I've never been an FB "person", but maybe 6-7 years ago the local running club moved to scheduling everything on FB. For a while, the page was "public", but then you had to have an account (which required a phone number) to see anything other than the club's "landing page". So I ended up making an FB account which I've only ever used to be able to see the club pages (I haven't ever posted anything!) -- dumb of me I know, but FB had almost become a requirement to participate in life.
However recently, I've noticed that I now get a couple of junk text every day or two whereas up until a few weeks ago, I don't think I'd ever had a single junk text.
The cost of sending texts has gone to effectively zero, so there's no barrier to someone sending one to all the numbers in sequence. At least, until the phone company catches on and blocks you.
The one I got late last night was pretending to be from the US Postal Service, prompting me to click on an anonymous link in order to "rescedule delivery"
Going to get worse SCOTUS just ruled saying a very strict reading definition on robocall to be only random or sequential numbers. So if you already have a list say bought from a 3rd party company of all the phones in the US sounds like you can bulk send now no repercussions.
In my field - politics - campaigns use tools like Hustle which are basically mechanical turk clickers to get around these rules. I'm thinking personally this will change...
That's interesting. SMS wholesale prices in my part of the world (Western Europe) are still at around $0.07. This seems to indicate some kind of market failure. But whatever it is, it's fine by me, as I can still count the number of spam/scam text message I ever received on one hand.
So how can we cause the email market to fail in a similar way? ;-)
I think the opposite is true: still quite high costs are the cause of SMS spam. If the carriers did not profit from this, they would have destroyed SMS spam as a phenomenon on the same day.
> However recently, I've noticed that I now get a couple of junk text every day or two whereas up until a few weeks ago, I don't think I'd ever had a single junk text.
I think this is a symptom of living in the US. Been receiving robocalls and text messages all the time since I moved here.
You also have to consider that someone somewhere probably had your phone number before you did. There's no telling what the previous person did with that number.
I get an infinite amount of spam texts and I don't have a Facebook account. (I did have one in college when it first came out, but I don't think I gave them my phone number, and if I did, that phone number is no longer in use. I switch phone numbers every time I switch cell providers.)
Why are so many HN users against Facebook, and quick to reassure others that they only signed up out of necessity? FB & Instagram present a perfectly acceptable entertainment vs privacy trade off. Sure, it’s also a waste of time, but so is everything else you don’t like.
Because the network effect reduces choice and competition. I don’t get to vote with my wallet with Facebook. I can participate in society or not have Facebook.
My mom was recently told by a state elected representative that she would have to contact them through Facebook to provide feedback on legislation. This is not a “valid tradeoff” nor does it have to do with “entertainment”.
Facebook knows where you live, where you shop, who you meet, what you say, what you buy, where you go – perhaps when you wake and sleep –… and in exchange, you get some chat rooms, a MySpace page, advertised at, and to be a non-consensual subject in psychological experiments. (Libel notice: they might not do the last one much any more.)
Because this morning I tried to post a link to a Social science podcast from sage publishing and it was blocked because it violated community standards.. The topic, Unobtrusive resistance of people without formal power..
(and meanwhile on the FB watch video tab that no one asked for, "he thought she put the whole think up there XD. for entertainment only."(lady standing over coke bottle))
I have also noticed this the past couple weeks. I don’t think it’s related to Facebook- I deleted my Facebook account before 2019. However, I’ve also recently had discussions with Twilio (all of the below is non-confidential information according to our conversation):
The carriers are cracking down on sms spam. They are going to force registration of all businesses sending texts, not just with services like Twilio, but with them. And prices / rent-seeking from the carriers is going up - they are going to charge for each campaign/brand you run. So in the end you’ll see less spam, but texting will also cost more for companies that send them.
The initial rollout by AT&T was supposed to start 5/1, though that’s now been pushed back. Spammers are likely in their death throes, trying to get their last spam out before they get shut down or priced out.
To get an account on Facebook, one can use an email address to sign up (no phone number), and if the email address later becomes invalid, the Facebook account still remains viable. As such, a "disposable" email address should work for the purpose of obtaining a Facebook account. One need never log in to the "throwaway" email account ever again after the Facebook account is established.
If one really wanted to use a phone number for sign up, a disposable number such as a "burner" phone should work.
What does the email-only flow look like? Every time I've tried that I've been redirected to various kinds of "additional authorization" or "proof of identity" barriers and haven't been able to find a flow around them.
I have been getting a lot of spam texts and also an unusually large spam calls from the social security administration. I tell teh guy/gal on the line every time to quit calling me because they are wasting their time and i know it's a scam, they keep calling...
I don't think the little guy that's calling you cares that much, or that the organization that runs the call center is organizaed well enough to receive a piece of information from the bottom end employee and act on it.
I can tell you why. It's because you gave FB your personal phone number, while any number would work, e.g. a prepaid sim card (a one time 15 bucks expense).
I signed up before Facebook ever required phone numbers.
I never gave Facebook my phone number.
I never had a Facebook app on any Android device, ever.
When I use Facebook, it's in a sandboxed browser that I never log into any other site with.
Facebook, for a time, started autofilling a prompt with my phone number, asking me to complete my account setup.
When Facebook has an app and all the people you know send their contacts to it, they don't need you to give them your phone number for them to have it.
I did some research and it seemed as though the companies would auto-renew and make it incredibly tough to close the accounts. I wouldn’t be surprised if some went so far as to send people to collections for “fees”.
There's a good discussion on this by Troy Hunt[1].
> But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.[2]
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too. This data is everywhere already.[3]
> New breach: Facebook had 2.5M addresses exposed in an incident that impacted 533M subscribers' phone numbers. Most records contained name and gender, many also included DoB, location, relationship status and employer. 65% were already in @haveibeenpwned[4]
> If we look at the data, email is rare, DoB is rare so the greatest impact here is the phone numbers. Even though it’s “only” 20% of FB users, the number is obviously substantial thus so is the impact[5]
Anyone know if Haveibeenpwned will have this type of info? I'm super curious to search my name, warn people i know, etc - but i'm not sure i want to search for and/or download the data.
What's a good way to know if myself or my loved ones are in it?
"I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly."
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too.
I made a Google search 8 hours ago. There were 10 pages hits of link spammers where you have won an Iphone, but they don't have the data. So, yes public interest seems big. I wonder why Google cannot catch those, after opening the first one I could recognize the rest from the address and the snippet. Google did not have a correct link that still had the data. Maybe they are not publishing those, getting bad reputation to big data is not exactly in their interest.
Not just Zuckerberg's, but Dustin Moskovitz and Chris Hughes are there as well. Interesting to see who has low user IDs in the dump.
Also mildly entertaining to see some names that are probably test accounts now associated with Facebook people in Google as people try to see who they are.
What a useless screenshot. Sure if we believe him then he actually added Zuck's number into his address book and he got this notification from Signal. But if I want to doctor a screenshot like this, I can rename my non-Signal-using friend in my address book to "Zuck", and make my friend install Signal, and voila, "Zuck is now using Signal"...
I’ll take it. “Thank you for calling the executive office complaint line. To file a priority incident at the cost of $99, enter your visa/MasterCard number now”
Is the phone number really that big an issue? I mean here phone numbers are 8 digits, randomly guess a phone number will almost certainly result in a working number.
The spam I see and hear about is just random dialing from Albanian numbers, hoping that you’ll call back.
sure any random phone number will connect. the point is that you know WHO the number belongs to. lots and lots and lots of places use phone number for auth. as a trivial example, calling to activate a new credit card.
I would take it and just automatically send all calls to voicemail and archive the text messages.
It will be a more modern '867-5309', however instead of people searching for love it will be a consolidation of the collective hate for a single entity/person.
Good comment. Why do people care if their phone number gets leaked? There use to be a yellow page book with everybody’s phone number. Also, phone numbers are not identities. I change phone number every year on average.
Many people never change phone numbers. I've had the same cell phone number since I was a teenager, and I suspect I will have it until I die.
It's the most identifiable thing about me other than my social security number. Even my driver's license number has changed more than my cell phone, and I don't always have a valid passport.
Typically don't just contain phone number or email, but also some other pieces of personal information. For example in this case it included at least the Facebook user id. This can give other tidbits of info like when you established you account, about your education, about your age etc.
Determined person can use the various leaks and other data sources to collect more detailed profile of you (and millions of others). This will eventually allow them to setup more targeted and personalized spam or phishing campaigns.
This is why I call for zero-knowledge information exchange, decentralization, and genuine end-to-end encryption. The most secure data is data you don't have, and any company which claims to store data "securely" is grossly irresponsible. Even the world's largest tech companies with access to truly staggering engineering budgets can and will leak your data. It's not if: it's when.
I’m curious to see if existing regulation in this regard has been effective. I know there is HIPAA, but does it actually reduce data leaks in the Health Care field?
Readit News
However recently, I've noticed that I now get a couple of junk text every day or two whereas up until a few weeks ago, I don't think I'd ever had a single junk text.
I wonder if this is why.
The one I got late last night was pretending to be from the US Postal Service, prompting me to click on an anonymous link in order to "rescedule delivery"
In my field - politics - campaigns use tools like Hustle which are basically mechanical turk clickers to get around these rules. I'm thinking personally this will change...
So how can we cause the email market to fail in a similar way? ;-)
I think this is a symptom of living in the US. Been receiving robocalls and text messages all the time since I moved here.
Consider signing up for the Do Not Call registry. Does not do much against the scammers but you will receive significantly fewer telemarketing calls.
https://www.donotcall.gov/
My mom was recently told by a state elected representative that she would have to contact them through Facebook to provide feedback on legislation. This is not a “valid tradeoff” nor does it have to do with “entertainment”.
I'm glad you're here to establish this objective fact for those of us who didn't know ;-)
The carriers are cracking down on sms spam. They are going to force registration of all businesses sending texts, not just with services like Twilio, but with them. And prices / rent-seeking from the carriers is going up - they are going to charge for each campaign/brand you run. So in the end you’ll see less spam, but texting will also cost more for companies that send them.
The initial rollout by AT&T was supposed to start 5/1, though that’s now been pushed back. Spammers are likely in their death throes, trying to get their last spam out before they get shut down or priced out.
If one really wanted to use a phone number for sign up, a disposable number such as a "burner" phone should work.
What does the email-only flow look like? Every time I've tried that I've been redirected to various kinds of "additional authorization" or "proof of identity" barriers and haven't been able to find a flow around them.
Complain loudly, and delete your fb account. Be a nuisance about it at club meetups.
Caving just makes it worse for the next guy.
Dead Comment
I never gave Facebook my phone number.
I never had a Facebook app on any Android device, ever.
When I use Facebook, it's in a sandboxed browser that I never log into any other site with.
Facebook, for a time, started autofilling a prompt with my phone number, asking me to complete my account setup.
When Facebook has an app and all the people you know send their contacts to it, they don't need you to give them your phone number for them to have it.
> But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.[2]
> Another general observation on this incident: I'm seeing extensive sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too. This data is everywhere already.[3]
> New breach: Facebook had 2.5M addresses exposed in an incident that impacted 533M subscribers' phone numbers. Most records contained name and gender, many also included DoB, location, relationship status and employer. 65% were already in @haveibeenpwned[4]
> If we look at the data, email is rare, DoB is rare so the greatest impact here is the phone numbers. Even though it’s “only” 20% of FB users, the number is obviously substantial thus so is the impact[5]
[1]: https://twitter.com/troyhunt
[2]: https://twitter.com/troyhunt/status/1378485999781613569
[3]: https://twitter.com/troyhunt/status/1378513457209696256
[4]: https://twitter.com/haveibeenpwned/status/137855490210063565...
[5]: https://twitter.com/troyhunt/status/1378474534760685568
What's a good way to know if myself or my loved ones are in it?
"I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly."
I'm sure it will be.
I made a Google search 8 hours ago. There were 10 pages hits of link spammers where you have won an Iphone, but they don't have the data. So, yes public interest seems big. I wonder why Google cannot catch those, after opening the first one I could recognize the rest from the address and the snippet. Google did not have a correct link that still had the data. Maybe they are not publishing those, getting bad reputation to big data is not exactly in their interest.
So is this breach related to reusing or having a weak password?
Or is it completely independent?
(Less, depending on the number of folks with multiple accounts, which FB seems to try to prevent?)
https://www.reddit.com/r/dataisbeautiful/comments/mjufnx/if_...
Also mildly entertaining to see some names that are probably test accounts now associated with Facebook people in Google as people try to see who they are.
"People just submitted it. I don't know why. They 'trust me'. Dumb f*cks."
The spam I see and hear about is just random dialing from Albanian numbers, hoping that you’ll call back.
It will be a more modern '867-5309', however instead of people searching for love it will be a consolidation of the collective hate for a single entity/person.
It's the most identifiable thing about me other than my social security number. Even my driver's license number has changed more than my cell phone, and I don't always have a valid passport.
Determined person can use the various leaks and other data sources to collect more detailed profile of you (and millions of others). This will eventually allow them to setup more targeted and personalized spam or phishing campaigns.
We need to regulate this.