1. Yes, "porting attacks" (where an adversary convinces your carrier to port your phone number to his/her own) are a real threat. You can mitigate these somewhat by choosing a carrier that has a relatively strong porting procedure. Project Fi (Google) requires a temporary PIN generated by the user's Fi app, as well as logging in to one's Google account. I don't know what the other carriers require today, but this is less than what I experienced when I ported my number from Sprint years ago for example.
2. The author says that 2FA is overhyped, which is maybe true, but why don't more services allow physical devices (e.g. Yubikeys) to be used for 2FA? Often the phone number is the only choice offered for 2FA.
I got really excited about Taskwarrior and set up a server and accounts for all of my teammates. But we quickly found that we were spending more time logging our tasks than we were actually consulting TW for what to do next.
Example:
task add project: support_customer_migration priority: H -- support#XYZ - analyze dependencies for customer X - github.com/repo/issue/number
I think a common misconception of planning is that you wish to avoid logging and the "hassle" it means. For me, logging what I have done is the only way to keep track of the project status and let my team members know what have been done.
And yet the comments from her lawyer detail reveal how much money she's donated to which charities. So much for anonymity! Between that, her gender, her home town, and even the name of her lawyer, there's WAY too much PII to pretend her identity is a mystery.
In fact, knowing just four random pieces of information was enough to reidentify 90 percent of the shoppers as unique individuals and to uncover their records, researchers calculated.
I’ve done research on credit card data like that. I can tell you both experientially and mathematically that four bits of random information is insufficient to identify people. The information was not anonymized and they were tracking people engaging in a common, narrow activity. Not only that, but they were only tracking 1.1 million individuals. They had a relatively small search space and significant non-random information with which to bootstrap the deanonymization. Calling that “four bits” is disingenuous.
Contrast this with trying to identify a single individual in a population with no other information about them. It would take about 33 bits if we knew absolutely nothing about her, given log_2(7,280,000,000) = 32.7. But we know she’s American, so we can cut our search space down to 322,000,000. That leaves us with 28 bits. We also know she’s a woman, so we can cut our search space down by 50%. Now we have 27 bits to go. I can virtually guarantee you an analysis of anonymous donation patterns will not meaningfully cut down the search space beyond a few more bits, and that’s exceptionally non-random data. The more useful information is knowing that she resides in New Hampshire, but that still only brings us down to approximately 20 bits.
It's not unreasonable to try to make something a bit more difficult even if you understand it won't stop determined attackers. There's a middle ground between 'doing nothing' and 'making it impossible'.
Your comment is super important, I don't think everyone who read it realizes how elusive its warning is.
I'm young and already excuse myself by saying that I don't mind having just one or two close friends. But this is how it starts: we tend to think we can handle being mostly friendless, and yet, as we age, it seems that many of us can't.
Not sure what the solution is, but you've definitely underscored a big problem that I've (till now) underestimated. And I'm sure others have too.
I spent about 15 minutes just having fun with the mood, theme, artwork, and "feel" of the game. I had intended to spend two minutes tops. This is an engrossing and genuinely wonderful game :-).
Weizenbaum's rhetoric is powerful, especially during his takedown of "if I don't do it, someone else will". Although I think his view is from a pretty "high" technological perspective . . . his warnings probably don't apply to those of us who are working on less impactful software/engineering pursuits than the ones he describes.
Also, his argument that computers have been a force for conservatism is new to me. I'm not sure how true that is today.
1. Yes, "porting attacks" (where an adversary convinces your carrier to port your phone number to his/her own) are a real threat. You can mitigate these somewhat by choosing a carrier that has a relatively strong porting procedure. Project Fi (Google) requires a temporary PIN generated by the user's Fi app, as well as logging in to one's Google account. I don't know what the other carriers require today, but this is less than what I experienced when I ported my number from Sprint years ago for example.
2. The author says that 2FA is overhyped, which is maybe true, but why don't more services allow physical devices (e.g. Yubikeys) to be used for 2FA? Often the phone number is the only choice offered for 2FA.