promising early-stage tech startups. The VC firm,

The Khashoggi murder isn’t stopping SoftBank’s Vision Fund 2019-03-07 01:39:14Money talks in the startup community, especially when SoftBank comes knocking with the megabucks of its Vision Fund. Despite the public outcry around

Tesla’s new Supercharger slashes charging times 2019-03-07 01:20:05Tesla is rolling out a third generation Supercharger that is designed to dramatically cut charging times for its electric vehicles as it seeks to keep

Raisin, the marketplace for savings and investment products, 2019-03-07 01:00:31Hot on the heels of raising $114 million in Series D funding, Raisin, the pan-European fintech marketplace for savings and investment products, has ac

Taxify rebrands as Bolt to expand its transport 2019-03-06 23:59:38Taxify, the ride-hailing company from Estonia backed by Didi and Daimler and now active in 30 countries, is making a key shift in its business today a

Podcasts, smart speakers soar as social media stalls, 2019-03-06 22:23:14The 2019 edition of a popular annual survey shows usage of social media by Americans is stalling while ownership of smart speakers and tablets has soa

Nintendo brings virtual reality to the Switch with 2019-03-06 22:20:21Google showed off virtual reality designed around cardboard in 2014, but it looks like Nintendo is ready to get in on the action now as well with a ne

Huawei is suing the US government over ‘unconstitutional’ 2019-03-06 21:34:01Huawei has decided to go on the legal offence against the United States government after defending itself against alleged espionage and bank frauds li

Personalized wine? This Milwaukee company just raised $8.5 2019-03-06 21:05:35Wine buying is daunting for most people, whether it’s online or off a menu or in an aisle filled with so many brands that it’s hard not to

Omidyar Network spins out its fintech investment arm 2019-03-06 19:36:41After twelve years spent investing in impact-oriented financial services startups around the globe, the Omidyar Network, which serves as the family in

FOX News

Zuckerberg lays out vision for 'privacy-focused' social networking 2019-03-06 17:17:51Facebook CEO Mark Zuckerberg has vowed to develop new privacy-shielding messaging services as the social network comes under increasing pressure over

Air Force deploys new handgun as it modernizes 2019-03-06 16:15:58The Air Force has started deployment of its new M18 Modular Handgun System.

iPhone sales are falling, and Apple's app fees 2019-03-06 14:17:10Last year, every time someone paid $11 for Netflix through an iPhone app, Apple pocketed as much as $3.30. Multiply that by every charge made through

Twitter's Jack Dorsey says company was probably 'way 2019-03-06 13:32:56Twitter CEO Jack Dorsey said the platform has been too aggressive in banning certain accounts from the platform. 

Facebook plans to turn your profile into ‘virtual 2019-03-06 10:56:08Facebook is adding a new feature for memorialized accounts, which will allow users to leave messages in a 'Tributes' section that is separate from t

Creepy AI will reportedly spot shoplifters before they 2019-03-06 10:40:14A creepy new AI system could identify shoplifters before they actually steal based on their body language. 

Navy's torpedo-armed Poseidon spy planes track China's nuclear 2019-03-06 08:28:28The increasing global reach of Chinese nuclear-armed ballistic missile submarines, armed with JL-2 weapons reportedly able to hit parts of the US, con

Silicon Valley hit with new digital tax in 2019-03-06 07:48:09The French government on Wednesday introduced a new levy aimed at big tech giants, adding to momentum behind more than a dozen similar measures g

Google study finds it underpaid men in certain 2019-03-06 04:32:04A study conducted by Google to determine whether it was underpaying women and minorities found it was actually paying men less than women for doing si

Shark skin studied by US military to make 2019-03-05 19:00:47The skin of the mako shark is being studied by the U.S. Army to help them build faster aircraft, according to research presented on Monday.

China's Huawei spy risks threaten U.S diplomacy abroad 2019-02-21 18:30:55For months, American officials have been warning that Chinese telecommunications giant is obligated to their government and has the capacity to spy on

FTC must probe Facebook for violating children's privacy 2019-02-21 13:33:00A coalition of 16 consumer groups on Thursday called on the FTC to investigate whether Facebook engaged in unfair and deceptive business practices in

SlashGear

Mercedes’ beautiful CLA Shooting Brake won’t come Stateside 2019-03-07 08:14:57There are lots of Americans out there that would like to have a slick wagon, or shooting brake but alas the wagon isn’t that popular here, so fe

NASA’s awesome supersonic shockwave images are breathtaking 2019-03-07 07:32:07NASA has shared an image of a pair of supersonic aircraft that is a first of its kind, and the image is incredibly beautiful. The pictures you see her

Huawei sues the US government over ban, says 2019-03-07 01:22:16Huawei has finally had it with the US government and it’s taking the bait. Whether it will emerge victorious or humiliated is something the tech

Meizu Note 9 mixes 48 MP camera with 2019-03-07 00:40:38Meizu’s attempt to sell even the idea of a button-less smartphone may have ended up as a total flop, but that’s not going to make a dent i

Tesla V3 Supercharging promises 75-mile range in 5 2019-03-07 00:03:32Fast charging isn’t a necessity for mobile devices only. While electric cars offer fewer worries about carbon footprints, they increase worries

GameClub wants to update, maintain abandoned iOS games 2019-03-06 23:40:08The removal of the historic Infinity Blade games from the iOS App Store last December highlighted a malady that besets the mobile app market. Once unm

Gmail Smart Compose expands to all Android phones 2019-03-06 23:06:37For some people, writing emails is as natural as breathing or speaking. For others, nothing fills them with such dread. In order to ease the burden of

Samsung explains why Galaxy Fold’s innie is better 2019-03-06 22:21:20It will soon be a war of words between Samsung and Huawei as the two rivals butt heads over foldable phones. Despite having tested both methods, each

Low-meat diet early in life linked to better 2019-03-06 21:45:51A newly published study has found a link between consuming certain heart-healthy diets during young adulthood and better cognitive performance in midd

Nintendo Switch Labo VR Kit revives the Virtual 2019-03-06 21:17:05Years before virtual reality even became the thing it is now, Nintendo was already toying around with bringing VR to its portfolio. That ended up as a

Maru OS 0.6 brings updated Android/Linux convergence to 2019-03-06 20:41:25The dream of a smartphone also acting as your PC has mostly been hampered by the unavailability of the desktop software we’ve come to expect fro

Google Duplex now lets you book restaurants in 2019-03-06 20:09:14Duplex is one of those demonstrations of Google’s AI chops that was both awe-inspiring and almost frightening at the same time. It showed how tr

Electrek

Tesla carrier spotted transporting a wrapped pickup truck, 2019-03-07 05:30:39 A Tesla carrier was spotted with a truckload of Tesla vehicles, which is nothing out of the ordinary, aside from the fact that one of the vehicles wa

Tesla launches new Supercharger with 1,000 mph charging, 2019-03-06 23:02:32 In Fremont today, Tesla is launching the next generation Supercharger V3 with higher charging capacity (250 kW), better efficiency, and more. Some of

Tesla updates self-driving language, creates confusion and walks 2019-03-06 21:01:28 Today, Tesla updated its language regarding Autopilot and self-driving capability on its website – walking back some previously announced featu

Biomass battle: lawsuit challenges EU on ‘renewable energy’ 2019-03-06 15:38:45 The European Union is relying heavily on burning forest biomass to meet its carbon emissions goals. And now it’s facing a legal challenge that&

Tesla releases first glimpse of Supercharger V3 ahead 2019-03-06 14:50:41 Tesla has released a first glimpse of Supercharger V3 in an invite to a select few owners ahead of the launch of the new fast-charging station in Fre

Lightning Strike electric motorcycle capable of charging on 2019-03-06 14:18:43 Lightning Motorcycles still hasn’t entirely dropped the veil on their upcoming 150 mph (241 km/h) Strike electric motorcycle. But they have sha

Harley-Davidson updates LiveWire electric motorcycle specs, boosts range 2019-03-06 13:10:19 Harley-Davidson’s new LiveWire premium electric motorcycle will begin deliveries this fall. Ahead of production, the company has now released m

Tesla produces first batch of standard Model 3 2019-03-06 13:02:51 Less than a week after having launched the new base versions of the Model 3, Tesla has already produced the first batch of Model 3 vehicles with the

Michael Bloomberg passes on presidential run to go 2019-03-06 12:39:05 Michael Bloomberg won’t be running for president in 2020, but the former New York City mayor/billionaire businessman has set his sights on clim

Green Deals: WORX 20V 12-inch Cordless Electric String 2019-03-06 12:25:02 Today only, Woot offers the WORX WG163 20V GT 3.0 12-inch Cordless String Trimmer/Edger with three batteries for $79.99 Prime shipped. Non-Prime memb

Waymo selling its custom-built LIDAR sensor to robotics, 2019-03-06 11:19:15 In addition to operating a Lyft/Uber competitor, commercial trucks, and possibly licensing self-driving tech to carmakers, Waymo has another way to m

This cute little Motochimp V2 electric scooter is 2019-03-06 11:09:49 Much like the riders that use them, electric scooters come in all shapes and sizes. While you’re probably familiar with the standard electric k


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.