Why the Facebook contact uploader vulnerability and subsequent hackbreachleak matters. Phone numbers are the ideal attack surface to force multiply other vulnerabilities. Facebook exposed non-public information and needs to answer for it.
As I learned from today’s Spaces call:
—FB’s contact sync was vulnerable to a malicious attacker who could enumerate phone numbers to harvest FB IDs. This revealed non-public information
—attacker then scraped accounts by FB ID
—API limits woefully inadequate/trivial to cheat
—botnets would enable easy circumvention of throttling of lookups per user per session
—Facebook silently changing user prefs made it confounding to know how your phone number was used; default settings put risks on users
—expect probe of who knew what when as FB deflects & spins
I didn’t catch the whole Spaces session so I look forward to learning about the other big points I missed.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Wow. @ashk4n reveals that his 2FA phone number which was different from the phone number he associated to his account was leaked in the contact sync vulnerability. Private information was most certainly breached. Facebook must be pushed on its subterfuge, when it knew what when.
Wow. @intdc explains how Facebook silently changing its confusing privacy settings set the stage for this catastrophic leak by making it too difficult to realize the difference between the visibility of your phone number vs. lookup by phone number. Cambridge Analytica déjà vu.
You can now check @haveibeenpwned to see if your Facebook account data is among the half-billion leaked and circulating. You know that breach that Facebook insists has no responsibility for because it’s an “old” breach. haveibeenpwned.com
FWIW I deactivated my Facebook in 2018 so it was protected from the breach. The only safe account is an inert or deleted account.
CAVEAT: @haveibeenpwned only checks if your email is in leaked data. Most of the Facebook records are uniquely identifiable by phone number, not emails. So unless someone else builds a phone query tool or Facebook notifies folks… ¯\_(ツ)_/¯
Proactively managing one’s own health data strikes me as an act of personal interest and liberty. Likewise, private interests are at liberty to impose requirements upon customers as terms and conditions of service. The problem is we don’t enjoy fundamental #DataRights in the USA.
In other words, we might find a digital vaccine record more acceptable if all data collecting entities were legally bound to disclose our data, its processing, sharing, and provide unobstructed revocation of consent. Exists in the EU. Not in the USA. #DataRights
So until the USA establishes fundamental #DataRights similar to the EU, CA, VA, etc., paper vaccine records could minimize digital monetization at least, and help maintain the minimal protections afforded by HIPAA. Without any safeguards tho, concerns of eventual abuse are real.
an NFT of a blueprint by a famous architect becoming more valuable than the real estate it planned, still standing today, preserved and insured by its owners, a magical beautifully designed house that you can actually live in
the next occupy wall st will be a revolt on NFTs that have caused a collapse having too many blueprints refinancialized into NFT default swaps and corresponding collateralized debt obligations re-mark to marketed into new tokens with ever more exotic gas fees
you could maybe finance your next house on the inevitable NFT blueprint market and so then you can obviously afford to import tulips for your requisite landscaping it would be so perfect and poetic
Softblocking is the most important twitter skill no one ever taught you.
Block and then undo the block in the few seconds you’re offered. You’ve just managed to make the offender unfollow you and they have to be very smart and conscientious to notice they have unfollowed you. Most will never realize they lost you as a trigger for their snowflakery.
I don’t block unless you’re an obvious fascist or ultra nationalist and then you should eat a bag of dicks and no you cannot enjoy my tweets for free you scum
are there tokens that monetize the rescuing of life on earth from extinction cuz i might buy those or nah because capitalism can’t do that
lifetoken: the ultimate store of value; completely biologically automated with no human-intervention, driven by genetic bio mechanics, achieves maximum growth efficiency with natural algorithms based on fibonacci’s sequence; not only carbon neutral, but massively carbon negative
⬆️this is just genesis from the bible and and watson & crick, miesher translated into cryptobranding btw i’m just spitballing here