Bonum Certa Men Certa

Two Factor Surveillance and Fake Security Practices

Related (older, both from early 2021): Fake Security From Linux Foundation and the Monopolies It's Fronting for | Fake Security is Still a Real Problem, Even in the GNU/Linux (and BSD) Spheres

Videos below (newer): Google Tricking Me to Get a Phone Number (2FA)! Why This is Not About Security | 2FA is a Big Tech Scam! You Must Resist!

Video download link



Video download link



Summary: Rob's videos have recently covered some of the reasons why "2FA is a Big Tech Scam!" and "Why This is Not About Security"; so today we want to highlight some of the issues (there's more on that coming up tomorrow)

OVER the past few years there was growing adoption of 2FA, which is typically marketed as "security" (sometimes falsely). A number of good articles on this topic highlighted the issues associated with recycled numbers, SS7 issues, among other things.

Two hands and many phoneSee articles like "Stop using your phone number for two-factor authentication" and read up on what Pegasus was doing. Giving your phone number away and associating a back-doored device with authentication is basically a bad idea. Also see ample media coverage about the pitfalls associated with lost devices -- a subject we'll mention in passing tomorrow.

As our associate notes, "that's the high-profile stuff requiring the attacker actually expend effort, but the topics covered in Rob's video are more relevant to your average person..."

"Part III," which we'll publish tomorrow, "could expound ever so briefly on why smartphones fail at 2FA," our associate notes.

Rob's "presentation style is a bit ranty but the substance is all accurate," our associate says. Since it's one topic we never quite covered (I am not entirely ignorant about it, but my explanation would be poor, unconvincing, terse) and since we're going to be writing more about "Smartphones" (Spyphones) in the future, it's never too late to catch up. Another under-reported and grossly neglected (barely covered) issue is ClownFlare's takeover or control of Web traffic.

For now, or today at least, we focus on the problem with 2FA over "smart" (spy) phones, just ahead of Part III of My Year as a Digital Vegan.

Andy himself has told me that "this is hard to explain. I think a key issue - as I've presented it to my cybersecurity classes ( and it's a Bruce Schneier thing) that an illusion of security (trustworthyness) of one factor can be an overall negative (real) security impact."

He has further used this analogy: "In reality they should operate as if in series/cascade however people treat the factors such they function as if in parallel, which as for an electrical circuit resistance, brings down the security."

Recent Techrights' Posts

There's Nothing "Funny" About Attacking Free Speech and Software Freedom
persistent focus on the principal issues is very important
GNU/Linux Adoption in Africa, a Passageway Towards Freedom From Neo-Colonialism
Digi(tal)-Colonialism and/or Techolonialism are a thing. Can Africa flee the trap?
 
Links 06/12/2023: Many More December Layoffs
Links for the day
IRC Proceedings: Tuesday, December 05, 2023
IRC logs for Tuesday, December 05, 2023
PipeWire 1.0: Linux audio comes of age
Once upon a time, serious audio users like musicians and audio engineers had real trouble with Linux
This is How 'Linux' Foundation Presents Linux to the World
Right now it even picks Windows over Linux in some cases
Links 05/12/2023: Microsoft's Chatbot as Health Hazard
Links for the day
Professor Eben Moglen Explained How Software Patent Threats Had Changed Around 2014 (Alice Case) and What Would Happen Till 2025
clip aged reasonably well
CNN Contributes to Demolition of the Open Web
Reprinted with permission from Ryan Farmer
Eben Moglen on Encryption and Anonymity
The alternate net we need, and how we can build it ourselves
Yet More Microsofters Inside the Board of Mozilla (Which Has Just Outsourced Firefox Development to Microsoft's Proprietary Prison)
Do you want a browser controlled (and spied on) by such a company?
IRC Proceedings: Monday, December 04, 2023
IRC logs for Monday, December 04, 2023
GNU/Linux Now Exceeds 3.6% Market Share on Desktops/Laptops, According to statCounter
things have changed for Windows in China
Over at Tux Machines...
GNU/Linux news
Links 05/12/2023: Debt Brake in Germany and Layoffs at Condé Nast (Reddit, Wired, Ars Technica and More)
Links for the day
[Meme] Social Control Media Giants Shaping Debates on BSDs and GNU/Linux
listening to random people in Social Control Media
Reddit (Condé Nast), Which Has Another Round of Layoffs This Month, Incited People Against GNU/Linux Users (Divide and Rule, It's 2003 All Over Again!)
Does somebody (perhaps a third party) fan the flames?
Who Will Hold the Open Source Initiative (OSI) Accountable for Taking Bribes From Microsoft and Selling Out to Enable/Endorse Massive Copyright Infringement?
it does Microsoft advocacy
Using Gemini to Moan About Linux and Spread .NET
Toxic, acidic post in Gemini
Web Monopolist, Google, 'Pulls a Microsoft' by Hijacking/Overriding the Name of Competitor and Alternative to the Web
Gulag 'hijacking' 'Gemini'
Links 04/12/2023: Mass Layoffs at Spotify (Debt, Losses, Bubble) Once Again
Links for the day
ChatGPT Hype/Vapourware (and 'Bing') Has Failed, Google Maintains Dominance in Search
a growing mountain of debt and crises
[Meme] Every Real Paralegal Knows This
how copyright law works
Forging IRC Logs and Impersonating Professors: the Lengths to Which Anti-Free Software Militants Would Go
Impersonating people in IRC, too
IRC Proceedings: Sunday, December 03, 2023
IRC logs for Sunday, December 03, 2023
GNU/Linux Popularity Surging, So Why Did MakeUseOf Quit Covering It About 10 Days Ago?
It's particularly sad because some of the best articles about GNU/Linux came from that site, both technical articles and advocacy-centric pieces
Links 04/12/2023: COVID-19 Data Misused Again, Anti-Consumerism Activism
Links for the day