Top tip: Don't bother with Facebook's two-factor SMS auth – unless you love phone spam Forget fake news, Russian trolls and the gradual cruel destruction of journalism – now Facebook is taking heat for spamming a netizen's phone with text messages after he signed up for SMS-based two-factor authentication. Software engineer Gabriel Lewis said this week that after he activated the security measure with his …
I haven't deleted my Facebook account, but I committed to being on Facebook as little as possible (less than once a week), and I have to say, its absence from my life opens a lot more space for useful thought and focus. If Facebook is doing things to drive users away, that can only be good for the users.
Yeah, I've left mine all but derelict for quite some time. On the odd occassion I take a scroll through I tend to wonder how people can spend so much time on there when most posts are just junk.
They're also one of the services I would resolutely never give my mobile number. Even if that was their only 2FA option.
Similarly, I just click past the Google nags to provide it.
Some time ago (few years) Google nagged me for it because "there was a security incident" with my account. Did not say anymore just would not let me in until I surrendered a number for 2FA. Cause I use the account for useful stuff, I went and got an anonymous SIM card (u can get them here just about anywhere) and got back in. To this day I'm certain they made the incident up.
To be fair though I still have that other number and keep it alive and they have not spammed me on it, ever.
I remember when G+ told me I could have a "vanity URL" - i.e. my name instead of a random number.
However, they wanted me to text the fact that I wanted it, and accepted no other contact method. Email was right out. Very interesting. And transparent.
So of course I found one of those shady SMS gateways and used that. I've always wondered if it's gotten spammed by Google. I didn't really care about the URL, I just wanted to screw Google.
I deleted my account years ago, and you know what? Life went on as normal. People will text me, or - gods forbid - speak to me if there's an event I need to go to.
Do I get FOMO when I inadvertently don't get invited? No, because I'm a grown up.
FB is nothing more than a means of firing adverts directly into your eyeballs, and it's completely unnecessary.
When I deleted the factory installed Facebook app off my phone there were 2 other Facebook related apps that were still there: Facebook App Installer_com.facebook.system.apk and Facebook App Manager_com.facebook.appmanager.apk that could NOT be removed.
They were also using data in the background.
And after my phone manufacturer pushed a silent update that was pushing advertising from sytem apps and injecting Javascript into Webview (among other things) I wiped the device and installed Lineage and never looked back.
Which is the main reason why the Page households standing order for mobiles is "Network Free". Instigated after the last mobile from Tesco had 5 un-uninstallable (and un-deactivatable) apps guzzling memory, power, and data. I had to root the phone AND install a custom ROM to remove them (obviously invalidating warranty).
So now it's Amazon/eBay for unlocked, and un crufted phones. Not that we've needed one since 2015 - nothing new we need (just in case anyone feels like writing a "Phone sales to soar" piece).
"We give people control over their notifications, including those that relate to security features like two-factor authentication," a spokesperson told El Reg on Wednesday evening.
Facebook is saying here that it's the user's fault that Facebook is abusing the 2FA system like this because users can turn it off somewhere.
Says it all, really.
Just close the account. Send the data-pervs / tech-sociopaths a message. After the 10th year of FB undeleting Activity-Log posts, I sure had enough!
Check this on your own account's Activity-Log, as it takes a few seconds to load past years 'fully', and sometimes you have scroll up and down a few times to coerce it to update. All of this was confirmed from the Max Schrems case too. Realms of extra hidden profile data, photos and posts are never really deleted! What does the Irish DPC have to say? They said 'you have to contact Facebook'! And this FB advice here, its BS too:
https://hothardware.com/news/think-your-deleted-facebook-posts-are-really-deleted-guess-again
but my bar for actually investing time and effort into anything has been climbing for a while.
I am not ignorant of the privacy issues, regulatory concerns, and data protection issues. But at some point I find myself saying "but does it really matter ?"
On the scale of things I am going to invest my last few remaining breaths on this planet on, Facebooks abuse of 2FA is far below (for example) poverty, social inequality, the future for my children, and how often my bins get emptied.
The only reason I am commenting here is that I believe even a flaky spammy 2FA solution is light years ahead of no 2FA solution, and that it's probably the next step after not reusing passwords to go up a level of security. Personally I think an app-linked 2FA is probably the right level ... Authy, Google Authenticator etc etc.
I use FB as it's useful to keep in touch with extended family and friends who live abroad. I installed Facebook Purity to control / nix the shite it throws at me so a more pleasant experience.
I never use the FB app on the phone and will never give up my phone number for 2FA to any business, been spam free for decades and intend it to stay that way.
Especially someone who uses it so little don't even bother to install the mobile app? Was he really concerned someone was going to break into his Facebook account?
I want 2FA where it matters, like with my bank. I don't care if someone breaks into my Facebook or my Reg account, so I don't use 2FA for those (well it may not be available here, but even if it were I wouldn't use it) The only reason Facebook supports 2FA is to portray themselves as being so important that people should feel they need that level of security on their Facebook account. Honestly I'd put it on my Amazon or eBay login (where I don't use it either) long before I'd put it on my Facebook.
As to the guy who got spammed, hopefully deactivating 2FA will stop the spam? If not, then perhaps reporting it as text spam to the FCC might get Zuckerberg's attention to the matter...
I keep getting text messages to my mobile network card's SMS account, it doesn't not happen all the time but I get SMS from their work, superannuation, shops, friends and also from Facebook, with a link and new password, I got it twice.
I do not know how the situation worked out as I have given up trying to fix this problem of wrong mobile number.
The silly thing is I don't care if they changed my number I only use it for mobile internet / broadband.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
