Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

Cup Runneth Over posted:

Nah I use Origin

do you do the same aggressively (with dns blocking) on mobile and ensure no one has your number also?

Adbot
ADBOT LOVES YOU

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





RFC2324 posted:

there is also a plugin that automagically containerizes facebook, called Facebook Container, using Firefoxes built in containers.

From the description, seems only useful for people who log into facebook.com, which as previously mentioned, I have never done

BaseballPCHiker posted:

The EFF has a privacy badger plugin for Firefox that will accomplish this.

Thanks! I'll add this to my repertoire

Biowarfare posted:

do you do the same aggressively (with dns blocking) on mobile

yes I use the same on mobile

Biowarfare posted:

and ensure no one has your number also?

Cup Runneth Over posted:

Where do you think we are

Acer Pilot
Feb 17, 2007
put the 'the' in therapist





Cup Runneth Over posted:

From the description, seems only useful for people who log into facebook.com, which as previously mentioned, I have never done

the facebook container on firefox keeps any website trying to load FB or any of their websites isolated as well. you don't need to have logged in before to keep FB tracking you.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

Cup Runneth Over posted:

From the description, seems only useful for people who log into facebook.com, which as previously mentioned, I have never done


Thanks! I'll add this to my repertoire


yes I use the same on mobile

now your next problem is that many people you do business with will server-side upload your information to facebook

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.



RFC2324 posted:

there is also a plugin that automagically containerizes facebook, called Facebook Container, using Firefoxes built in containers.

There's also Firefox's "first-party isolation" feature which effectively puts every domain in its own cookie/cache container. It's fairly effective all by itself at keeping evil advertisers from tracking you all across the web, though of course it's not a magic bullet. And it also breaks cross-domain things that you might actually want, like SSO.

It's a setting in about :config, just set "privacy.firstparty.isolate" to true and you're all set.

whimsicaltelegraph
Apr 5, 2021


droll
Jan 9, 2020


Let's play a game?

Subjunctive
Sep 12, 2006

sparkle and shine



RFC2324 posted:

there is also a plugin that automagically containerizes facebook, called Facebook Container, using Firefoxes built in containers.

That thing is worth all the container development itself.

SMEGMA_MAIL
May 4, 2018


THUNDERDOME LOSER 2021





RFC2324 posted:

how are you checking phone numbers?

I didnít I checked my email.

SMEGMA_MAIL
May 4, 2018


THUNDERDOME LOSER 2021





Powered Descent posted:

There's also Firefox's "first-party isolation" feature which effectively puts every domain in its own cookie/cache container. It's fairly effective all by itself at keeping evil advertisers from tracking you all across the web, though of course it's not a magic bullet. And it also breaks cross-domain things that you might actually want, like SSO.

It's a setting in about :config, just set "privacy.firstparty.isolate" to true and you're all set.

Oh I can actually contribute. I use Firefox multi account containers, you can make color coded tabs that isolate different sessions in the same browser. You can set it up to prompt you or force you to open certain domains in certain containers too. If you need to use google sso for any other site you can just open it in your google container and with a couple extra clicks get the same functionality as if you were doing everything on one session

Strawberry Pyramid
Dec 12, 2020


https://twitter.com/troyhunt/status/1379244231059927042

Volmarias
Dec 31, 2002



Burma Shave

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!





gently caress off go away

Kazinsal
Dec 13, 2011






ohhhhh shiiiiit I forgot about that ARG thing

maybe reddit is a better place to try my guy, no one here really wants to burn the time or effort to do weird crypto puzzles these days

denereal visease
Nov 27, 2002

"Research your own experience. Absorb what is useful, reject what is useless, add what is essentially your own."

Did they (Troy Hunt?) pill the plug on selling haveibeenpwned? I recall hearing a couple years ago that they were looking to offload that...

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

denereal visease posted:

Did they (Troy Hunt?) pill the plug on selling haveibeenpwned? I recall hearing a couple years ago that they were looking to offload that...

Yes https://www.troyhunt.com/project-svalbard-have-i-been-pwned-and-its-ongoing-independence/

Combat Pretzel
Jun 23, 2004

No, seriously... what kurds?!

The phone number search turns up mine in the Facebook leak. Yay. Now on to trying to remember why the hell I put it in there to begin with. Probably 2FA. So much for that.

RFC2324
Jun 7, 2012

http 418



Yeah, I wonder how many people think they are protected by 2fa but forgot that FB requires a phone number for sms failover to enable 2fa at all

Strawberry Pyramid
Dec 12, 2020


Yeah, the irony is this leak probably most punishes people who went out of their way to try and make their accounts more secure. I ran my family's numbers who wouldn't care about that at all and naturally came up clean.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.




RFC2324 posted:

Yeah, I wonder how many people think they are protected by 2fa but forgot that FB requires a phone number for sms failover to enable 2fa at all

They don't though? I have 2fa enabled and Facebook has never had my phone number. Under my profile I don't have a backup method enabled.

Sir Bobert Fishbone
Jan 16, 2006

Beebort


I'm nearly certain I had my phone number linked to my account from about 2006 until sometime last year, but it's coming up clean on HIBP.

Martytoof
Feb 25, 2003







Make sure you put in your whole phone number, including the 1 prefix, if you're hunting through pwned. Mine showed clean until I did 1XXXYYYZZZZ. I only tried again because I know for a fact I am in the dump.

Sir Bobert Fishbone
Jan 16, 2006

Beebort


Martytoof posted:

Make sure you put in your whole phone number, including the 1 prefix, if you're hunting through pwned. Mine showed clean until I did 1XXXYYYZZZZ. I only tried again because I know for a fact I am in the dump.

Yep, still no hits. Guess my number is safe until the next dump.

Fame Douglas
Nov 20, 2013

RELY NOT ON MY HONOR!!! FOR WHEN I OFFER MY WORD OF BOND, I TAKE NOT THAT VOW TO HEART!! CASUALLY, I BRING SHAME TO MY HOUSEHOLD AND RUIN TO THOSE WHO RELY ON MY COMMITMENT, BY SHIRKING MY AVOWED DUTY

Sir Bobert Fishbone posted:

Yep, still no hits. Guess my number is safe until the next dump.

Wait, are the Democrats doing it again??

DrDork
Dec 29, 2003
commanding officer of the Army of Dorkness

Martytoof posted:

Make sure you put in your whole phone number, including the 1 prefix, if you're hunting through pwned. Mine showed clean until I did 1XXXYYYZZZZ. I only tried again because I know for a fact I am in the dump.

Same. At least most of the major US telecoms said they recently changed their SMS routing policies to cut off that whole "lol for $5 I can redirect anyone's SMS straight to me" thing.

The Iron Rose
May 12, 2012

Cat Army


Martytoof posted:

Make sure you put in your whole phone number, including the 1 prefix, if you're hunting through pwned. Mine showed clean until I did 1XXXYYYZZZZ. I only tried again because I know for a fact I am in the dump.

welp.

my facebook account has been closed for years, but they still got me drat

oh well more justification for my death to facebook stance

Absurd Alhazred
Mar 27, 2010

I'm the babyliberal, gotta love me!


Strangely my number isn't in the list even though I think my account is linked to it. I did it with 1, +1, etc.

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!


Pillbug

I mean, at worst most people's phone numbers are already widely available on resumes, etc. As far as credentials go, its just another damning reason to solve issues with SIM spoofing and phone 2FA

DrDork posted:

Same. At least most of the major US telecoms said they recently changed their SMS routing policies to cut off that whole "lol for $5 I can redirect anyone's SMS straight to me" thing.

Yeah, that just happened recently. So hopefully if that resolves the issue, oh no, they got people's phone numbers so they can start vishing them.

CommieGIR fucked around with this message at 17:51 on Apr 6, 2021

Buff Hardback
Jun 11, 2019



RFC2324 posted:

Yeah, I wonder how many people think they are protected by 2fa but forgot that FB requires a phone number for sms failover to enable 2fa at all

You can disable phone number failover after setting up 2FA

DrDork
Dec 29, 2003
commanding officer of the Army of Dorkness

CommieGIR posted:

I mean, at worst most people's phone numbers are already widely available on resumes, etc. As far as credentials go, its just another damning reason to solve issues with SIM spoofing and phone 2FA

Yeah, that just happened recently. So hopefully if that resolves the issue, oh no, they got people's phone numbers so they can start vishing them.

Yeah, I think for most people in the US this'll just mean that if you weren't getting a ton of robo calls about extended car warranties before, you will now. It'll be a bigger issue in other countries where SIM spoofing is a much, much bigger issue.

EVIL Gibson
Mar 23, 2001

Internet of Things is just someone else's computer that people can't help attaching cameras and door locks to!


Switchblade Switcharoo

Never used facebook after seeing how it turned my family into a bunch of pyschopaths who have something to say.

RFC2324
Jun 7, 2012

http 418



Buff Hardback posted:

You can disable phone number failover after setting up 2FA

they shouldn't require it in the first place, and do you think that means your number isn't associated with the account?

that is, however, good to know, thanks

SMEGMA_MAIL
May 4, 2018


THUNDERDOME LOSER 2021





Somehow Iíve escaped, I checked again. Weird, maybe because my FB is old as poo poo and I made it before it was common to pair phones and online accounts? I thought I had mine on my account but I donít thank god.

droll
Jan 9, 2020


My number didn't show up. I have no friends.

Mm.

Volmarias
Dec 31, 2002


DrDork posted:

Same. At least most of the major US telecoms said they recently changed their SMS routing policies to cut off that whole "lol for $5 I can redirect anyone's SMS straight to me" thing.

Wait, this is the first time I've heard of them changing that. Are there any more details?

Malloc Voidstar
May 7, 2007

Fuck the cowboys. Unf. Fuck em hard.

Volmarias posted:

Wait, this is the first time I've heard of them changing that. Are there any more details?
https://www.vice.com/en/article/5dp7ad/tmobile-verizon-att-sms-hijack-change
no longer permitted, all numbers reclaimed by the carriers

no actual public statement by the carriers though

Volmarias
Dec 31, 2002


Malloc Voidstar posted:

https://www.vice.com/en/article/5dp7ad/tmobile-verizon-att-sms-hijack-change
no longer permitted, all numbers reclaimed by the carriers

no actual public statement by the carriers though

Thanks!

BaseballPCHiker
Jan 16, 2006



I have read, and Im not 100% sure on this, that the above was limited to the "major" carriers in the US, meaning some podunk regional providers might still be affected.

Martytoof
Feb 25, 2003







Does pastebin pro ever actually go on sale? It's "sold out" every time I check.

Adbot
ADBOT LOVES YOU

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Martytoof posted:

Does pastebin pro ever actually go on sale? It's "sold out" every time I check.

Any reason you don't use github gists?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply