In article <t062oh$opc$1@dont-email.me>, Chris <ithinkiam@gmail.com>
wrote:

> Don't use SMS. Use an authenticator app like Authy.

yep.

> If the service you're
> wanting sign up only does SMS ditch them.

unfortunately, that is not always an option.

nospam wrote:

> that doesn't make either true.

You claiming that it was Google who made Apple do it doesn't make that true.
Every time Apple does what you hate, you claim Google made Apple do it.

*If what you claim is true, then Apple has no free will*.

Anyway, you're almost always wrong so I opened a thread to find out if you
are dead wrong this time since you didn't provide facts for your statements.

*Is 2FA/2SV permanent the instant you set it up for a Google Account?*
<https://groups.google.com/g/comp.mobile.android/c/y5qWOLL5R4A>

All I care about is the factual truth.

Mayayana <mayayana@invalid.nospam> wrote:
> "Frank Slootweg" <this@ddress.is.invalid> wrote
>
> | Check with the crypto services provider if they have some better '2FA'
> | method than using a SMS message. If they're a serious provider, they
> | *should* have something better. For example an authenticator app, a
> | token generator, etc..
> |
> I'm just asking about 2FA on cellphones. I don't
> want an app and not all services can use it. Plus,
> I'd still need the phone.

Yes, we know what you asked, but you don't get to choose the answers!
:-)

As also has been mentioned by others, crypto and SMS is a very bad
combination, basically a "Don't go there!" area.

So for all intents and purposes, it doesn't matter that you "don't
want and app", you *will* have to use an 'app', whether you like it or
not. And BTW, an 'app' isn't necessarily a *smartphone* app, but can be
a Windows (or Linux) program and can sometimes be a dedicated hardware
device (a token generator).

> | But failing that, you *should* be able to get your number back and get
> | a replacement SIM (and get a new/replacement phone). If not, there's
> | something fundamentally wrong with your mobile phone service provider,
> | i.e. it has nothing to do with '2FA'.
>
> Tracfone. I don't want to depend on being able to
> get that number back, but it's good to know that I
> might be able to.

They *must* be able to give you the number back and a replacement SIM.
If not, sue them! :-)

> | Back to the irrelevant/distracting bit:
> |
> | As you're posting this in comp.mobile.android, I assume you have an
> | Android smartphone and 'hence' a Google Account. If so, have a look at
> | the '2-Step Verification' section of your Google Account.
>
> No, I don't. What is this obsession people have with
> Google? I just want to know what people have
> experienced with 2FA. I have Android but disable
> everything Google and have no intention of using anything
> Google. I never signed up for a Google account. *I'm not
> asking about Google anything.*

Well, you posted in comp.mobile.android and talked about Google (for
your brothers), so if your use is the odd one out, you should say so and
not lecture people about being obsessed with Google.

In article <t06h7e$asi$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

>
> You claiming that it was Google who made Apple do it doesn't make that true.

i never said any such thing.

security is very important, and unlike you, both apple and google take
it very seriously.

> All I care about is the factual truth.

no you don't. all you care about is lying and trolling.

"Frank Slootweg" <this@ddress.is.invalid> wrote

| > |
| > I'm just asking about 2FA on cellphones. I don't
| > want an app and not all services can use it. Plus,
| > I'd still need the phone.
| | Yes, we know what you asked, but you don't get to choose the answers!

Actually I have found this informative. I realize now
that most people consider their cellphone number part
of their identity and don't care about privacy in that
regard. So when I ask how people manage when they
lose their cellphone, they don't get the problem. Verizon,
Google, and half the Internet is already tracking them
and knows who they are.

I bought a Tracfone, which I rarely use, and
have never shared my personal info with them. So
I was coming at it from a different angle. I'm not sure
I'd have any basis to get my number back with a new
phone. I don't even know what my number is offhand.
And Tracfone don't know it's me.

I'm now looking into Authy, which apparently can store
my ID on various desktops, to then transfer to a cellphone.
That sounds more dependable. Though it means depending
on an online service for security. Brave new world.

I'm surprised that companies seem to think such a service
is more dependable than text message, despite the risk of
something like Authy being hacked at the server, but that
does seem to be the consensus.

In article <t08iqn$76m$1@dont-email.me>, Mayayana
<mayayana@invalid.nospam> wrote:

> I'm now looking into Authy, which apparently can store
> my ID on various desktops, to then transfer to a cellphone.
> That sounds more dependable. Though it means depending
> on an online service for security. Brave new world.

the codes are calculated locally. no online service needed. that's a
key benefit of totp.

backup/sync uses the cloud, but that's optional. it's extremely useful,
but not required.

> I'm surprised that companies seem to think such a service
> is more dependable than text message, despite the risk of
> something like Authy being hacked at the server, but that
> does seem to be the consensus.

unlike text messages, which are sent in the clear over an insecure
channel, what's backed up at authy is encrypted, using a key only you
know.

nospam <nospam@nospam.invalid> wrote:
> In article <t062oh$opc$1@dont-email.me>, Chris <ithinkiam@gmail.com>
> wrote:
>
>> Don't use SMS. Use an authenticator app like Authy.
>
> yep.
>
>> If the service you're
>> wanting sign up only does SMS ditch them.
>
> unfortunately, that is not always an option.

For crypto which was the OP's situation, it is.

Mayayana <mayayana@invalid.nospam> wrote:
>
>
> I'm now looking into Authy, which apparently can store
> my ID on various desktops, to then transfer to a cellphone.

That's not how it works.

> That sounds more dependable. Though it means depending
> on an online service for security. Brave new world.

It's not an online service. No internet access is required once it's
installed.

> I'm surprised that companies seem to think such a service
> is more dependable than text message, despite the risk of
> something like Authy being hacked at the server, but that
> does seem to be the consensus.

It's trivial to spoof SMS texts and many people have lost thousands through
SMS scams. Not possible with an authenticator like Authy.

nospam wrote:

>> You claiming that it was Google who made Apple do it doesn't make that true.
>
> i never said any such thing.

We found the truth and you were so confident, but oh so very dead wrong.
*Is 2FA/2SV permanent the instant you set it up for a Google Account?*
<https://groups.google.com/g/comp.mobile.android/c/y5qWOLL5R4A>

The answer is nospam was either ignorant, or he lied, as Google does _not_
make 2FA/2SV permanent based on multiple inputs in that thread.

Apple does.
Google doesn't.

Given how confident nospam was in being dead wrong, either
a. nospam was either completely ignorant of what he brazenly claimed,
b. Or, he simply lied (hoping we'd never notice that he lied).
(Pick one.)

> security is very important, and unlike you, both apple and google take
> it very seriously.

Seriously nospam, face it that you have a very low IQ, and just accept it.
a. Yet again you brazenly lied to cover up what you _hate_ about Apple,
b. Or, you simply were oh so confident in what turns out to be dead wrong.
(Pick one.)

>> All I care about is the factual truth.
>
> no you don't. all you care about is lying and trolling.

The way it's obvious you have a very low IQ nospam is that when you're
caught dead wrong, you claim everyone else is lying and trolling.

And yet it was _you_ who claimed Google 2SV/2FA was permanent.
Why?

I don't know why.
I suspect you _hate_ that Apple fucks people with their permanent 2FA.

Nonetheless, you were Dunning Kruger left of the first quartile line.
a. You were so very confident in being so very dead wrong, or,
b. You simply lied, hoping nobody would notice.
(pick one)

You always blame someone else for Apple fucking the customer, nospam.
In this case, you blamed Google - as if Apple has no free will, nospam.
--
I don't care all child-like low-IQ iKooks are uneducated & of low self
esteem; but due to that, they feel the need to fabricate excuses for Apple.

Mayayana <mayayana@invalid.nospam> wrote:
> "Frank Slootweg" <this@ddress.is.invalid> wrote
>
> | > |
> | > I'm just asking about 2FA on cellphones. I don't
> | > want an app and not all services can use it. Plus,
> | > I'd still need the phone.
> |
> | Yes, we know what you asked, but you don't get to choose the answers!
>
> Actually I have found this informative. I realize now
> that most people consider their cellphone number part
> of their identity and don't care about privacy in that
> regard.

AFAIC, that's a non sequitur. Yes most people probably "consider their
cellphone number part of their identity", but that doesn't mean they
"don't care about privacy in that regard".

Most people are probably somewhat careful with handing out their
mobile (or fixed) number, in order not be bothered by all kind of (voice
or text) 'spam'.

So when I ask how people manage when they
> lose their cellphone, they don't get the problem. Verizon,
> Google, and half the Internet is already tracking them
> and knows who they are.

Broken record! As I said before, "Google, and half the Internet" have
nothing to do with losing/recovering your phone/number.

> I bought a Tracfone, which I rarely use, and
> have never shared my personal info with them. So
> I was coming at it from a different angle. I'm not sure
> I'd have any basis to get my number back with a new
> phone. I don't even know what my number is offhand.
> And Tracfone don't know it's me.

Surely Tracfone must have *some* personal info about you? Your name,
billing account/address/<whatever>. Even for pre-paid with topup cards,
the SIM has to be registered, at least that's the case in most countries
(for crime/terrorism/etc. reasons ('burner phones')).

FWIW, my/our pre-paid providers have our name and address and can
probably trace the topup transactions to a bank-account/credit-card
number.

[Misconceptions about Authy/TOTP deleted, because already addressed by
nospam and Chris.]

Frank Slootweg wrote:

> AFAIC, that's a non sequitur. Yes most people probably "consider their
> cellphone number part of their identity", but that doesn't mean they
> "don't care about privacy in that regard".

Mayayana is dead wrong, as usual (mainly because Mayayana's IQ is dismal).
Frank is correct

*Your cell phone number === your identity*
That's how they identified the FSB agent who reported the dead general.

Apparently the Russian secure communications in the Ukraine used 3G and 4G
cellular towers which were apparently destroyed by the Russians (go figure)
so the FSB, instead of using ERA, used normal cellphones to communicate.
[The news articles didn't say _how_ that works without towers though.]

The press (Bellingcat) apparently then ran an open source reverse phone
number lookup and identified the exact FSB agent who communicated the
desmise of Vitaly Gerasimov.

Google it if you don't believe me.
*The point is that your cell phone number === your identity*
--
That's one FSB agent who is going to be needing much warming clothing soon.

"Frank Slootweg" <this@ddress.is.invalid> wrote

| Surely Tracfone must have *some* personal info about you? Your name,
| billing account/address/<whatever>. Even for pre-paid with topup cards,
| the SIM has to be registered, at least that's the case in most countries
| (for crime/terrorism/etc. reasons ('burner phones')).
| No. It's anonymous. Why? Because there's no privacy
with cellphones. At the very least, Google is tracking location.
So I normally leave it turned off and keep it anonymous.

You're demonstrating my point. You actually can't conceive
of your cellphone not being tied to your identity. Thus, you
don't care about privacy. Or else you're surprisingly ignorant
of just how much your privacy is compromised by apps,
Google, and probably your service provider.

| FWIW, my/our pre-paid providers have our name and address and can
| probably trace the topup transactions to a bank-account/credit-card
| number.
|

Interesting. In the US none of that is required. I just
bought a phone and activated it.

Mayayana wrote:

> You're demonstrating my point.

Mayayana === Moron

In article <t0aosm.14rc.1@ID-201911.user.individual.net>, Frank
Slootweg <this@ddress.is.invalid> wrote:

> > I bought a Tracfone, which I rarely use, and
> > have never shared my personal info with them. So
> > I was coming at it from a different angle. I'm not sure
> > I'd have any basis to get my number back with a new
> > phone. I don't even know what my number is offhand.
> > And Tracfone don't know it's me.
>
> Surely Tracfone must have *some* personal info about you? Your name,
> billing account/address/<whatever>. Even for pre-paid with topup cards,
> the SIM has to be registered, at least that's the case in most countries
> (for crime/terrorism/etc. reasons ('burner phones')).

it's possible to obtain a phone and sim without providing a real name
or address (and in some cases, no name at all), and depending on
carrier, also sign up for service without any of that info. buy top-up
cards with cash. use a disposable email if that's required.

tracfone requires an iccid (sim #) to continue the sign-up process
(which i don't have) so i don't know what additional information they
might require beyond that.

nospam wrote:

> it's possible to obtain a phone and sim without providing a real name
> or address (and in some cases, no name at all), and depending on
> carrier, also sign up for service without any of that info. buy top-up
> cards with cash. use a disposable email if that's required.

I've thought about that but there are fatal flaws everywhere in those steps.

For example, when you buy the card, does the store have cameras.

AFAIK, if they're like Apple who ran a FACE-ID & did an automatic lookup,
the store could know (perhaps even in real time) who you are by your face.

AIR, there were lawsuits about Apple outsourcing your face to outfits who
did the identification & reported back to Apple, which we can dig up if
needed (as iKooks deny all facts they _hate_ about Apple no matter what).

But the point here is that there are plenty of flaws in nospam's argument.
Still, for the average guy, it's probably "private enough" for his needs.

In article <t0anon$u04$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:
> > it's possible to obtain a phone and sim without providing a real name
> > or address (and in some cases, no name at all), and depending on
> > carrier, also sign up for service without any of that info. buy top-up
> > cards with cash. use a disposable email if that's required.
>
> I've thought about that

of course you have.

> but there are fatal flaws everywhere in those steps.

no there are not.

> For example, when you buy the card, does the store have cameras.

probably, but they are unlikely to keep the recordings forever.

you could wear a ski mask, except that in doing so, you'll stand out
among the crowd who does not, making it *easier* to identify you.

even if they were able to identify you from surveillance recordings,
they still don't know your name or address, at least not without
matching it to *other* information.

if an investigation is at the stage to where you are actively being
sought and information about you from multiple sources is being used to
track you down, then you have far, far bigger problems to worry about.

> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic lookup,
> the store could know (perhaps even in real time) who you are by your face.

apple's face id is entirely local. apple does not, nor cannot, get a
user's facial data from face id (or fingerprint data from touch id),
nor can anyone else. even apps cannot access that data.

nospam wrote:

>> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic lookup,
>> the store could know (perhaps even in real time) who you are by your face.
>
> apple's face id is entirely local. apple does not, nor cannot, get a
> user's facial data from face id (or fingerprint data from touch id),
> nor can anyone else. even apps cannot access that data.

The fact is Apple is using FACE-ID to identify people in the Apple Store.
If you want to deny that fact because you _hate_ what Apple does, so be it.

Apple's not the only outfit with cameras in the store identifying people.
My point was that this is a flaw in your supposedly iron clad privacy claim.

>> but there are fatal flaws everywhere in those steps.
>
> no there are not.
>
>> For example, when you buy the card, does the store have cameras.
>
> probably, but they are unlikely to keep the recordings forever.

Jesus Chris, nospam. Stop being a moron. You deny everything you hate.
It's how you maintain your purely imaginary belief systems intact.
1. You said they could do it.
2. I agreed in principle, but I outlined a few obvious fatal flaws.
3. You agree the flaws are fatal, and then go back to #1.

What grade are you in? Either the flaws exist, or they don't.

You always try to have it both ways:
*Apple can do no wrong; but when they do, it's Google's fault.*

nospam wrote:

> apple's face id is entirely local. apple does not, nor cannot, get a
> user's facial data from face id (or fingerprint data from touch id),
> nor can anyone else. even apps cannot access that data.

What's to stop Apple from digging into every iPhone in an autocratic country
to provide the government with the facial recognition results of each user?

In article <t0aqra$ljs$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

>
> The fact is Apple is using FACE-ID to identify people in the Apple Store.

no they're not. face id is limited to iphones and ipads, and only to
unlock them after the owner enables face id and trains it on their own
face. it cannot be used for surveillance video. full stop.

In article <t0ar0a$otm$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

> > apple's face id is entirely local. apple does not, nor cannot, get a
> > user's facial data from face id (or fingerprint data from touch id),
> > nor can anyone else. even apps cannot access that data.
>
> What's to stop Apple from digging into every iPhone in an autocratic country
> to provide the government with the facial recognition results of each user?

that it's impossible.

face id uses a mathematical hash, which is stored in the secure enclave
and cannot be extracted. all matching is done within the secure
enclave.

and even if the data could be extracted somehow, it's just a hash and
cannot be reversed into a face.

you're running low on tin foil. stock up before nightfall.

On 2022-03-09 9:17 a.m., Andy Burnelli wrote:
> Mayayana wrote:
>
>>   You're demonstrating my point.
>
> Mayayana === Moron

That's "adult", is it?

On 2022-03-09 9:22 a.m., Andy Burnelli wrote:
> nospam wrote:
>
>> it's possible to obtain a phone and sim without providing a real name
>> or address (and in some cases, no name at all), and depending on
>> carrier, also sign up for service without any of that info. buy top-up
>> cards with cash. use a disposable email if that's required.
>
> I've thought about that but there are fatal flaws everywhere in those
> steps.
>
> For example, when you buy the card, does the store have cameras.
>
> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic
> lookup, the store could know (perhaps even in real time) who you are by
> your face.

More made up nonsense.

>
> AIR, there were lawsuits about Apple outsourcing your face to outfits who
> did the identification & reported back to Apple, which we can dig up if
> needed (as iKooks deny all facts they _hate_ about Apple no matter what).

There was no such lawsuit.

>
> But the point here is that there are plenty of flaws in nospam's argument.
> Still, for the average guy, it's probably "private enough" for his needs.

On 2022-03-09 10:15 a.m., Andy Burnelli wrote:
> nospam wrote:
>
>>> AFAIK, if they're like Apple who ran a FACE-ID & did an automatic
>>> lookup, the store could know (perhaps even in real time) who you are
>>> by your face.
>>
>> apple's face id is entirely local. apple does not, nor cannot, get a
>> user's facial data from face id (or fingerprint data from touch id),
>> nor can anyone else. even apps cannot access that data.
>
> The fact is Apple is using FACE-ID to identify people in the Apple Store.

That's not a fact.

That's an assertion; a claim for which you provide no support.

Mayayana <mayayana@invalid.nospam> wrote:
> "Frank Slootweg" <this@ddress.is.invalid> wrote
>
> | Surely Tracfone must have *some* personal info about you? Your name,
> | billing account/address/<whatever>. Even for pre-paid with topup cards,
> | the SIM has to be registered, at least that's the case in most countries
> | (for crime/terrorism/etc. reasons ('burner phones')).
> |
> No. It's anonymous. Why? Because there's no privacy
> with cellphones. At the very least, Google is tracking location.

For heavens sake, stop harping about Google! As I've said umpteen
times, it's *not relevant* to the discussion at hand. And your high
horse attitude and paranoia doesn't do you any favours. You clearly
don't know what Google does and doesn't do and can and can't do, so
you're indeed better off without a Google account.

> So I normally leave it turned off and keep it anonymous.
>
> You're demonstrating my point. You actually can't conceive
> of your cellphone not being tied to your identity. Thus, you
> don't care about privacy.

Drop the obnoxious pompous twattery, will you!? You have no way of
knowing what I can and can't conceive and your conclusion ("Thus ...")
is both erroneous and uncalled for.

> Or else you're surprisingly ignorant
> of just how much your privacy is compromised by apps,
> Google, and probably your service provider.

More likely, you're so obsessed and paranoid about "apps, Google, and
probably your service provider," that you drag them into any
discussion, including those where they're totally irrelevant. (Yes,
your service provider - assuming you mean your mobile service provider
- is relevant to the discussion, but not to "compromised" privacy.)

Now that the unpleasantries are out of the way, let's try to
concentrate on *relevant* things:

> | FWIW, my/our pre-paid providers have our name and address and can
> | probably trace the topup transactions to a bank-account/credit-card
> | number.
>
> Interesting. In the US none of that is required. I just
> bought a phone and activated it.

Is it pre-paid or postpaid (i.e. contract)? If pre-paid, how do you
top up the credit? If postpaid, how do you pay? They don't know who you
are, so they can't bill you and you can't pay them without becoming
non-anonymous.

[Rewind:]

To anyone: How does the US address the problem of 'burner phones' used
by criminals, terrorists, etc.?

Frank Slootweg wrote:

> Now that the unpleasantries are out of the way, let's try to
> concentrate on *relevant* things:

I understand your frustration dealing with Mayayana === Moron.

Now you know what it's like to attempt an adult conversation with
Mayayana whom I've determined has no education and a low IQ, but worse,
he harps on _one_ thing and latches on to it as if it's for all.

It's why he's such an avowed racist.
*One jew screwed Mayayana so he thinks all jews are out to get him*

>> Interesting. In the US none of that is required. I just
>> bought a phone and activated it.
>
> Is it pre-paid or postpaid (i.e. contract)? If pre-paid, how do you
> top up the credit?

In the olden days of locked phones & exorbitant roaming charges, but when
didn't use a phone for anything but phone calls, when traveling I would buy
an AT&T (or was it T-Mobile?) phone at Target which came with a few minutes.

Then I'd buy a $10 card to top it off. It was a scratch card with a few
numbers that you entered into the phone or called a number to enter them.

If you bought $100 in a year (something like that), they'd let your minutes
rollover; otherwise they'd die in some fashion over time (or you'd be
charged a few bucks a month). [As I recall, that was the distinction between
T-Mobile and AT&T but this is all from memory.]

> are, so they can't bill you and you can't pay them without becoming
> non-anonymous.
Presumably you could pay cash for all that stuff and be "private".
To be clear, I'm talking prepaid only (not postpaid!).
> To anyone: How does the US address the problem of 'burner phones' used
> by criminals, terrorists, etc.?

I don't know the answer but I suspect they get the data after the fact from
the telephone companies since the criminals can easily screw up by leaving
it on when they arrive home.

Or, once they have a target, they can use IMEI nets (e.g., Stingray) to
sweep vast areas for that target IMEI.

Presumably that's how they caught Osama bin Laden, based on the courer's
cell phone, but of course, they never tell the news the real way, but they
thought it was plausible enough to say that the courier's burner phone did
him in.

BTW, trust me when I say I understand your frustration dealing with Mayayana
=== Moron as it's like dealing with Alan Baker or Joerg Lorenz or Lewis or
Jolly Roger.

I've never met such strange people in the flesh in my entire life, which is
why I've studied them, and _all_ own the same traits as does Mayayana.
a. They take one minor fact and assume everything fits that fact

For example. let's say a device in one brand has good battery life - or even
that the brand marketing team merely _claims_ good battery life... then they
not only think all that brand's phones meet that claim, but they then start
claiming that the other brand doesn't. It's the way their strange minds
work.
--
I don't care if people are child-like with a low-IQ & no education; but due
to that, people just like Mayayana latch onto racist ideals far too easily.