You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Though for the record, I would like to see AT&T lose this case, badly. If you design a system based on personal info you damn well should shoulder the liability when you screw it up.
Baloney. Their system collects personal info for the purposes of phone billing, not for the purpose of trying to secure a relationship of two strangers trying to pretend they know each other because of said phone number.
If that were true you'd port numbers with a password.
Agreed. The metaphor in the article seems lacking: all lobbies have signs that say "not responsible for any stolen or lost items". If I leave $25M in jewelry in my room and they get stolen, it seems like a stretch that a judge would hold the hotel liable for the full amount.
It seems like a lot boils down to defining "reasonable care": https://www.legalmatch.com/law-library/article/hotel-liability-for-guests-belongings.html …pic.twitter.com/e6QLtUId1h
See, I think *if* you fail to uphold reasonable care in a blatant way - and I think phone companies have failed this way - then I have no issue with extremely high levels of liability. Failing to verify identity at all in an identity system is blatantly unreasonable.
OTOH if the hacker had, for instance, used a fake ID I'd be much more forgiving. But being susceptible to the most basic social engineering in a system with no alternative to identity verification for the customer is ridiculous.
“My 84 y/o grandma had her purse stolen. phone gone, and we just wanted the number back so that her Bridge mates could call her. I called AT&T, gave them her SSIN, payment details... but they insisted on an ID - which was stolen too - because some crypto bro lost $25mil once”
"Let's help her get remote access to her voicemail, so she can leave a message with her new phone number."
EXACTLY. There's very easy ways to help the customer while providing some amount of verification. I'd expect AT&T to do just that. Or if not, at least make *some* effort at discouraging 2FA.
But they use that information for identity verification. Virtually every company uses this excuse to collect PII when they can neither guarantee protecting it nor actually verify against fraudsters. That is a faulty system screaming for more secure technology like zkp.
"Identity" is very different for very different kinds of relationships. Phone company "identity" for their own billing purposes falls far short of being a secure way to maintain a relationship where one person is trusting another with $100,000s worth of bearer assets.
I think the issue is their system allows numbers to be ported too easily. Not that they collect info.
No. What I'm saying is they've chosen to use a system based on identity, which places the burden on them to verify that. If it were a password, the burden would obviously be on the user. Remember this is a *well* known issue with *lots* of real examples of harm (not just $).
Usage patterns may have changed underneath them and given them a responsibility they didn't *ask* for, but I think it is legitimate, nonetheless.
No. Companies should not be responsible for the abuse of their products.
*Of course* not in all cases. This is an incredibly common abuse though and these particular companies could take fairly straightforward steps to fix it.
In principle I agree with you. In this situation they know what is going on and have essentially given tacit consent.
The fault lies in using text messages as an authentication factor. ATT didn’t sign up for that. Use an authentication app or some other stronger option. Users should not be offered a weak option as a “security show”. That’s like requiring cryptic passwords limited to 8 char
I can't believe this guy didn't know the risks of storage such gigantic amounts in such a sloppy, dangerous, way.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
