Twitter let you use your phone number or email to verifiy or otherwise make logging in more secure. They then took this “for security purposes” information and sold it to advertisers for use in twitters targeted advertising platform.
But hey rest assured:
No personal data was ever shared externally with our partners or any other third parties
As the article points out, if that is not personal information what is!? Especially when it will be combined with you other profile information and no doubt much other information available to advertising agencies.
They also took 21 days after “fixing it”, yeah right that information is out there forever now, to disclose that it happened in the first place.
Of course, and they have a vast amount of that information all ready.
The important part was that is was personally identifiable information that was to be used a for security reasons and should have been completely separate from the advertising information that they sell as a matter of business.
That and the inherent insecurity of SMS is why 2FA in it’s current form sucks. Don’t get me wrong, i like that more and more sites support 2FA at all. But who ever thought SMS would be a good idea for that should burn. That should have never been an option.
It’s also why i make sure to only use my phone number if there is no other option. Amazon has been begging me at ever login for a year now i think. Same for many other websites and services.
I can see though why many people would think it’s a good idea. I mean, better to have any second factor than none…
Generating it through a website the uses an QR-Code as input
etc. Apps aren’t the only alternatives. All that matters, is that you produce/have/recieve something that only you could. How you do that is entirely up to you. Some require special equipment, some don’t.
2FA doesn’t require a phone to work. There are a number of other implementations using U2F and other technologies using security keys. (We support u2f)
That’s what’s being said by the common folk but it already looks like GDPR is getting less and less effective and even used. I heard nothing from the Bethesda thing where they left people names, addresses, emails and credit cards accessible to other forum users. So I don’t really hold much hope. On top of that these fines are just pointless. Like in facebooks case $5bn in fines was less than they expected and was fucking budgeted for like an operational cost. Really they (irresponsible tech companies) just need to be broken up and or shut down if they can’t quit their shit.
I don’t particularly care who it is for or what does for them, I just want some actual mechanism to hurt companies that fuck up, hurt them enough that they actually do something rather than just brush it off, so puppy eyes and say sorry while fucking their users even harder.
if you use twitter you have to be at least mildly aware that you are being sold. Maybe people will now stop believing that somehow twitter is better for privacy than facebook.
Ohh no who could have predicted such a turn of events, a free to use service has betrayed me again, what kind of person would do such a thing to our valued info!
jokes aside I guarantee many rich and famous people that are in good standings with twitter execs get a free pass and have their data spared from such info selling. Im telling you if there was a law to give a person 50% of the earnings you make off of selling their data, we’d be rich and/or companies would stop selling it all together. IDK just a theory
It exists in the form of boycott. If you don’t use the products, they can’t sell your data. I know Facebook has an interesting workaround to this, so I limit my web browsing to maybe five websites.
Regardless, international/government intervention is not likely to yield the results you’re looking for.
A lot of people are unwilling to make this sacrifice