2FA issues

[Mayayana]

I'm just wondering how people deal with two factor
authentication problems. Twice I've tried to help
brothers get into their gmail and failed because they
didn't have 2FA. In one case I had to give up, as Google
continued to crack down.

Generally I don't use any online services, so it hasn't
been an issue for me, but now I'm looking into crypto.
They require a cellphone message code for security. That's
good. But what if I lose my cellphone and can't get that
number back? With services all automated there's no
human to contact. Messages won't go to landlines. Most
services don't seem to allow multiple cellphone numbers...

So I'm curious whether people have run into such problems
and what the solutions were. It's bad enough losing your email,
but losing your money because you don't have you cellphone
would be a much bigger problem.

[Joerg Lorenz]

Am 07.03.22 um 18:15 schrieb Mayayana:

> I'm just wondering how people deal with two factor
> authentication problems. Twice I've tried to help
> brothers get into their gmail and failed because they
> didn't have 2FA. In one case I had to give up, as Google
> continued to crack down.

I do not need 2FA to log into my Google-account. I do not have it and I
do not want it. Google is not important for me. On my Pixel and on my
computers I do it with a PW and my Gmail-address.

Differently with iCloud.There I do have 2FA. For third party apps I need
an application-specific PW from iCloud than it works. I use that on
various devices.

> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...
>
> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

A phone can be completely wiped and reset to factory settings OTA.


--
De gustibus non est disputandum

[nospam]

In article <t05ejo$tvp$1...@dont-email.me>, Mayayana

<maya...@invalid.nospam> wrote:

> I'm just wondering how people deal with two factor
> authentication problems. Twice I've tried to help
> brothers get into their gmail and failed because they
> didn't have 2FA. In one case I had to give up, as Google
> continued to crack down.
>
> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...

you're referring to sms authentication, which is a bad idea for many
reasons.

a much better method is a totp app (there are many), which generate a
code locally based on a seed and the current time, which needs to match
the code generated on the server.

in the event your phone is lost or stolen or even out of a service area
and unable to receive an sms, you can use another device to run the
totp app. with a desktop totp app, you don't even need a cellphone at
all.

another option is use one of the backup codes that were generated when
2fa was initially set up, which are intended for such a scenario.

also, most companies *do* have human contacts, such as banks, who can
grant access.

> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

nothing is lost. only your online access is blocked until you can
authenticate in some other manner, which can be via an app, backup code
or a phone call.

keep in mind that the whole point of 2fa is to make it difficult for
people who don't have the 2nd factor, namely the bad guys.

[AJL]

I use the Google Authenticator app. No SMS required. I have it installed
on several devices so that if I lose my phone I'm not SOL.

When I put my Google account on a NEW device it opens the Authenticator
screen on any other device in which it's installed and you just have to
push the 'yes it's me' button and you're in on the new device.

I have my devices set up to only require authentication ONCE to verify
the device. After that it's a 'trusted device' and requires no more
verification, though it can be set up to require verification each time
but to me the extra security isn't worth the extra hassle. YMMV...

[nospam]

In article <t05gkk$8je$1...@dont-email.me>, AJL <noe...@none.com> wrote:

> I have my devices set up to only require authentication ONCE to verify
> the device. After that it's a 'trusted device' and requires no more
> verification, though it can be set up to require verification each time
> but to me the extra security isn't worth the extra hassle. YMMV...

some sites do that for a short period of time, generally 2-4 weeks,
after which you need to use a code again, for another block of time.

[AJL]

On 3/7/2022 10:54 AM, nospam wrote:

> AJL <noe...@none.com> wrote:
>> On 3/7/2022 10:15 AM, Mayayana wrote:

>> I'm just wondering how people deal with two factor authentication
>> problems. Twice I've tried to help brothers get into their gmail
>> and failed because they didn't have 2FA. In one case I had to give
>> up, as Google continued to crack down.

>> I have my devices set up to only require authentication ONCE to
>> verify the device. After that it's a 'trusted device' and requires
>> no more verification, though it can be set up to require
>> verification each time but to me the extra security isn't worth the
>> extra hassle. YMMV...

> some sites do that for a short period of time, generally 2-4 weeks,
> after which you need to use a code again, for another block of time.

I'm talking about the 2FA needed to use Google services (like Gmail) on
a particular device as I thought the OP was (above). No time limits are
involved. If he was talking about something else then disregard...

[nospam]

In article <t05hvg$8vs$1...@dont-email.me>, AJL <noe...@none.com> wrote:

> >> I have my devices set up to only require authentication ONCE to
> >> verify the device. After that it's a 'trusted device' and requires
> >> no more verification, though it can be set up to require
> >> verification each time but to me the extra security isn't worth the
> >> extra hassle. YMMV...
>
> > some sites do that for a short period of time, generally 2-4 weeks,
> > after which you need to use a code again, for another block of time.
>
> I'm talking about the 2FA needed to use Google services (like Gmail) on
> a particular device as I thought the OP was (above). No time limits are
> involved. If he was talking about something else then disregard...

i said *some* sites have a time limit. not all of them, and not any
particular ones.

also, the 2fa codes can be auto-filled by a browser extension, along
with the id/password, so it doesn't really matter if it asks again.

[AJL]

Again, I'm talking about certifying a NEW device for Google services
(like the OP's Gmail problem). There are no sites or time limits
involved. Google Authenticator can be used with sites but that's NOT
what I was suggesting...

[nospam]

In article <t05kv9$c4m$1...@dont-email.me>, AJL <noe...@none.com> wrote:

> >>>> I have my devices set up to only require authentication ONCE to
> >>>> verify the device. After that it's a 'trusted device' and
> >>>> requires no more verification, though it can be set up to
> >>>> require verification each time but to me the extra security
> >>>> isn't worth the extra hassle. YMMV...
> >>
> >>> some sites do that for a short period of time, generally 2-4
> >>> weeks, after which you need to use a code again, for another
> >>> block of time.
> >>
> >> I'm talking about the 2FA needed to use Google services (like
> >> Gmail) on a particular device as I thought the OP was (above). No
> >> time limits are involved. If he was talking about something else
> >> then disregard...
> >
> > i said *some* sites have a time limit. not all of them, and not any
> > particular ones. also, the 2fa codes can be auto-filled by a browser
> > extension, along with the id/password, so it doesn't really matter if
> > it asks again.
>
> Again, I'm talking about certifying a NEW device for Google services
> (like the OP's Gmail problem).

google isn't the only site that offers 2fa. google doesn't have a time
limit, but some other sites do, and some sites require a code every
time. there is no single rule for every site.

> There are no sites or time limits
> involved. Google Authenticator can be used with sites but that's NOT
> what I was suggesting...

google authenticator can be used with any site that uses totp, as can
any number of other totp apps. some people use more than one totp app
as a backup, in case one app stops working for some reason.

[Chris]

Mayayana <maya...@invalid.nospam> wrote:
> I'm just wondering how people deal with two factor
> authentication problems. Twice I've tried to help
> brothers get into their gmail and failed because they
> didn't have 2FA. In one case I had to give up, as Google
> continued to crack down.
>
> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security.

Whatever you do don't use SMS to secure your crypto exchange account. It is
not secure and you could easily lose it all.

> That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...

Use an authenticator app. There are several available and register at least
two so if you lose one you'll always have the other as backup. Or generate
backup codes and store then safely.

> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

Yes. You need to do more research if you're getting into crypto as there's
many ways you can lose money. There's no regulation and no come back.

[Frank Slootweg]

Mayayana <maya...@invalid.nospam> wrote:

[Irrelevant and distracting scenario deleted.]

> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...
>
> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

Check with the crypto services provider if they have some better '2FA'
method than using a SMS message. If they're a serious provider, they
*should* have something better. For example an authenticator app, a
token generator, etc..

But failing that, you *should* be able to get your number back and get
a replacement SIM (and get a new/replacement phone). If not, there's
something fundamentally wrong with your mobile phone service provider,
i.e. it has nothing to do with '2FA'.

Back to the irrelevant/distracting bit:

As you're posting this in comp.mobile.android, I assume you have an
Android smartphone and 'hence' a Google Account. If so, have a look at
the '2-Step Verification' section of your Google Account. That show
which '2FA' options a Google Account has and that will give some idea
what *other* (non-Google) services might have to offer. Using the Help
('(?)') gives some more background on what is what and how to use it.

(See '2-Step Verification' in the 'Signing in to Google' section on your
Google Account's Security page (<https://myaccount.google.com/security>.)

[Andy Burnelli]

Mayayana wrote:

> I'm just wondering how people deal with two factor
> authentication problems.

Buyer Beware on 2FA.
Have you seen the lawsuit against Apple with respect to permanent 2FA?

As I understand it, once you switch to 2FA, you can _never_ switch it off
after a short time period of testing it out has expired (something like
that).

Let me dig up the lawsuit as I don't make anything up like iKooks do.
<https://duckduckgo.com/?q=apple+2fa+lawsuit>

Here's the first hit, dated February 2019:
*Apple sued for forcing 2FA on accounts*
<https://nakedsecurity.sophos.com/2019/02/12/apple-sued-for-forcing-2fa-on-accounts/>
"claiming that the company forces users into a two-factor authentication
(2FA) straitjacket that they can't shrug off, that it takes up to five
minutes each time users have to enter a 2FA code, and that the time
suck is causing "economic losses" to him and other Apple customers.
The lawsuit... is accusing Apple of "trespass," based on Apple's
"locking [Brodsky] out" of his devices by requiring 2FA that
allegedly can't be disabled after two weeks."

However, further down on the hist list is this April 2020 article:
*Apple 2FA Case Dismissed by California Federal Court*
<https://securitycurrent.com/no-good-deed-apple-2fa-case-dismissed-by-california-federal-court/>
"The class action lawsuit alleged that the 2FA "intercepted" their
access to third party apps, and "virtually dispossessed" them from
using those apps. They sued under the theories that Apple's 2FA was
a "trespass to chattels," violated the California right to privacy law,
was an unauthorized access to a computer in violation of federal
and state computer crime laws, and that Apple was "unjustly enriched"
by its horrible actions."

"On April 7, 2020, California Federal Judge Lucy Koh granted Apple's
motion to dismiss the lawsuit in its entirety. The Court ruled that
all of the actions complained of - the updating of the code,
the installation of the 2FA authentication, the "trespass" to
chattels - all were expressly authorized by the Plaintiffs
when they updated the software"

I guess I authorized Apple to destroy my iPads when I used iOS too.
1. Apple "ID Verification" prompts come up ten, twenty or more times a day.
<https://i.postimg.cc/LXzB3Lc0/appleid01.jpg>
2. Apple "Sign-in to iCloud" prompts come up a dozen or more times a day.
<https://i.postimg.cc/Y9kkj19v/appleid12.jpg>
3. Apple won't let you sign in even with the _correct_ login & password.
<https://i.postimg.cc/8zSvshQf/appleid04.jpg>
4. The Apple web site is so poorly designed it doesn't even tell you why.
<https://i.postimg.cc/SKGfmgnK/appleid05.jpg>
5. Eventually, as it did with one of my iPads already, Apple destroys it.
<https://i.postimg.cc/g008YhxP/appleid02.jpg>
<https://i.postimg.cc/q75t7MSk/appleid03.jpg>
6. On my 2nd iPad, the Apple apps stop working (but everything else works!)
<https://i.postimg.cc/hhFNJ5mq/appleid010.jpg>
7. Every single day, many times a day, you're confronted with tracking crap
such as this "Some account services require you to sign in again"
<https://i.postimg.cc/nrFHSvby/appleid11.jpg>
8. Interestingly, you can update your iOS (which I almost never do) as shown
here where I updated this week from iOS 13 to iOS 15 (and it let me).
<https://i.postimg.cc/nLjqk2HD/osupdate03.jpg>
9. And you can wipe out your Siri recordings (due to the recent zero-day).
<https://i.postimg.cc/sfZ0XP71/osupdate02.jpg>
10. Yet Apple tracking servers still require "Apple ID Verification"
<https://i.postimg.cc/gj0r2cBP/osupdate01.jpg>
11. And, you can install an app, but if you delete it, you can't re-install.
<https://i.postimg.cc/bJPKDSZ1/osupdate04.jpg>
<https://i.postimg.cc/ZR5mZ287/appleid07.jpg>
12. In the end, if you attempt that forced validation on VPN, Apple
unilaterally destroys your investment by locking you out of it forever!
<https://i.postimg.cc/q75t7MSk/appleid03.jpg>
13. All because Apple tracking servers _require_ periodic ID verification.
<https://i.postimg.cc/8k3GQyj4/appleid09.jpg>
<https://i.postimg.cc/q75t7MSk/appleid03.jpg>

[AJL]

On 3/7/2022 12:17 PM, nospam wrote:

> google isn't the only site that offers 2fa.

It is for the OP's friend's 2FA Gmail problem.

> google doesn't have a time limit, but some other sites do, and some
> sites require a code every time. there is no single rule for every
> site.

Other sites have nothing to do with the OP's Friend's 2FA Gmail problem.

> google authenticator can be used with any site that uses totp, as can
> any number of other totp apps. some people use more than one totp app
> as a backup, in case one app stops working for some reason.

All very interesting but little to do with the OP's Friend's Gmail 2FA
problem...

[nospam]

In article <t05pd5$fiu$1...@dont-email.me>, AJL <noe...@none.com> wrote:

>
> Other sites have nothing to do with the OP's Friend's 2FA Gmail problem.

he said he was also looking at crypto sites.

his question was about 2fa in general and what happens if the phone is
lost or stolen. different sites handle that differently.

[nospam]

In article <t05onb$1b8o$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

> Have you seen the lawsuit against Apple with respect to permanent 2FA?

it was dismissed because it was laughably stupid.

as expected, you fail to mention that google is also requiring 2factor:
<https://arstechnica.com/gadgets/2021/11/google-wants-every-account-to-u
se-2fa-starts-auto-enrolling-users/>
Two-factor authentication is coming to Google accounts whether you
want it or not.

also as expected, you fail to mention that various other companies also
require 2factor.

unfortunately, we live in a world where it's needed.

> As I understand it,

you don't.

> once you switch to 2FA, you can _never_ switch it off
> after a short time period of testing it out has expired (something like
> that).

that's a good thing.

the reality is that people use easy to guess passwords across multiple
sites and password leaks are common, which means 2factor should always
be used for a reasonable level of security.

> Let me dig up the lawsuit as I don't make anything up like iKooks do.
> <https://duckduckgo.com/?q=apple+2fa+lawsuit>
>
> Here's the first hit, dated February 2019:
> *Apple sued for forcing 2FA on accounts*
>
> <https://nakedsecurity.sophos.com/2019/02/12/apple-sued-for-forcing-2fa-on-acc
> ounts/>
> "claiming that the company forces users into a two-factor authentication
> (2FA) straitjacket that they can't shrug off, that it takes up to five
> minutes each time users have to enter a 2FA code, and that the time
> suck is causing "economic losses" to him and other Apple customers.
> The lawsuit... is accusing Apple of "trespass," based on Apple's
> "locking [Brodsky] out" of his devices by requiring 2FA that
> allegedly can't be disabled after two weeks."

none of that is credible.

using 2 factor is not even close to five minutes extra and there are
*no* economic losses whatsoever. their claims are ludicrous.

it takes maybe a couple of extra seconds, and that's if the user is
slow.

> However, further down on the hist list is this April 2020 article:
> *Apple 2FA Case Dismissed by California Federal Court*

no surprise there, because it was a baseless lawsuit, intended to grift.

[AJL]

On 3/7/2022 2:04 PM, nospam wrote:
> AJL <noe...@none.com> wrote:

>> Other sites have nothing to do with the OP's Friend's 2FA Gmail
>> problem.

> he said he was also looking at crypto sites.

Ah. But if so why not instead answer HIS POST and position it RIGHT
UNDER his crypto comment instead of on my later post and thus confusing
it with my expert treatise on using the Google Authenticator app (with
no sites or time limits required) to verify a device as perhaps one way
to make his friend's Gmail work?

> his question was about 2fa in general and what happens if the phone
> is lost or stolen. different sites handle that differently.

Ah. But if so why not answer HIS POST and position it RIGHT UNDER his
2FA in general comment and his lost phone comment instead on my later
post and thus confusing it with my expert treatise on using the Google
Authenticator app (with no sites or time limits required) to verify a
device as perhaps one way to make his friend's Gmail work...

[nospam]

In article <t05ua2$osp$1...@dont-email.me>, AJL <noe...@none.com> wrote:

> >> Other sites have nothing to do with the OP's Friend's 2FA Gmail
> >> problem.
>
> > he said he was also looking at crypto sites.
>
> Ah. But if so why not instead answer HIS POST and position it RIGHT
> UNDER his crypto comment instead of on my later post and thus confusing
> it with my expert treatise on using the Google Authenticator app (with
> no sites or time limits required) to verify a device as perhaps one way
> to make his friend's Gmail work?

i did respond to his post.

i responded to yours specifically about timeouts.

[Andy Burnelli]

nospam wrote:

>> Have you seen the lawsuit against Apple with respect to permanent 2FA?
>
> it was dismissed because it was laughably stupid.

Apple fucks its customer almost every chance that Apple gets to fuck them.

Whether or not that one lawsuit was dismissed doesn't change the fact that
2FA for Apple is apparently _PERMANENT_ (i.e., you can't change your mind).

At least not after two weeks you can't.
The judge didn't rule on that part of the lawsuit, nospam.

That lawsuit simply changed this observation:
*Apple fucks you every chance Apple gets.*
Into this observation:
*Apple _legally_ fucks you every chance Apple gets.*

The judge simply said Apple can fuck you all they want to because...

"all were expressly authorized by the Plaintiffs
when they updated the software"

The judge claimed you _allowed_ Apple to fuck you.
But that doesn't change the fact that Apple fucked you.

Just like Apple fucked up both my iPads simply for avoiding their logins.
--
Nobody has the marketing expenditure or the lack of R&D expenses than Apple.

[Mayayana]

"AJL" <noe...@none.com> wrote

| > google isn't the only site that offers 2fa.
|
| It is for the OP's friend's 2FA Gmail problem.
|

No. I'm just talking about general 2FA. I don't use anything
Google. What I'm dealing with right now is signing up for
crypto. They can only accept a cellphone. My bank can also
use a landline. A computer calls and speaks the number. But
crypto won't work with the landline. The call never comes
through.

In the case of my brothers, only one of them has any device
other than cellphone. So the Google app might be useful for
one of them. But I'm really just asking about the general issue,
not about Google.

[Mayayana]

"Frank Slootweg" <th...@ddress.is.invalid> wrote

| Check with the crypto services provider if they have some better '2FA'
| method than using a SMS message. If they're a serious provider, they
| *should* have something better. For example an authenticator app, a
| token generator, etc..
|

I'm just asking about 2FA on cellphones. I don't
want an app and not all services can use it. Plus,
I'd still need the phone.

| But failing that, you *should* be able to get your number back and get
| a replacement SIM (and get a new/replacement phone). If not, there's
| something fundamentally wrong with your mobile phone service provider,
| i.e. it has nothing to do with '2FA'.
|

Tracfone. I don't want to depend on being able to
get that number back, but it's good to know that I
might be able to.

| Back to the irrelevant/distracting bit:
|
| As you're posting this in comp.mobile.android, I assume you have an
| Android smartphone and 'hence' a Google Account. If so, have a look at
| the '2-Step Verification' section of your Google Account.

No, I don't. What is this obsession people have with
Google? I just want to know what people have
experienced with 2FA. I have Android but disable
everything Google and have no intention of using anything
Google. I never signed up for a Google account. *I'm not
asking about Google anything.*

[nospam]

In article <t05vf7$for$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

> Whether or not that one lawsuit was dismissed doesn't change the fact that
> 2FA for Apple is apparently _PERMANENT_ (i.e., you can't change your mind).

just like google and many other sites.

> At least not after two weeks you can't.

2fa should be required everywhere.

unfortunately, we live in a world where security breaches are common,
nearly all of which could be avoided with 2fa.

> The judge didn't rule on that part of the lawsuit, nospam.

the judge tossed the entire case because it was laughably stupid.

[AJL]

On 3/7/2022 3:03 PM, Mayayana wrote:
> "AJL" <noe...@none.com> wrote

>> It is for the OP's friend's 2FA Gmail problem.

> No. I'm just talking about general 2FA. I don't use anything
> Google.

Ah. My error. Generated some tit for tat fun though. Carry on...

[Andy Burnelli]

nospam wrote:

> just like google and many other sites.

FACT:
*If you set up 2FA on an Apple product - Apple will never let you drop it*

Every time Apple fucks the customer, you say everyone else fucks them too.
Doesn't Apple have any free will nospam?

>> At least not after two weeks you can't.
>
> 2fa should be required everywhere.

That's your opinion and you're welcome to that opinion, nospam.
I would suggest that there are many people who believe otherwise.

>> The judge didn't rule on that part of the lawsuit, nospam.
>
> the judge tossed the entire case because it was laughably stupid.

The case was "laughably stupid" on certain parts I would agree, because they
tried to fit the case to existing law on damages.

However, the salient fact is that Apple fucks you when you choose 2FA.
Ooops. I mean Apple _legally_ fucks you when you choose to set up 2FA.

As the judge ruled, it's your own fault for setting up 2Fa in the 1st place:
*The permanent 2FA walled-prison-garden was "expressly authorized*
*by the Plaintiffs when they updated the software"*

The fact remains a warning to _anyone_ setting up 2FA:
*If you set up 2FA on an Apple product - Apple will never let you drop it*
--
Never forget nobody in high tech spends less than does Apple on R&D costs.

[Chris]

Mayayana <maya...@invalid.nospam> wrote:
> "AJL" <noe...@none.com> wrote
>
> | > google isn't the only site that offers 2fa.
> |
> | It is for the OP's friend's 2FA Gmail problem.
> |
> No. I'm just talking about general 2FA. I don't use anything
> Google. What I'm dealing with right now is signing up for
> crypto. They can only accept a cellphone.

Don't use SMS. Use an authenticator app like Authy. If the service you're
wanting sign up only does SMS ditch them.

[nospam]

In article <t061rv$1fbd$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

> >
> > 2fa should be required everywhere.
>
> That's your opinion and you're welcome to that opinion, nospam.

one which is shared by security experts, along with anyone with even an
inkling of common sense.

> I would suggest that there are many people who believe otherwise.

many people believe the earth is flat and that trump is still president.

that doesn't make either true.

> However, the salient fact is that Apple fucks you when you choose 2FA.

i chose 2fa and have not been fucked by apple. do they send out an
invite or does someone just show up one night?

does google fuck you when choosing 2fa?

the question on many people's minds is if you choose 2fa for both at
the same time, will it be a threesome?

[nospam]

In article <t062oh$opc$1...@dont-email.me>, Chris <ithi...@gmail.com>
wrote:

> Don't use SMS. Use an authenticator app like Authy.

yep.

> If the service you're
> wanting sign up only does SMS ditch them.

unfortunately, that is not always an option.

[Andy Burnelli]

nospam wrote:

> that doesn't make either true.

You claiming that it was Google who made Apple do it doesn't make that true.
Every time Apple does what you hate, you claim Google made Apple do it.

*If what you claim is true, then Apple has no free will*.

Anyway, you're almost always wrong so I opened a thread to find out if you
are dead wrong this time since you didn't provide facts for your statements.

*Is 2FA/2SV permanent the instant you set it up for a Google Account?*
<https://groups.google.com/g/comp.mobile.android/c/y5qWOLL5R4A>

All I care about is the factual truth.

[Frank Slootweg]

Mayayana <maya...@invalid.nospam> wrote:
> "Frank Slootweg" <th...@ddress.is.invalid> wrote
>
> | Check with the crypto services provider if they have some better '2FA'
> | method than using a SMS message. If they're a serious provider, they
> | *should* have something better. For example an authenticator app, a
> | token generator, etc..
> |
> I'm just asking about 2FA on cellphones. I don't
> want an app and not all services can use it. Plus,
> I'd still need the phone.

Yes, we know what you asked, but you don't get to choose the answers!
:-)

As also has been mentioned by others, crypto and SMS is a very bad
combination, basically a "Don't go there!" area.

So for all intents and purposes, it doesn't matter that you "don't
want and app", you *will* have to use an 'app', whether you like it or
not. And BTW, an 'app' isn't necessarily a *smartphone* app, but can be
a Windows (or Linux) program and can sometimes be a dedicated hardware
device (a token generator).

> | But failing that, you *should* be able to get your number back and get
> | a replacement SIM (and get a new/replacement phone). If not, there's
> | something fundamentally wrong with your mobile phone service provider,
> | i.e. it has nothing to do with '2FA'.
>
> Tracfone. I don't want to depend on being able to
> get that number back, but it's good to know that I
> might be able to.

They *must* be able to give you the number back and a replacement SIM.
If not, sue them! :-)

> | Back to the irrelevant/distracting bit:
> |
> | As you're posting this in comp.mobile.android, I assume you have an
> | Android smartphone and 'hence' a Google Account. If so, have a look at
> | the '2-Step Verification' section of your Google Account.
>
> No, I don't. What is this obsession people have with
> Google? I just want to know what people have
> experienced with 2FA. I have Android but disable
> everything Google and have no intention of using anything
> Google. I never signed up for a Google account. *I'm not
> asking about Google anything.*

Well, you posted in comp.mobile.android and talked about Google (for
your brothers), so if your use is the odd one out, you should say so and
not lecture people about being obsessed with Google.

[nospam]

In article <t06h7e$asi$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

>
> You claiming that it was Google who made Apple do it doesn't make that true.

i never said any such thing.

security is very important, and unlike you, both apple and google take
it very seriously.

> All I care about is the factual truth.

no you don't. all you care about is lying and trolling.

[Mayayana]

"Frank Slootweg" <th...@ddress.is.invalid> wrote

| > |
| > I'm just asking about 2FA on cellphones. I don't
| > want an app and not all services can use it. Plus,
| > I'd still need the phone.
|
| Yes, we know what you asked, but you don't get to choose the answers!

Actually I have found this informative. I realize now
that most people consider their cellphone number part
of their identity and don't care about privacy in that
regard. So when I ask how people manage when they
lose their cellphone, they don't get the problem. Verizon,
Google, and half the Internet is already tracking them
and knows who they are.

I bought a Tracfone, which I rarely use, and
have never shared my personal info with them. So
I was coming at it from a different angle. I'm not sure
I'd have any basis to get my number back with a new
phone. I don't even know what my number is offhand.
And Tracfone don't know it's me.

I'm now looking into Authy, which apparently can store
my ID on various desktops, to then transfer to a cellphone.
That sounds more dependable. Though it means depending
on an online service for security. Brave new world.

I'm surprised that companies seem to think such a service
is more dependable than text message, despite the risk of
something like Authy being hacked at the server, but that
does seem to be the consensus.

[nospam]

In article <t08iqn$76m$1...@dont-email.me>, Mayayana

<maya...@invalid.nospam> wrote:

> I'm now looking into Authy, which apparently can store
> my ID on various desktops, to then transfer to a cellphone.
> That sounds more dependable. Though it means depending
> on an online service for security. Brave new world.

the codes are calculated locally. no online service needed. that's a
key benefit of totp.

backup/sync uses the cloud, but that's optional. it's extremely useful,
but not required.

> I'm surprised that companies seem to think such a service
> is more dependable than text message, despite the risk of
> something like Authy being hacked at the server, but that
> does seem to be the consensus.

unlike text messages, which are sent in the clear over an insecure
channel, what's backed up at authy is encrypted, using a key only you
know.

[Chris]

For crypto which was the OP's situation, it is.

[Chris]

Mayayana <maya...@invalid.nospam> wrote:
>
>
> I'm now looking into Authy, which apparently can store
> my ID on various desktops, to then transfer to a cellphone.

That's not how it works.

> That sounds more dependable. Though it means depending
> on an online service for security. Brave new world.

It's not an online service. No internet access is required once it's
installed.

> I'm surprised that companies seem to think such a service
> is more dependable than text message, despite the risk of
> something like Authy being hacked at the server, but that
> does seem to be the consensus.

It's trivial to spoof SMS texts and many people have lost thousands through
SMS scams. Not possible with an authenticator like Authy.

[Andy Burnelli]

nospam wrote:

>> You claiming that it was Google who made Apple do it doesn't make that true.
>
> i never said any such thing.

We found the truth and you were so confident, but oh so very dead wrong.

*Is 2FA/2SV permanent the instant you set it up for a Google Account?*
<https://groups.google.com/g/comp.mobile.android/c/y5qWOLL5R4A>

The answer is nospam was either ignorant, or he lied, as Google does _not_
make 2FA/2SV permanent based on multiple inputs in that thread.

Apple does.
Google doesn't.

Given how confident nospam was in being dead wrong, either
a. nospam was either completely ignorant of what he brazenly claimed,
b. Or, he simply lied (hoping we'd never notice that he lied).
(Pick one.)

> security is very important, and unlike you, both apple and google take
> it very seriously.

Seriously nospam, face it that you have a very low IQ, and just accept it.
a. Yet again you brazenly lied to cover up what you _hate_ about Apple,
b. Or, you simply were oh so confident in what turns out to be dead wrong.
(Pick one.)

>> All I care about is the factual truth.
>
> no you don't. all you care about is lying and trolling.

The way it's obvious you have a very low IQ nospam is that when you're
caught dead wrong, you claim everyone else is lying and trolling.

And yet it was _you_ who claimed Google 2SV/2FA was permanent.
Why?

I don't know why.
I suspect you _hate_ that Apple fucks people with their permanent 2FA.

Nonetheless, you were Dunning Kruger left of the first quartile line.
a. You were so very confident in being so very dead wrong, or,
b. You simply lied, hoping nobody would notice.
(pick one)

You always blame someone else for Apple fucking the customer, nospam.
In this case, you blamed Google - as if Apple has no free will, nospam.
--
I don't care all child-like low-IQ iKooks are uneducated & of low self
esteem; but due to that, they feel the need to fabricate excuses for Apple.

[Frank Slootweg]

Mayayana <maya...@invalid.nospam> wrote:
> "Frank Slootweg" <th...@ddress.is.invalid> wrote
>
> | > |
> | > I'm just asking about 2FA on cellphones. I don't
> | > want an app and not all services can use it. Plus,
> | > I'd still need the phone.
> |
> | Yes, we know what you asked, but you don't get to choose the answers!
>
> Actually I have found this informative. I realize now
> that most people consider their cellphone number part
> of their identity and don't care about privacy in that
> regard.

AFAIC, that's a non sequitur. Yes most people probably "consider their
cellphone number part of their identity", but that doesn't mean they

"don't care about privacy in that regard".

Most people are probably somewhat careful with handing out their
mobile (or fixed) number, in order not be bothered by all kind of (voice
or text) 'spam'.

So when I ask how people manage when they
> lose their cellphone, they don't get the problem. Verizon,
> Google, and half the Internet is already tracking them
> and knows who they are.

Broken record! As I said before, "Google, and half the Internet" have
nothing to do with losing/recovering your phone/number.

> I bought a Tracfone, which I rarely use, and
> have never shared my personal info with them. So
> I was coming at it from a different angle. I'm not sure
> I'd have any basis to get my number back with a new
> phone. I don't even know what my number is offhand.
> And Tracfone don't know it's me.

Surely Tracfone must have *some* personal info about you? Your name,
billing account/address/<whatever>. Even for pre-paid with topup cards,
the SIM has to be registered, at least that's the case in most countries
(for crime/terrorism/etc. reasons ('burner phones')).

FWIW, my/our pre-paid providers have our name and address and can
probably trace the topup transactions to a bank-account/credit-card
number.

[Misconceptions about Authy/TOTP deleted, because already addressed by
nospam and Chris.]

[Andy Burnelli]

Frank Slootweg wrote:

> AFAIC, that's a non sequitur. Yes most people probably "consider their
> cellphone number part of their identity", but that doesn't mean they
> "don't care about privacy in that regard".

Mayayana is dead wrong, as usual (mainly because Mayayana's IQ is dismal).
Frank is correct

*Your cell phone number === your identity*
That's how they identified the FSB agent who reported the dead general.

Apparently the Russian secure communications in the Ukraine used 3G and 4G
cellular towers which were apparently destroyed by the Russians (go figure)
so the FSB, instead of using ERA, used normal cellphones to communicate.
[The news articles didn't say _how_ that works without towers though.]

The press (Bellingcat) apparently then ran an open source reverse phone
number lookup and identified the exact FSB agent who communicated the
desmise of Vitaly Gerasimov.

Google it if you don't believe me.
*The point is that your cell phone number === your identity*
--
That's one FSB agent who is going to be needing much warming clothing soon.

[Mayayana]

"Frank Slootweg" <th...@ddress.is.invalid> wrote

| Surely Tracfone must have *some* personal info about you? Your name,
| billing account/address/<whatever>. Even for pre-paid with topup cards,
| the SIM has to be registered, at least that's the case in most countries
| (for crime/terrorism/etc. reasons ('burner phones')).
|

No. It's anonymous. Why? Because there's no privacy
with cellphones. At the very least, Google is tracking location.
So I normally leave it turned off and keep it anonymous.

You're demonstrating my point. You actually can't conceive
of your cellphone not being tied to your identity. Thus, you
don't care about privacy. Or else you're surprisingly ignorant
of just how much your privacy is compromised by apps,
Google, and probably your service provider.

| FWIW, my/our pre-paid providers have our name and address and can
| probably trace the topup transactions to a bank-account/credit-card
| number.
|

Interesting. In the US none of that is required. I just
bought a phone and activated it.

[Andy Burnelli]

Mayayana wrote:

> You're demonstrating my point.

Mayayana === Moron

[nospam]

In article <t0aosm...@ID-201911.user.individual.net>, Frank

Slootweg <th...@ddress.is.invalid> wrote:

> > I bought a Tracfone, which I rarely use, and
> > have never shared my personal info with them. So
> > I was coming at it from a different angle. I'm not sure
> > I'd have any basis to get my number back with a new
> > phone. I don't even know what my number is offhand.
> > And Tracfone don't know it's me.
>
> Surely Tracfone must have *some* personal info about you? Your name,
> billing account/address/<whatever>. Even for pre-paid with topup cards,
> the SIM has to be registered, at least that's the case in most countries
> (for crime/terrorism/etc. reasons ('burner phones')).

it's possible to obtain a phone and sim without providing a real name
or address (and in some cases, no name at all), and depending on
carrier, also sign up for service without any of that info. buy top-up
cards with cash. use a disposable email if that's required.

tracfone requires an iccid (sim #) to continue the sign-up process
(which i don't have) so i don't know what additional information they
might require beyond that.

[Andy Burnelli]

nospam wrote:

> it's possible to obtain a phone and sim without providing a real name
> or address (and in some cases, no name at all), and depending on
> carrier, also sign up for service without any of that info. buy top-up
> cards with cash. use a disposable email if that's required.

I've thought about that but there are fatal flaws everywhere in those steps.

For example, when you buy the card, does the store have cameras.

AFAIK, if they're like Apple who ran a FACE-ID & did an automatic lookup,
the store could know (perhaps even in real time) who you are by your face.

AIR, there were lawsuits about Apple outsourcing your face to outfits who
did the identification & reported back to Apple, which we can dig up if
needed (as iKooks deny all facts they _hate_ about Apple no matter what).

But the point here is that there are plenty of flaws in nospam's argument.
Still, for the average guy, it's probably "private enough" for his needs.

[nospam]

In article <t0anon$u04$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

> > it's possible to obtain a phone and sim without providing a real name
> > or address (and in some cases, no name at all), and depending on
> > carrier, also sign up for service without any of that info. buy top-up
> > cards with cash. use a disposable email if that's required.
>
> I've thought about that

of course you have.

> but there are fatal flaws everywhere in those steps.

no there are not.

> For example, when you buy the card, does the store have cameras.

probably, but they are unlikely to keep the recordings forever.

you could wear a ski mask, except that in doing so, you'll stand out
among the crowd who does not, making it *easier* to identify you.

even if they were able to identify you from surveillance recordings,
they still don't know your name or address, at least not without
matching it to *other* information.

if an investigation is at the stage to where you are actively being
sought and information about you from multiple sources is being used to
track you down, then you have far, far bigger problems to worry about.

> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic lookup,
> the store could know (perhaps even in real time) who you are by your face.

apple's face id is entirely local. apple does not, nor cannot, get a
user's facial data from face id (or fingerprint data from touch id),
nor can anyone else. even apps cannot access that data.

[Andy Burnelli]

nospam wrote:

>> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic lookup,
>> the store could know (perhaps even in real time) who you are by your face.
>
> apple's face id is entirely local. apple does not, nor cannot, get a
> user's facial data from face id (or fingerprint data from touch id),
> nor can anyone else. even apps cannot access that data.

The fact is Apple is using FACE-ID to identify people in the Apple Store.
If you want to deny that fact because you _hate_ what Apple does, so be it.

Apple's not the only outfit with cameras in the store identifying people.
My point was that this is a flaw in your supposedly iron clad privacy claim.

>> but there are fatal flaws everywhere in those steps.
>
> no there are not.
>
>> For example, when you buy the card, does the store have cameras.
>
> probably, but they are unlikely to keep the recordings forever.

Jesus Chris, nospam. Stop being a moron. You deny everything you hate.
It's how you maintain your purely imaginary belief systems intact.
1. You said they could do it.
2. I agreed in principle, but I outlined a few obvious fatal flaws.
3. You agree the flaws are fatal, and then go back to #1.

What grade are you in? Either the flaws exist, or they don't.

You always try to have it both ways:
*Apple can do no wrong; but when they do, it's Google's fault.*

[Andy Burnelli]

nospam wrote:

> apple's face id is entirely local. apple does not, nor cannot, get a
> user's facial data from face id (or fingerprint data from touch id),
> nor can anyone else. even apps cannot access that data.

What's to stop Apple from digging into every iPhone in an autocratic country
to provide the government with the facial recognition results of each user?

[nospam]

In article <t0aqra$ljs$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

>
> The fact is Apple is using FACE-ID to identify people in the Apple Store.

no they're not. face id is limited to iphones and ipads, and only to
unlock them after the owner enables face id and trains it on their own
face. it cannot be used for surveillance video. full stop.

[nospam]

In article <t0ar0a$otm$1...@gioia.aioe.org>, Andy Burnelli

that it's impossible.

face id uses a mathematical hash, which is stored in the secure enclave
and cannot be extracted. all matching is done within the secure
enclave.

and even if the data could be extracted somehow, it's just a hash and
cannot be reversed into a face.

you're running low on tin foil. stock up before nightfall.

[Alan]

That's "adult", is it?

[Alan]

On 2022-03-09 9:22 a.m., Andy Burnelli wrote:
> nospam wrote:
>
>> it's possible to obtain a phone and sim without providing a real name
>> or address (and in some cases, no name at all), and depending on
>> carrier, also sign up for service without any of that info. buy top-up
>> cards with cash. use a disposable email if that's required.
>
> I've thought about that but there are fatal flaws everywhere in those
> steps.
>
> For example, when you buy the card, does the store have cameras.
>
> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic
> lookup, the store could know (perhaps even in real time) who you are by
> your face.

More made up nonsense.

>
> AIR, there were lawsuits about Apple outsourcing your face to outfits who
> did the identification & reported back to Apple, which we can dig up if
> needed (as iKooks deny all facts they _hate_ about Apple no matter what).

There was no such lawsuit.

[Alan]

On 2022-03-09 10:15 a.m., Andy Burnelli wrote:
> nospam wrote:
>
>>> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic
>>> lookup, the store could know (perhaps even in real time) who you are
>>> by your face.
>>
>> apple's face id is entirely local. apple does not, nor cannot, get a
>> user's facial data from face id (or fingerprint data from touch id),
>> nor can anyone else. even apps cannot access that data.
>
> The fact is Apple is using FACE-ID to identify people in the Apple Store.

That's not a fact.

That's an assertion; a claim for which you provide no support.

[Frank Slootweg]

Mayayana <maya...@invalid.nospam> wrote:
> "Frank Slootweg" <th...@ddress.is.invalid> wrote
>
> | Surely Tracfone must have *some* personal info about you? Your name,
> | billing account/address/<whatever>. Even for pre-paid with topup cards,
> | the SIM has to be registered, at least that's the case in most countries
> | (for crime/terrorism/etc. reasons ('burner phones')).
> |
> No. It's anonymous. Why? Because there's no privacy
> with cellphones. At the very least, Google is tracking location.

For heavens sake, stop harping about Google! As I've said umpteen
times, it's *not relevant* to the discussion at hand. And your high
horse attitude and paranoia doesn't do you any favours. You clearly
don't know what Google does and doesn't do and can and can't do, so
you're indeed better off without a Google account.

> So I normally leave it turned off and keep it anonymous.
>
> You're demonstrating my point. You actually can't conceive
> of your cellphone not being tied to your identity. Thus, you
> don't care about privacy.

Drop the obnoxious pompous twattery, will you!? You have no way of
knowing what I can and can't conceive and your conclusion ("Thus ...")
is both erroneous and uncalled for.

> Or else you're surprisingly ignorant
> of just how much your privacy is compromised by apps,
> Google, and probably your service provider.

More likely, you're so obsessed and paranoid about "apps, Google, and
probably your service provider," that you drag them into any
discussion, including those where they're totally irrelevant. (Yes,
your service provider - assuming you mean your mobile service provider
- is relevant to the discussion, but not to "compromised" privacy.)

Now that the unpleasantries are out of the way, let's try to
concentrate on *relevant* things:

> | FWIW, my/our pre-paid providers have our name and address and can
> | probably trace the topup transactions to a bank-account/credit-card
> | number.
>
> Interesting. In the US none of that is required. I just
> bought a phone and activated it.

Is it pre-paid or postpaid (i.e. contract)? If pre-paid, how do you
top up the credit? If postpaid, how do you pay? They don't know who you
are, so they can't bill you and you can't pay them without becoming
non-anonymous.

[Rewind:]

To anyone: How does the US address the problem of 'burner phones' used
by criminals, terrorists, etc.?

[Andy Burnelli]

Frank Slootweg wrote:

> Now that the unpleasantries are out of the way, let's try to
> concentrate on *relevant* things:

I understand your frustration dealing with Mayayana === Moron.

Now you know what it's like to attempt an adult conversation with
Mayayana whom I've determined has no education and a low IQ, but worse,
he harps on _one_ thing and latches on to it as if it's for all.

It's why he's such an avowed racist.
*One jew screwed Mayayana so he thinks all jews are out to get him*

>> Interesting. In the US none of that is required. I just
>> bought a phone and activated it.
>
> Is it pre-paid or postpaid (i.e. contract)? If pre-paid, how do you
> top up the credit?

In the olden days of locked phones & exorbitant roaming charges, but when
didn't use a phone for anything but phone calls, when traveling I would buy
an AT&T (or was it T-Mobile?) phone at Target which came with a few minutes.

Then I'd buy a $10 card to top it off. It was a scratch card with a few
numbers that you entered into the phone or called a number to enter them.

If you bought $100 in a year (something like that), they'd let your minutes
rollover; otherwise they'd die in some fashion over time (or you'd be
charged a few bucks a month). [As I recall, that was the distinction between
T-Mobile and AT&T but this is all from memory.]

> are, so they can't bill you and you can't pay them without becoming
> non-anonymous.

Presumably you could pay cash for all that stuff and be "private".
To be clear, I'm talking prepaid only (not postpaid!).

> To anyone: How does the US address the problem of 'burner phones' used
> by criminals, terrorists, etc.?

I don't know the answer but I suspect they get the data after the fact from
the telephone companies since the criminals can easily screw up by leaving
it on when they arrive home.

Or, once they have a target, they can use IMEI nets (e.g., Stingray) to
sweep vast areas for that target IMEI.

Presumably that's how they caught Osama bin Laden, based on the courer's
cell phone, but of course, they never tell the news the real way, but they
thought it was plausible enough to say that the courier's burner phone did
him in.

BTW, trust me when I say I understand your frustration dealing with Mayayana
=== Moron as it's like dealing with Alan Baker or Joerg Lorenz or Lewis or
Jolly Roger.

I've never met such strange people in the flesh in my entire life, which is
why I've studied them, and _all_ own the same traits as does Mayayana.
a. They take one minor fact and assume everything fits that fact

For example. let's say a device in one brand has good battery life - or even
that the brand marketing team merely _claims_ good battery life... then they
not only think all that brand's phones meet that claim, but they then start
claiming that the other brand doesn't. It's the way their strange minds
work.
--
I don't care if people are child-like with a low-IQ & no education; but due
to that, people just like Mayayana latch onto racist ideals far too easily.

[Andy Burnelli]

nospam wrote:

>> What's to stop Apple from digging into every iPhone in an autocratic country
>> to provide the government with the facial recognition results of each user?
>
> that it's impossible.

You said the same thing about independent contractors listening to Siri
snippets that identified your name, location, and what you said to your
doctor simply for wearing an Apple watch and raising your arm with your
iPhone in your pocket. And yet, it was.

You also said the same thing about the tags that Apple sells, and yet they
were used by criminals to stalk people. You were oh so confident that they
couldn't be used for that. And yet, they were.

The fact is Apple outsourced their camera results to a third party who
identified people (in this case those people were innocent apparently) who
were then arrested and when the lawsuit hit the fan, that's when we found
out what Apple was doing all along - Apple just forgot to tell us that.

And while this is about a larger face id problem set, I'm not the only one
concerned that using an insecure marketing gimmick like apple's facial id on
phones (which is advertised because people are stupid - they believe their
face is the most unique thing about them), the problem is well reported.
*A growing number of gadgets are scanning your face.*
<https://www.vox.com/recode/2020/7/3/21307873/facial-recognition-ban-law-enforcement-apple-google-facebook>

There's an amusing sentence in that detailed report about iPhones though:
"San Francisco, for example, had to amend its facial recognition ordinance
after it accidentally made police-department-owned iPhones illegal."

[Alan]

On 2022-03-09 4:32 p.m., Andy Burnelli wrote:
> nospam wrote:
>
>>> What's to stop Apple from digging into every iPhone in an autocratic
>>> country
>>> to provide the government with the facial recognition results of each
>>> user?
>>
>> that it's impossible.
>
> You said the same thing about independent contractors listening to Siri
> snippets that identified your name, location, and what you said to your
> doctor simply for wearing an Apple watch and raising your arm with your
> iPhone in your pocket. And yet, it was.

No. That is complete and utter bullshit.

>
> You also said the same thing about the tags that Apple sells, and yet they
> were used by criminals to stalk people. You were oh so confident that they
> couldn't be used for that. And yet, they were.

And yet, they've created a system that lets you know you've had the same
tag traveling around with you.

>
> The fact is Apple outsourced their camera results to a third party who
> identified people (in this case those people were innocent apparently) who
> were then arrested and when the lawsuit hit the fan, that's when we found
> out what Apple was doing all along - Apple just forgot to tell us that.

Cite, please.

[Chris]

Frank Slootweg <th...@ddress.is.invalid> wrote:
> Mayayana <maya...@invalid.nospam> wrote:
>> "Frank Slootweg" <th...@ddress.is.invalid> wrote
>>
>

>> | FWIW, my/our pre-paid providers have our name and address and can
>> | probably trace the topup transactions to a bank-account/credit-card
>> | number.
>>
>> Interesting. In the US none of that is required. I just
>> bought a phone and activated it.
>
> Is it pre-paid or postpaid (i.e. contract)? If pre-paid, how do you
> top up the credit? If postpaid, how do you pay? They don't know who you
> are, so they can't bill you and you can't pay them without becoming
> non-anonymous.
>
> [Rewind:]
>
> To anyone: How does the US address the problem of 'burner phones' used
> by criminals, terrorists, etc.?

They probably don't. It's the same in the uk. You can buy a SIM in shops as
well as phone without providing any details. Top ups are bought via a
voucher code which you send in with an automated call.

[nospam]

In article <t0bgul$85g$1...@gioia.aioe.org>, Andy Burnelli

<sp...@nospam.com> wrote:

>
> You said the same thing about independent contractors listening to Siri
> snippets that identified your name, location, and what you said to your
> doctor simply for wearing an Apple watch and raising your arm with your
> iPhone in your pocket. And yet, it was.

i did not say any such thing nor is that even correct.

siri voice requests are detached from the user's apple id and there is
*no* way to link them back, by design.

however, sometimes people will say things to siri or other voice
assistants that contain identifying information.

unlike apple, google and amazon *will* link it back to the user.

> You also said the same thing about the tags that Apple sells, and yet they
> were used by criminals to stalk people. You were oh so confident that they
> couldn't be used for that. And yet, they were.

i never said that either.

any tracking tag can be used to stalk someone, something which airtags
are designed to minimize, one way by beeping when it's around someone
else's phone, making it the worst choice for stalking purposes.

airtags are designed for lost stuff (keys, wallet, backpack, etc.)

[Chris]

Andy Burnelli <sp...@nospam.com> wrote:
>
> The fact is Apple is using FACE-ID to identify people in the Apple Store.

I'd LOVE to see a cite to back up that "fact".

[Andy Burnelli]

Chris wrote:

>> The fact is Apple is using FACE-ID to identify people in the Apple Store.
>
> I'd LOVE to see a cite to back up that "fact".

You iKooks are always ignorant.
Don't you ever read the news, Chris?

It was widely published and we talked about it at the time, Chris.

We know about it because of the lawsuit where Apple admitted they outsourced
their in-store recordings to non-Apple personnel who either wrongly or
rightly identified someone in the store that Apple wanted to know who it was
(the lawsuit is confusing on the accuracy of the resulting ID though).

Whether or not the wrong person was convicted, and whether or not the
resulting lawsuit proceeded to completion, the point was that Apple has
cameras in the store whose recording is routinely used to identify people by
their faces.

Apple openly admitted that fact.
We discussed this Chris, so for you to be unaware is just typical of iKooks.
--
Apple only tells the truth in court.

[Andy Burnelli]

nospam wrote:

>> The fact is Apple is using FACE-ID to identify people in the Apple Store.
>
> no they're not. face id is limited to iphones and ipads, and only to
> unlock them after the owner enables face id and trains it on their own
> face. it cannot be used for surveillance video. full stop.

I wasn't talking about the face identification on the phone but in the store
from the video that Apple records of everyone while they're inside the
store.

You know that because you participated on the conversation we had on this
very topic long ago, nospam, and it was widely reported almost everywhere.

I do readily admit that the whole affair was confusing because the student
filed a billion dollar lawsuit against Apple for "facial recognition
software" and that Apple denied much of what happened but I don't trust a
word from Apple that isn't done explicitly under oath inside a court of law.

[Andy Burnelli]

nospam wrote:

> siri voice requests are detached from the user's apple id and there is
> *no* way to link them back, by design.

That's dead wrong.

What's worse than you iKooks brazenly denying all facts about Apple you hate
is you iKooks can never remember facts about Apple we already discussed at
length when the shit hit the fan about Apple's outsourced Siri recordings.

This information was widely publicized at the time it was reported, and
Apple did not deny a single word of what the informant said about the data.

The informant said very clearly in the reports widely published in the media
that Siri recordings of even drug deals and private conversations in bed and
at the doctor's office were sent, unredacted, to non-Apple contract
employees overseas.

> unlike apple, google and amazon *will* link it back to the user.

You iKooks always blame everyone else for flaws in your beloved products.
As if Apple has no free will.

> airtags are designed for lost stuff (keys, wallet, backpack, etc.)

You always resort to what Apple's "designs" things for, and yet Apple is the
one telling all of us "you're holding it wrong" due to their shitty designs.

Apple has shitty design teams, nospam.
Apple's expenditure in R&D is the _lowest_ in all of high tech, nospam.

Do you want to even get started on Apple's atrocious QA testing?
HINT: They shipped the same bug more than once (even after it was fixed!).

Saying how Apple "prefers" you to use the things is meaningless...
What matters is how they are used.

[Chris]

On 11/03/2022 13:36, Andy Burnelli wrote:
> Chris wrote:
>
>>> The fact is Apple is using FACE-ID to identify people in the Apple
>>> Store.
>>
>> I'd LOVE to see a cite to back up that "fact".
>
> You iKooks are always ignorant.
> Don't you ever read the news, Chris?
>
> It was widely published

Good so why not share the cite?

> and we talked about it at the time, Chris.

No. "We" did not.

>
> We know about it because of the lawsuit where Apple admitted they
> outsourced
> their in-store recordings to non-Apple personnel who either wrongly or
> rightly identified someone in the store that Apple wanted to know who it
> was
> (the lawsuit is confusing on the accuracy of the resulting ID though).
>
> Whether or not the wrong person was convicted, and whether or not the
> resulting lawsuit proceeded to completion, the point was that Apple has
> cameras in the store whose recording is routinely used to identify
> people by
> their faces.

That. is. not. FaceID.

Shops have had cameras recording people's faces for *decades*. That's
the whole fucking point of CCTV.

[Andy Burnelli]

Chris wrote:

>> It was widely published
>
> Good so why not share the cite?

Chris,
Don't any of you ill-educated low-IQ ignorant iKooks know how to search?
If I said it's widely reported, then _everyone_ knew about it at the time.

*Apple sued over false arrest linked to facial recognition tech*
<https://appleinsider.com/articles/19/04/23/student-sues-apple-for-1-billion-over-false-arrest-linked-to-facial-recognition-tech>
"An 18-year-old student launched a $1 billion lawsuit against Apple
and an associated security firm on Monday, accusing the pair of
falsely linking him to a series of store thefts. At fault is the
company's in-store facial recognition software, according to a
complaint filed on behalf of Ousmane Bah. The security firm named
in the case is Security Industry Specialists. Both it and Apple
have declined comment."

As I said the lawsuit was confusing, mostly because Apple only tells
the truth when forced to in court, which means for a long time we only
had one side of the story but what matters isn't how the case proceeded
but what Apple actually did by having Security Industry Specialists
identify people by their faces using their in-store camera recordings.

> No. "We" did not.

The "We" was the same we I always use to indicate newsgroup (which in
this case was the iPhone newsgroup because it was related to Apple).

Always, you extremely low-IQ iKooks are Dunning Kruger Quadrant 1.
You're so confident in being wrong, just like the lemon-juice robber was.

If I said it was posted to the newsgroups, then it was posted there.
Don't any of you ignorant low-IQ childish iKooks know how to run a search?

*Apple spins yet another bold lie - this one about facial recognition
software run on store customers*
<https://groups.google.com/g/misc.phone.mobile.iphone/c/u1WegfQIo04>

>> We know about it because of the lawsuit where Apple admitted they
>> outsourced
>> their in-store recordings to non-Apple personnel who either wrongly or
>> rightly identified someone in the store that Apple wanted to know who it
>> was
>> (the lawsuit is confusing on the accuracy of the resulting ID though).
>>
>> Whether or not the wrong person was convicted, and whether or not the
>> resulting lawsuit proceeded to completion, the point was that Apple has
>> cameras in the store whose recording is routinely used to identify
>> people by
>> their faces.
>
> That. is. not. FaceID.

You're the one who misunderstood as I always knew what it was.
I posted what it was at the time it happened, for heavens sake.

And you are _still_ completely unaware of it even as it was widely reported.

> Shops have had cameras recording people's faces for *decades*.
> That's the whole fucking point of CCTV.

When we discussed this in April of 2019 all we knew was the news stories
as Apple _refused_ to comment (as did the security company Apple hired).

This is the link I provided in the thread to the Apple newsgroup back then.
*Man sues Apple for $1 billion, claims facial recognition software*
*led to his false arrest*
<https://thegrio.com/2019/04/23/apple-lawsuit-false-arrest-billion-lawsuit/>
"A New York man claims facial recognition technology led to him being
erroneously arrested for stealing from several of their stores,
but that came from a glitch in their technology. The piece of
identification the thief had on him during the arrest listed Bah's name,
address and other personal information, but did not include a photo.
Bah says Apple was negligent for taking the actual perpetrator at his
word and not verifying who the thief was with a proper photo I.D.
As a result of this oversight, Apple then programmed all of its
security systems to recognize the man's face as Bah's. When the same
thief later robbed Apple stores in New Jersey, Delaware and New York,
Bah was then falsely blamed for all the crimes, the suit claims.
He had no idea any of this was going on till he received a
Boston municipal court summons in the mail in June."

At the time Apple refused to comment but more information is out now.
Apple should have cleared it up immediately as numerous reports cited this.
--
The sad fact is Apple only tells the truth when they're forced to in court.

[Chris]

Andy Burnelli <sp...@nospam.com> wrote:

> Chris wrote:
>
>>> We know about it because of the lawsuit where Apple admitted they
>>> outsourced
>>> their in-store recordings to non-Apple personnel who either wrongly or
>>> rightly identified someone in the store that Apple wanted to know who it
>>> was
>>> (the lawsuit is confusing on the accuracy of the resulting ID though).
>>>
>>> Whether or not the wrong person was convicted, and whether or not the
>>> resulting lawsuit proceeded to completion, the point was that Apple has
>>> cameras in the store whose recording is routinely used to identify
>>> people by
>>> their faces.
>>
>> That. is. not. FaceID.
>
> You're the one who misunderstood as I always knew what it was.
> I posted what it was at the time it happened, for heavens sake.

There's no misunderstanding. You claimed it was FaceID despite knowing it
wasn't. You're liar. Plain and simple.

[Alan]

Expect to be in Arlen's killfile soon.

[Andy Burnelli]

Chris wrote:

>> You're the one who misunderstood as I always knew what it was.
>> I posted what it was at the time it happened, for heavens sake.
>
> There's no misunderstanding. You claimed it was FaceID despite knowing it
> wasn't. You're liar. Plain and simple.

Hmmm... let's follow this logic, shall we...

a. I _knew_ all about the story; you didn't even know it existed.
b. That's _already_ a bad sign for you; as it was _widely_ reported.
c. I _said_ we discussed it; you flatly denied that fact.
d. I proved it and then you _still_ claim I "lied".
e. I said the story was widely reported; and you didn't even search.
f. You demanded a cite; which proves _you_ were the ignorant one here.
g. I provided _multiple_ cites (and could have provided dozens more).
h. Now you claim your misunderstanding of the facts is my "lie".

This reminds me of the classic child-like behavior of you iKooks...
Child: Santa exists.
Adult: No it doesn't.
Child: But I saw him at the mall.
Adult: That was just a clever marketing trick; he wore a costume.
Child: No. It _was_ Santa. I saw him. He was there!
Adult: Unfortunately, Santa is just a marketing gimmick son.
Child: No. I saw him in all the Apple & CocaCola advertisements.
Adult: That is just a _picture_ of a mythical character son.
Child: But _everyone_ has the same picture!
Adult: That's just clever marketing, son. Santa doesn't exist.
Child: Prove it!
(This discussion goes on forever with the iKooks culminating in...)
Child: You are an asshole. Liar! Liar... Liar... Pants on fire!

You are that child whose entire belief system is instantly destroyed
by something as simple and innocent as a mere fact.

[Chris]

Andy Burnelli <sp...@nospam.com> wrote:
> Chris wrote:
>
>>> You're the one who misunderstood as I always knew what it was.
>>> I posted what it was at the time it happened, for heavens sake.
>>
>> There's no misunderstanding. You claimed it was FaceID despite knowing it
>> wasn't. You're liar. Plain and simple.
>
> Hmmm... let's follow this logic, shall we...
>
> a. I _knew_ all about the story; you didn't even know it existed.
> b. That's _already_ a bad sign for you; as it was _widely_ reported.
> c. I _said_ we discussed it; you flatly denied that fact.
> d. I proved it and then you _still_ claim I "lied".
> e. I said the story was widely reported; and you didn't even search.
> f. You demanded a cite; which proves _you_ were the ignorant one here.
> g. I provided _multiple_ cites (and could have provided dozens more).
> h. Now you claim your misunderstanding of the facts is my "lie".

Except that's not what happened, is it? Let's see the reality shall we?

Chris <ithi...@gmail.com> wrote:
> On 11/03/2022 13:36, Andy Burnelli wrote:
>> Chris wrote:
>>
>>>> The fact is Apple is using FACE-ID to identify people in the Apple
>>>> Store.
>>>
>>> I'd LOVE to see a cite to back up that "fact".
>>
>> You iKooks are always ignorant.
>> Don't you ever read the news, Chris?
>>
>> It was widely published
>>

>> We know about it because of the lawsuit where Apple admitted they
>> outsourced
>> their in-store recordings to non-Apple personnel who either wrongly or
>> rightly identified someone in the store that Apple wanted to know who it
>> was
>> (the lawsuit is confusing on the accuracy of the resulting ID though).
>>
>> Whether or not the wrong person was convicted, and whether or not the
>> resulting lawsuit proceeded to completion, the point was that Apple has
>> cameras in the store whose recording is routinely used to identify
>> people by
>> their faces.
>
> That. is. not. FaceID.
>

> Shops have had cameras recording people's faces for *decades*. That's
> the whole fucking point of CCTV.
>

You made a claim about FaceID which was clearly wrong and given the fact
that you knew the story very well makes it clear you knowingly lied.

[Alan]

Any moment now, Arlen will announce your killfiling...

[Andy Burnelli]

Chris wrote:

> You made a claim about FaceID which was clearly wrong and given the fact
> that you knew the story very well makes it clear you knowingly lied.

The fact I knew all along what it was and you didn't know _anything_ about
it is already worrisome as it means you know absolutely nothing about Apple.

Worse than you knowing absolutely nothing about what Apple really does, is
that you claimed it was wrong without even bothering to look up the lawsuit.

Then you claimed we never posted it to the Apple newsgroups, which again
shows that you based all your claims without knowing what everyone knows.

Now you claim that you misunderstood what I said, and that fits perfectly.
--
Apple can't make those ungodly profits off of an intelligent user base.

[Chris]

Andy Burnelli <sp...@nospam.com> wrote:
> Chris wrote:
>
>> You made a claim about FaceID which was clearly wrong and given the fact
>> that you knew the story very well makes it clear you knowingly lied.
>

[ snip of irrelevance ]

>
> Now you claim that you misunderstood what I said, and that fits perfectly.

Nope. *You* claimed I misunderstood. There's nothing to misunderstand.
You're plain wrong.

Either prove that FaceID is being used by Apple to identify people with
in-store cameras or STFU.

[Andy Burnelli]

Chris wrote:

> Either prove that FaceID is being used by Apple to identify people with
> in-store cameras or STFU.

Chris,
It was you who didn't know about what _everyone_ knows about that lawsuit.
As always, I'm very well aware of what Apple does and you iKooks are not.

Apple is forced to tell the truth when their actions show up in the courts.

You brazenly denied all facts without even clicking on referenced cites.
It's what you iKooks do.

You didn't even _read_ what they said before brazenly denying all facts.
It's what you iKooks do.

You completely whooshed on what Apple is doing and then you denied it.
It's what you iKooks do.

You iKooks will deny Apple does what Apple does forever.
Why?

I don't know why.
I suspect you simply _hate_ what Apple does.
--
The only time Apple ever tells the truth is when forced to, in court.

[Chris]

Andy Burnelli <sp...@nospam.com> wrote:
> Chris wrote:
>
>> Either prove that FaceID is being used by Apple to identify people with
>> in-store cameras or STFU.
>
> Chris,
> It was you who didn't know about

You can't prove it. Got it.