Bonum Certa Men Certa

Two Factor Surveillance and Fake Security Practices

Related (older, both from early 2021): Fake Security From Linux Foundation and the Monopolies It's Fronting for | Fake Security is Still a Real Problem, Even in the GNU/Linux (and BSD) Spheres

Videos below (newer): Google Tricking Me to Get a Phone Number (2FA)! Why This is Not About Security | 2FA is a Big Tech Scam! You Must Resist!

Video download link



Video download link



Summary: Rob's videos have recently covered some of the reasons why "2FA is a Big Tech Scam!" and "Why This is Not About Security"; so today we want to highlight some of the issues (there's more on that coming up tomorrow)

OVER the past few years there was growing adoption of 2FA, which is typically marketed as "security" (sometimes falsely). A number of good articles on this topic highlighted the issues associated with recycled numbers, SS7 issues, among other things.

Two hands and many phoneSee articles like "Stop using your phone number for two-factor authentication" and read up on what Pegasus was doing. Giving your phone number away and associating a back-doored device with authentication is basically a bad idea. Also see ample media coverage about the pitfalls associated with lost devices -- a subject we'll mention in passing tomorrow.

As our associate notes, "that's the high-profile stuff requiring the attacker actually expend effort, but the topics covered in Rob's video are more relevant to your average person..."

"Part III," which we'll publish tomorrow, "could expound ever so briefly on why smartphones fail at 2FA," our associate notes.

Rob's "presentation style is a bit ranty but the substance is all accurate," our associate says. Since it's one topic we never quite covered (I am not entirely ignorant about it, but my explanation would be poor, unconvincing, terse) and since we're going to be writing more about "Smartphones" (Spyphones) in the future, it's never too late to catch up. Another under-reported and grossly neglected (barely covered) issue is ClownFlare's takeover or control of Web traffic.

For now, or today at least, we focus on the problem with 2FA over "smart" (spy) phones, just ahead of Part III of My Year as a Digital Vegan.

Andy himself has told me that "this is hard to explain. I think a key issue - as I've presented it to my cybersecurity classes ( and it's a Bruce Schneier thing) that an illusion of security (trustworthyness) of one factor can be an overall negative (real) security impact."

He has further used this analogy: "In reality they should operate as if in series/cascade however people treat the factors such they function as if in parallel, which as for an electrical circuit resistance, brings down the security."

Recent Techrights' Posts

Why We Republish Articles From Debian Disguised.Work (Formerly Debian.Community)
articles at disguised.work aren't easy to find
Google: We Run and Fund Diversity Programs, Please Ignore How Our Own Staff Behaves
censorship is done by the recipients of the grants
European Patent Office (EPO) Has Serious Safety Issues, This New Report Highlights Some of Them
9-page document that was released to staff a couple of days ago
Microsoft-Run FUD Machine Wants Nobody to Pay Attention to Microsoft Getting Cracked All the Time
Fear, Uncertainty, Doubt (FUD) is the business model of "modern" media
 
Links 21/04/2024: Earth Day Coming, Day of Rest, Excess Deaths Hidden by Manipulation
Links for the day
Bad faith: no communication before opening WIPO UDRP case
Reprinted with permission from Daniel Pocock
Bad faith: real origins of harassment and evidence
Reprinted with permission from Daniel Pocock
Links 21/04/2024: Censorship Abundant, More Decisions to Quit Social Control Media
Links for the day
Bad faith: Debian Community domain used for harassment after WIPO seizure
Reprinted with permission from Daniel Pocock
If Red Hat/IBM Was a Restaurant...
Two hours ago in thelayoff.com
Paul Tagliamonte & Debian Outreachy OPW dating
Reprinted with permission from disguised.work
Disguised.Work unmasked, Debian-private fresh leaks
Reprinted with permission from disguised.work
[Meme] Fake European Patents Helped Fund the War on Ukraine
The European Patent Office (EPO) does not serve the interests of Europe
IRC Proceedings: Saturday, April 20, 2024
IRC logs for Saturday, April 20, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Torvalds Fed Up With "AI" Passing Fad, Calls It "Autocorrect on Steroids."
and Microsoft pretends that it is speaking for Linux
Gemini Links 21/04/2024: Minecraft Ruined
Links for the day
Links 20/04/2024: Apple is Censoring China’s App Store for the Communist Party of China
Links for the day
Links 20/04/2024: Accessibility in Gemini and Focus Time
Links for the day
Congratulations to Debian Project Leader (DPL) Andreas Tille
It would not be insincere to say that Debian has issues and those issues need to be tackled, eventually
20 April: Hitler's Birthday, Debian Project Leader Election Results
Reprinted with permission from Daniel Pocock
September 11: Axel Beckert (ETH Zurich) attacks American freedoms
Reprinted with permission from Daniel Pocock
20,000 victims of unauthorized Swiss legal insurance scheme
Reprinted with permission from Daniel Pocock
Matthew Garrett, Cambridge & Debian: female colleague was afraid
Reprinted with permission from disguised.work
David Graeber, village wives & Debian Outreachy internships
Reprinted with permission from disguised.work
Neil McGovern & Ruby Central part ways
Reprinted with permission from disguised.work
Links 20/04/2024: Chinese Diplomacy and 'Dangerous New Course on BGP Security'
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 19, 2024
IRC logs for Friday, April 19, 2024
The Latest Wave of Microsoft Crime, Bribes, and Fraud
Microsoft is still an evil, highly corrupt company
Links 19/04/2024: Running a V Rising Dedicated Server on GNU/Linux and More Post-"AI" Hype Eulogies
Links for the day
Gemini Links 19/04/2024: Kolibri OS and OpenBSD
Links for the day
[Video] Novell and Microsoft 45 Years Later
what happened in 2006 when Novell's Ron Hovsepian (who had come from IBM) sealed the company's sad fate by taking the advice of Microsoft moles
[Meme] EPO “Technical” Meetings
an institution full of despots who commit or enable illegalities
EPO “Technical” Meetings Are Not Technical Anymore, It's Just Corrupt Officials Destroying the Patent Office, Piecewise (While Breaking the Law to Increase Profits)
Another pillar of the EPO is being knocked down
Red Hat Communicates the World Via Microsoft Proprietary Spyware
Red Hat believes in choice: Microsoft... or Microsoft.
Sven Luther, Lucy Wayland & Debian's toxic culture
Reprinted with permission from disguised.work
Chris Rutter, ARM Ltd IPO, Winchester College & Debian
Reprinted with permission from disguised.work
[Video] Microsoft Got Its Systems Cracked (Breached) Again, This Time by Russia, and It Uses Its Moles in the Press and So-called 'Linux' Foundation to Change the Subject
If they control the narrative (or buy the narrative), they can do anything
Links 19/04/2024: Israel Fires Back at Iran and Many Layoffs in the US
Links for the day
Russell Coker & Debian: September 11 Islamist sympathy
Reprinted with permission from disguised.work
Sven Luther, Thomas Bushnell & Debian's September 11 discussion
Reprinted with permission from disguised.work
G.A.I./Hey Hi (AI) Bubble Bursting With More Mass Layoffs
it's happening already
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 18, 2024
IRC logs for Thursday, April 18, 2024