←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 1 comments | 02 Feb 25 17:07 UTC | HN request time: 0.001s | source
Show context
qingcharles ◴[02 Feb 25 20:40 UTC] No.42911578[source]
One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

replies(33): >>42911665 #>>42911679 #>>42911714 #>>42911768 #>>42911810 #>>42911853 #>>42911874 #>>42912408 #>>42912465 #>>42912852 #>>42912979 #>>42913150 #>>42913418 #>>42913708 #>>42913974 #>>42914004 #>>42914803 #>>42914807 #>>42915963 #>>42916052 #>>42916619 #>>42916711 #>>42916764 #>>42917374 #>>42918405 #>>42918914 #>>42918920 #>>42920277 #>>42920369 #>>42920873 #>>42920949 #>>42940036 #>>42967302 #
_heimdall ◴[03 Feb 25 01:01 UTC] No.42913708[source]
It is possible to just not use a phone number.

I mostly connect through Signal. I do technically have a phone number that my close friends and family have, but its a random VoIP number that I usually change every year or so. Surprisingly no one has really cared, I send out a text that I got a new number and that's that.

replies(1): >>42914006 #
ironmagma ◴[03 Feb 25 01:43 UTC] No.42914006[source]
How? Most of the services I use, from Walgreens to banks to retirement accounts, require a phone number either for 2FA or just to verify that you’re you when signing up. After changing my phone number this year and having to go through the rigamarole for each service, I decided never again.
replies(4): >>42914054 #>>42914174 #>>42917367 #>>42920768 #
dylan604 ◴[03 Feb 25 01:51 UTC] No.42914054[source]
Yeah, companies are not dumb, and they know when you have VoIP number vs a full account with an "accepted" company.

I can kind of see why not allowing 2FA to a number that could be easier to loose, but that's weak argument. Of course they don't want someone from .ru to get a US number with all of the baggage that would entail

replies(1): >>42914709 #
1. ironmagma ◴[03 Feb 25 03:45 UTC] No.42914709[source]
There are flaws to their methodology. For half the companies, to change your number from A to B, you first must verify a NONCE with A, then verify a NONCE with B. This just means you have to possess two phone numbers for a period of time — Weeks, or in reality, months — while you change the long list of services over to the new phone number.

There is a simpler/better way and that is to verify you have your email address before allowing you to do a NONCE with B.