Facebook people, can you explain the context in which this security feature makes sense? Site that tracks everything about you will send encrypted email to tell you to log in to see a new message...pic.twitter.com/lH7QOfhQs5
The light inside is broken, but I still work. The Cadillac of online bookmarking sites. Alleged nocoiner. http://pinboard.in maciej@ceglowski.com +1 415 610 0231
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
Facebook people, can you explain the context in which this security feature makes sense? Site that tracks everything about you will send encrypted email to tell you to log in to see a new message...pic.twitter.com/lH7QOfhQs5
Hi! I was the kinda-product-manager for this — the geniuses behind it were Jon, Steve and Zac and I'll let them "out" themselves if they choose — but seeing as I left 18 months ago, I can explain it, sure! (cont…)
tl;dr — 1) Facebook genuinely care about security and privacy, you may this is bonkers, but they do. 2) PGP is cool, and FB recognise this. 3) Enabling PGP encryption for email enables an end-to-end-secure (strictly: server-to-eyeballs-secure) means of communication. (cont…)
4) Having E2E Security for Email is especially cool, because it protects notifications of sensitive content (eg: message fragments) -AND- account recovery dialogues; this latter is an especially useful for additional hardening of your account against hijack.
So, it seemed like a great idea to: (a) help get more people using PGP and (b) protect peoples' communication and (c) offer more protection for account holders, plus (d) it was cool, and fun to build. That's why. Any more questions?
ps: 1) consider the number of email providers that get popped 2) consider the number of passwords that are reused 3) consider how beneficial it might be to have a private key stashed on a laptop, protecting your account recovery flow 4) wonder why you haven't enabled it already?
The setup process for adding your PGP key to Facebook encourages you to add your mobile phone number, which overall makes your account less secure.
"HEY, FACEBOOK! I LOST MY PGP KEY AND MY ACCOUNT PASSWORD! CAN YOU HELP?" "Did you set up an alternative form of 2FA? Like SMS or something?" "NO, BECAUSE I AM SECRETLY EDWARD SNOWDEN AND HAVE A THREAT MODEL. OR SOMETHING." "Oops."
Facebook actually has a fallback authentication mechanism that doesn't make you more vulnerable ('Trusted Friends'), but it encourages you to add SMS. Sad!
In case this little role-play is not clear: using PGP to secure your account is not some half-assed thing; if you lose both your PGP key AND ALSO your Facebook password, you are _screwed_; hence the push towards backup 2FA. I am not sure what the minimum spec is at the moment.
My point is the backup 2FA it pushes you to use more than negates the security advantage of having this feature in the first place. Additional bonus point: ALL CAPS mockery may not be the most effective way for us to discuss this
"OMG! Edward! Really? Can I have your autograph?" We can leave the discussion of the ease of mounting a SS7 attack against everyday users, versus the likelihood that anyone who -really- might face an SS7 attack not choosing "Trusted Contacts", until morning my time.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.