Bonum Certa Men Certa

Two Factor Surveillance and Fake Security Practices

Related (older, both from early 2021): Fake Security From Linux Foundation and the Monopolies It's Fronting for | Fake Security is Still a Real Problem, Even in the GNU/Linux (and BSD) Spheres

Videos below (newer): Google Tricking Me to Get a Phone Number (2FA)! Why This is Not About Security | 2FA is a Big Tech Scam! You Must Resist!

Video download link



Video download link



Summary: Rob's videos have recently covered some of the reasons why "2FA is a Big Tech Scam!" and "Why This is Not About Security"; so today we want to highlight some of the issues (there's more on that coming up tomorrow)

OVER the past few years there was growing adoption of 2FA, which is typically marketed as "security" (sometimes falsely). A number of good articles on this topic highlighted the issues associated with recycled numbers, SS7 issues, among other things.

Two hands and many phoneSee articles like "Stop using your phone number for two-factor authentication" and read up on what Pegasus was doing. Giving your phone number away and associating a back-doored device with authentication is basically a bad idea. Also see ample media coverage about the pitfalls associated with lost devices -- a subject we'll mention in passing tomorrow.

As our associate notes, "that's the high-profile stuff requiring the attacker actually expend effort, but the topics covered in Rob's video are more relevant to your average person..."

"Part III," which we'll publish tomorrow, "could expound ever so briefly on why smartphones fail at 2FA," our associate notes.

Rob's "presentation style is a bit ranty but the substance is all accurate," our associate says. Since it's one topic we never quite covered (I am not entirely ignorant about it, but my explanation would be poor, unconvincing, terse) and since we're going to be writing more about "Smartphones" (Spyphones) in the future, it's never too late to catch up. Another under-reported and grossly neglected (barely covered) issue is ClownFlare's takeover or control of Web traffic.

For now, or today at least, we focus on the problem with 2FA over "smart" (spy) phones, just ahead of Part III of My Year as a Digital Vegan.

Andy himself has told me that "this is hard to explain. I think a key issue - as I've presented it to my cybersecurity classes ( and it's a Bruce Schneier thing) that an illusion of security (trustworthyness) of one factor can be an overall negative (real) security impact."

He has further used this analogy: "In reality they should operate as if in series/cascade however people treat the factors such they function as if in parallel, which as for an electrical circuit resistance, brings down the security."

Recent Techrights' Posts

ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024