Our phone numbers... The ultimate ID for covert info harvesting.

Post Reply
circuitbored
Site Admin
Posts: 102
Joined: Fri Aug 18, 2017 9:03 pm

Our phone numbers... The ultimate ID for covert info harvesting.

Post by circuitbored » Mon Jun 26, 2023 6:10 pm

It may seem to be a minor thing, but there's a reason why your phone number is required for many sites now, even when they don't really need to have that information.

About 4-6 years ago, the need for MFA (Multi-Factor Authentication) was imposed upon many for using applications in order to ensure a "higher" level of security in authenticating that a user belonged to a log-in. This practice crept into social media and many other applications, because those application owners wanted to ensure that a UUID (Unique User Identification) could be established for pretty much anyone who ran a user account on their sites.

After years of complacency with giving our phone number out for everything from health care applications to a grocery store discount card, I think very few people realize that the phone number they've held for years is much more consistently the same than user account names we register, and even more consistent than our real life names, which can change when we get married or even use a nickname.

A phone number these days is often tied to a mobile device that we had to tie to our real identity when we activated it with a mobile service provider. It is also an account we are required to pay on to keep active. We also cannot simply use a burner phone to register our accounts because the moment it is deactivated, we cannot make changes to nor modify the accounts tied to that phone number because we will no longer receive the text messages to confirm changes to our connected user accounts on a deactivated line.

If our active phone number is tied to our identity and connected to many accounts (from Facebook to a CVS pharmacy card) this enables a vast amount of data to be stored under it as a Unique User Identifier that eliminates common problems in info harvesting like two users with the same name in common, as each phone number is unique by nature.

The types of information that can be harvested and shared across social media can include everything from all credit card purchases, to medications used, to all our social media posts, our physical location, to information about our savings and employment. Not everyone in this world needs access to that information in part or in whole, but increasingly as information harvesting becomes more and more prevalent as a factor of our lives, we need to be aware about how our data and devices are weaponized against us. Sites used to utilize email addresses for user verification, and some still do thank goodness, otherwise it may become a definite reality that we'll simply need to totally avoid applications that demand this information from us as a condition of use.

I have noticed that having more than one account on social media (one business, one personal) often creates a similar experience (the number and reach of posts, views, likes, ads) across the accounts when a common phone number was shared between them no matter what I did, while using accounts from friends or from clients of mine, the experience and even views and likes were completely different for the very same posts. That among other tests I did made me curious enough to consider what the common factor across my accounts was, the only answer being my phone number entered during account registration. Even when I log out and delete all my information in an application, a similar user experience often comes back even on accounts with a totally different name and configuration if I use the very same phone number associated with my account. Your phone number also works on desktop applications to regulate your user experience because your mobile device is still often required for authentication by the way...

Many scammers and impersonators have learned to counter this identification scheme by using disposable numbers, disposable phones, and voice over IP solutions, but for us as honest consistent phone number holders, we cannot simply change our number every time we want to reset our online ID. I think it's becoming more important for us to realize that this issue can be used against us more and more into the future, and to begin putting pressure on law makers to protect us from applications and services demanding our phone numbers when they don't need them.

As phone numbers are often a common thread in all of our lives over many years, I urge everyone to evaluate the services and applications they have stored/entered their phone numbers into, and whether that service truly needed your number or not. Last time I checked, Twitter and Facebook have never had any reason to call or text me, and I'd probably be freaked out if they ever did.

Post Reply