Is it just me or have online companies recently (post covid) taken a bold step forward in what data they feel entitled to? I've had both my dating profile and skype suddenly decide they need to verify my mobile number for 'security reasons' in order to continue functioning. It feels like the thin end of the wedge in both erasing our anonymity and in collectivism of all our data for advertising purposes. (Phone numbers nowadays being a good proxy for unique identifies).
Multi-factor authentication recently became a requirement for electronic payments under the Payment Services Directive. Freemium services are wise to ask for a second factor when you sign up for a free account, because it reduces friction when the time comes to convert free users to paid users. Between that, the security requirements of the GDPR and the massive increase in password re-use attacks, MFA is becoming the norm rather than the exception. That's a massive improvement over password-only authentication, but it'd be better if they offered U2F and/or TOTP to avoid the risk of SIM cloning attacks.
Personal data must be much more valuable when legitimately connected to a physical person.
I imagine, what with near global lockdown, a lot more people are using the net around now and it makes sense to cast a wide net in terms of profit and security for both the businesses and criminals (though isn't hard to tell which is which these days? huehue).
If you don't like it, don't use it. It really is as simple as that - and I don't neccessarily mean to condescend. It could be thought of a wedge in, or it could be a wedge invited/allowed. Make a dating app that doesn't require third party authentication - anyone can do it, these days. You could probably create a fishing profile on the various dating sites that'll feed data into your own. Then what do you know, you might decide to start selling your customers data and become a billionaire.
>Personal data must be much more valuable when legitimately connected to a physical person.
GDPR m8. If they ask for your phone number for security reasons, they can only use it for security reasons. If they're caught doing anything else with it, they can be fined up tp €20m or 2% of annual worldwide revenues.
If my entire business model was built off of targeted advertising the possibility that one day I might have to have a court battle and might lose 2% of the revenue that 100% comes from that source would be just part of the cost of doing business.
Companies have systematically broken the rules for less.
Additionally to this there are plenty of work arounds. Like the company that handles the security is another entity, which later dissolves and when the assets are stripped that data can be used without having to conform to the originally agreed terms.
I've done that in the past, but there is currently a gobal crisis that makes it more difficult for people to cash buy a sim card which feeds into the conspiracy, of why now is the perfect time for them to act.
