The so-called Two-factor authentication to Online accounts protected better against attacks. Also, Facebook offers the procedure – the promised security has its price.
Many Facebook users have linked your account with your phone number – the risks, warn privacy advocates
Privacy at Facebook, apparently, a long time not a high priority. The rather casual handling of data, the company is paid with many Negative headlines: the scandal of the data analysis company Cambridge Analytica, a million times wrong terms, analyzing Facebook data, the vulnerability, of the 50 million users were affected, or the consolidation of Facebook-battered data with those of other services, such as Whatsapp and Instagram, which the Federal cartel office said – Facebook’s reputation in matters of data protection. Also, the EU is struggling regularly with the Tech giant rules the compliance with data protection.
As the Two-factor authentication works
Now there is another case that is not likely to strengthen the confidence of the users in the social network. It is, of all things, a procedure that is supposed to provide more security: the so-called Two-factor authentication. Thus, the own Facebook to protect the account better against access from the outside. What sounds complicated is actually quite simple: users are not able to protect your account with only a password, but need to confirm the Two-factor authentication each time you Login via a further way that you are really the users of the Accounts. In the case of Facebook, a way to do this looks like this: as soon As you would like to login with his password in his account, sent the social network a SMS to the mobile phone of the user, in a further, temporary access code. Only when this has been entered, you are logged in.
A user opts for this type of Two-factor authentication, he deposited so in case of Facebook its phone number. But if you think the company would use the number only for this purpose, is wrong. Last year, an American study showed that Facebook use the numbers for advertising purposes.
Function won’t turn off
And now there seems to be a further possible use for the phone number, the users will be notified at the time of establishment of the procedure explicitly: as soon As you enter your number, even if you want to protect your account – you are now on this number in the social network to find. Anyone who knows the phone number, can you enter Facebook in the search, and receives the corresponding profile is displayed.
However, the use of the number for the search is not issue. Default is that the search via telephone number for all Facebook users is possible. Account holders can only narrow that you only want to be friends or friends of friends to find.
Criticism of Hamburg’s data protection officer
“Here is the data safety against the protection of the privacy of the Users of Facebook,” said the Hamburg data protection Commissioner Johannes Caspar DW. “People who opt for a Two-factor authentication, set a clear purpose for the use of their mobile phone number. This is now incorporated by the unauthorized step of Facebook in the area of economic for the purposes of applicable data from the users ” without the consent of the user is pre-queried.” With a view to complying with the provisions of the data protection basic regulation, significant concerns “over the process, there were,” says Caspar.
According to Facebook all of this is not new. American media like to quote from an opinion of the company: The procedure should make it easier to find users you already know, which is not yet on Facebook friends. Who wanted to, could delete the phone number. In fact, there is also now a second authentication procedure using the other, not from Facebook-developed authentication Apps. Facebook called on its users, however, always to the authentication via SMS.
Data protector rates of authentication via SMS from
In principle, data-protection authorities recommend a Two-factor authentication. It is not only offered by social networks, but also of many other Online services, such as banks. But the authentication via SMS is valid for quite some time-not safe – regardless of what the company do with it. SMS messages are often displayed on the lock screen of a smartphone and are therefore visible to others. More: SMS messages are not encrypted. They can be intercepted by hackers remotely. Privacy advocates argue, therefore, for the abolition of the authentication via SMS, and recommend the authenticator Apps are in each App Store.
The phone number at Online-services, is considered by privacy advocates in General, as a risk – not only for the Two-factor authentication. So it is about at the Telekom is not possible, an E-Mail address without a phone number. Also, the Mail-provider GMX, or Web.de as well as Google push their users straight to a telephone number, for the ability to reset the password.
“The phone number is the universal identifier,” said Markus Reuter of the Online platform netzpolitik.org the DW. The phone number is not changing so often – it was a long-term Information about the user that will be used across all devices and services. And, above all, “deanonymisiere” the user. “That’s why companies – especially those like Facebook that rely on data – so hot.”
Facebook is currently without a chief of security
The Tech entrepreneur Jeremy Burge, the outraged on Twitter vocal about the procedure broke loose said, prompting a storm of indignation. With the proceedings from an alleged Feature for the more security a threat to their own data protection.
Also, Facebook’s Ex-chief of security Alex Stamos criticized his former employer. Facebook does not make implausible, if it is to separate the authentication of the search and of advertising.
Turkish Techno-sociologist and writer Zeynep Tufekci, who teaches in the U.S., went one step further: they defendant the risks for dissidents, which could be identified.
Facebook’s reputation in terms of privacy, therefore, has to get the next scratch. The Hamburg data protection officer, Caspar is afraid of a “blunting effect” of the users: Due to new scandals, the fear is that Facebook will encouraged to continue on his “against the privacy-oriented business model”.
Alex Stamos was not the only Top Manager who returned to Facebook in the past year, the back. Also Elliot Schrage, a former communications boss, as well as Jan Koum, who had sold the Tech company Whatsapp, left Facebook because of different ideas when dealing with user-data, the New York Times reported. Stamos’ Post as chief of security has not been previously occupied. Priorities.