01-21-20 11:51 PM
43 12
tools
  1. Ragbert's Avatar
    Hi Chuck, you don't sound like an ahole at all. My "end game" is simply to maintain some privacy, be able to freely choose what I do with my phone, and protect my personal contact info and activities from becoming part of Google's or any other public database.

    At one time, being forced to let Google log and control how one uses their OS would have been challenged in court. A little like Microsoft trying to force users of the Windows OS to also use a Microsoft-owned browser to surf the internet back in the 90s. That case resulted in (among other changes to the MS corporate structure) Microsoft being forced to allow Windows users to use any browser they wished to use, and to drop the pretense that the OS and the browser were inextricably fused together. Being forced to use Google Play and Google Services when perfectly good open source alternatives exist, feels the same way. The difference today is that an entire generation has now grown up accepting loss of privacy as just another part of life. They don't care who has access to their personal details and they have no expectation of privacy. I think that's a slippery slope - I care very much about the right to choose how private or public one's life is. I'm not angry at Google - but I'm very much disappointed in how they've sold out their former ideals, just to make it to the $trillion club. (Sorry for the soapbox, but I don't know how else to answer that.)

    So... being largely unfamiliar still with many specific Android apps, what is TextNow and how would one set up an anonymous phone number? Obviously Google Voice won't be an option for me, so I'm interested in other viable alternatives.

    Without having me sound like a total ahole, what are we trying for end game? Anonymity is possible by setting up a phone number through TextNow or some other texting app.


    Posted with my Classic, SQC100-3/10.3.3.3204
    01-19-20 02:30 AM
  2. Ragbert's Avatar
    My employers both use gmail as their domain email, and one of them insists on using 2FA with it. Problem is, I don't use my personal phone for work, and therefore not for their 2FA either. Using my VoIP work phone on my desk isn't practical if I need to check my email remotely either. But I did discover one thing Google offers, which isn't widely marketed: they will let you download up to 10 one-time use verification codes, which you can print and then use from any PC or Mac, without having to have a phone available. Once the last code is used, you can just download another set. No SMS or phone calls needed at all.

    I agree insisting on SMS is ridiculous and insecure, and prevents the use of a landline number for validation.

    I've been considering getting a Yubikey ( https://forums.crackberry.com/e?link...token=9rVIBUAx ) but to my knowledge, Google doesn't support it for the Playstore, although it does for gmail, drive, and other programs. They make them with USB-C connectors and NFC capability, so it seems that Google Play and payment authorization would be prime candidates for this.

    Yes, they will call the number automatically and a computer voice will provide a code for validation. At least they did last time I created a Google account in August, 2017 when I set up my KEYone.

    ADDITIONAL INFO:

    I just read that there have been problems with the land line verification method since last summer:

    It's possible to verify initially with a land line, but when you try to remove or change that number, Google no longer supports calling the number but simply sends an SMS message. This is a truly awful practice, both for security (SMS can't be secured against SIM swap attacks) and for convenience as SMS generally doesn't work on land lines!

    Z10 = BB10 + VKB > iOS + Android


    Posted with my Classic, SQC100-3/10.3.3.3204
    01-19-20 03:22 AM
  3. Chuck Finley69's Avatar
    Hi Chuck, you don't sound like an ahole at all. My "end game" is simply to maintain some privacy, be able to freely choose what I do with my phone, and protect my personal contact info and activities from becoming part of Google's or any other public database.

    At one time, being forced to let Google log and control how one uses their OS would have been challenged in court. A little like Microsoft trying to force users of the Windows OS to also use a Microsoft-owned browser to surf the internet back in the 90s. That case resulted in (among other changes to the MS corporate structure) Microsoft being forced to allow Windows users to use any browser they wished to use, and to drop the pretense that the OS and the browser were inextricably fused together. Being forced to use Google Play and Google Services when perfectly good open source alternatives exist, feels the same way. The difference today is that an entire generation has now grown up accepting loss of privacy as just another part of life. They don't care who has access to their personal details and they have no expectation of privacy. I think that's a slippery slope - I care very much about the right to choose how private or public one's life is. I'm not angry at Google - but I'm very much disappointed in how they've sold out their former ideals, just to make it to the $trillion club. (Sorry for the soapbox, but I don't know how else to answer that.)

    So... being largely unfamiliar still with many specific Android apps, what is TextNow and how would one set up an anonymous phone number? Obviously Google Voice won't be an option for me, so I'm interested in other viable alternatives.





    Posted with my Classic, SQC100-3/10.3.3.3204
    Download the app, enroll with an email address you just use for the purpose of apps or anonymity. It uses data and functions like VOIP as far as I can describe. Unlike Google Voice which I use as well, TextNow and similar Textfree apps don’t attach or forward like Google Voice with your actual number.
    01-19-20 10:05 AM
  4. bb10adopter111's Avatar
    My employers both use gmail as their domain email, and one of them insists on using 2FA with it. Problem is, I don't use my personal phone for work, and therefore not for their 2FA either. Using my VoIP work phone on my desk isn't practical if I need to check my email remotely either. But I did discover one thing Google offers, which isn't widely marketed: they will let you download up to 10 one-time use verification codes, which you can print and then use from any PC or Mac, without having to have a phone available. Once the last code is used, you can just download another set. No SMS or phone calls needed at all.

    I agree insisting on SMS is ridiculous and insecure, and prevents the use of a landline number for validation.

    I've been considering getting a Yubikey ( https://forums.crackberry.com/e?link...token=jMvLfdz6 ) but to my knowledge, Google doesn't support it for the Playstore, although it does for gmail, drive, and other programs. They make them with USB-C connectors and NFC capability, so it seems that Google Play and payment authorization would be prime candidates for this.





    Posted with my Classic, SQC100-3/10.3.3.3204
    Great point about the backup codes. They are very useful to prevent being locked out of your account.

    However they don't help at all with the issue of not being able to remove a land line number that can't receive SMS. For that reason, I don't recommend using a land line to validate a new Google account at this time. I think it's better to use a burner SIM card for that, or borrow a cell phone, then remove the number immediately after validation and use a different method for 2FA with no phone number tied to the account.

    Google is notorious for allowing SMS as a backup authentication method even for those of us who use an Authenticator app or hardware key. If I go to the expense and trouble if setting up a hardware key, I need tonk Kowloon that SMS won't ever be accepted as a substitute, but Google won't offer that option.

    Z10 = BB10 + VKB > iOS + Android
    01-19-20 10:21 AM
  5. Elephant_Canyon's Avatar
    Hi Chuck, you don't sound like an ahole at all. My "end game" is simply to maintain some privacy, be able to freely choose what I do with my phone, and protect my personal contact info and activities from becoming part of Google's or any other public database.
    Then you’d better start wearing a mask anytime you’re outside of your home.

    https://www.nytimes.com/2020/01/18/t...cognition.html
    01-19-20 11:17 AM
  6. Chuck Finley69's Avatar
    Then you’d better start wearing a mask anytime you’re outside of your home.

    https://www.nytimes.com/2020/01/18/t...cognition.html
    That’s amazing. Not such a big deal since I live in Florida and that’s part of different but already used database.

    Plus, I’m Chuck Finley and you can already google me
    01-19-20 12:10 PM
  7. conite's Avatar
    That’s amazing. Not such a big deal since I live in Florida and that’s part of different but already used database.

    Plus, I’m Chuck Finley and you can already google me
    You're suggesting you're a low value target then?
    01-19-20 02:33 PM
  8. Chuck Finley69's Avatar
    You're suggesting you're a low value target then?
    Always ;-D
    01-19-20 04:26 PM
  9. conite's Avatar
    Always ;-D
    Never forget the OGSA.
    01-19-20 04:28 PM
  10. Chuck Finley69's Avatar
    Never forget the OGSA.
    LMAO
    01-19-20 04:51 PM
  11. Ragbert's Avatar
    hah, I just read that a few hours ago. Frightening.

    Then you’d better start wearing a mask anytime you’re outside of your home.

    https://www.nytimes.com/2020/01/18/t...cognition.html


    Posted with my Classic, SQC100-3/10.3.3.3204
    01-19-20 11:02 PM
  12. Ragbert's Avatar
    What's even more annoying (and unbelievable to me) is that my BANK still uses my old landline for authentication! I have told them time and time again that the line was disconnected and they need to use something other than a phone number to verify it's me.

    They've dropped the security questions thing for personal accounts too. And they can't leave my phone number blank because their software insists on a number being entered there. Even though the old number was a land line, and they can't text it, never could, they won't remove it from my record. It's nuts. I told them to put in a row of 9s (or any other digit) but they won't do it.

    I even mentioned the idea of hardware security like a Yubikey (resulting in polite but blank stares back at me), but apparently banks(!) are even more behind in their security features than phone manufacturers.

    Great point about the backup codes. They are very useful to prevent being locked out of your account.

    However they don't help at all with the issue of not being able to remove a land line number that can't receive SMS. For that reason, I don't recommend using a land line to validate a new Google account at this time. I think it's better to use a burner SIM card for that, or borrow a cell phone, then remove the number immediately after validation and use a different method for 2FA with no phone number tied to the account.

    Google is notorious for allowing SMS as a backup authentication method even for those of us who use an Authenticator app or hardware key. If I go to the expense and trouble if setting up a hardware key, I need tonk Kowloon that SMS won't ever be accepted as a substitute, but Google won't offer that option.

    Z10 = BB10 + VKB > iOS + Android


    Posted with my Classic, SQC100-3/10.3.3.3204
    01-19-20 11:16 PM
  13. bb10adopter111's Avatar
    What's even more annoying (and unbelievable to me) is that my BANK still uses my old landline for authentication! I have told them time and time again that the line was disconnected and they need to use something other than a phone number to verify it's me.

    They've dropped the security questions thing for personal accounts too. And they can't leave my phone number blank because their software insists on a number being entered there. Even though the old number was a land line, and they can't text it, never could, they won't remove it from my record. It's nuts. I told them to put in a row of 9s (or any other digit) but they won't do it.

    I even mentioned the idea of hardware security like a Yubikey (resulting in polite but blank stares back at me), but apparently banks(!) are even more behind in their security features than phone manufacturers.





    Posted with my Classic, SQC100-3/10.3.3.3204
    It's true. I moved my accounts from a bank that required 2FA via SMS. Their information security team acknowledged that SMS was insecure (though it's much, much better than nothing!), but said that they weren't willing to risk customer confusion with better security practices.

    Z10 = BB10 + VKB > iOS + Android
    01-20-20 09:26 AM
  14. app_Developer's Avatar
    It's true. I moved my accounts from a bank that required 2FA via SMS. Their information security team acknowledged that SMS was insecure (though it's much, much better than nothing!), but said that they weren't willing to risk customer confusion with better security practices.

    Z10 = BB10 + VKB > iOS + Android
    You’re right that SMS is better than nothing. Where i used to work we offered SMS as the default, but then other options also. (App or hardware)
    01-20-20 04:30 PM
  15. Ragbert's Avatar
    More likely they weren't willing to risk their own employees' confusion with better security practices.

    ... but said that they weren't willing to risk customer confusion with better security practices.

    Z10 = BB10 + VKB > iOS + Android


    Posted with my Classic, SQC100-3/10.3.3.3204
    01-20-20 11:20 PM
  16. Chuck Finley69's Avatar
    More likely they weren't willing to risk their own employees' confusion with better security practices.





    Posted with my Classic, SQC100-3/10.3.3.3204
    No, I’d say customers. The average customer doesn’t care for any significant level of security above the level of convenience.
    01-21-20 07:59 AM
  17. bb10adopter111's Avatar
    What's particularly annoying with Google is that, if you leave a phone number on your Google account, they will use it as a legitimate back up for your 2FA even if you select an authenticator app or a hardware token.

    So, even if I shell out $50 for a Yubikey, Google will allow the hacker who SIM swaps me to take over my account if he asks nicely. It's ridiculous, and the only solution is not to use your cell phone number with your account, which for many people means not using Google Voice either!

    Z10 = BB10 + VKB > iOS + Android
    01-21-20 08:42 AM
  18. Ragbert's Avatar
    Yup, I'm one of those people who never has used and never will use Google Voice. I looked into it last year, considered buying a piece of hardware to send GV to a conventional landline phone too. Except for their insistence on having your cell number, I probably would have liked the service. But... just no.
    What's particularly annoying with Google is that, if you leave a phone number on your Google account, they will use it as a legitimate back up for your 2FA even if you select an authenticator app or a hardware token.

    So, even if I shell out $50 for a Yubikey, Google will allow the hacker who SIM swaps me to take over my account if he asks nicely. It's ridiculous, and the only solution is not to use your cell phone number with your account, which for many people means not using Google Voice either!

    Z10 = BB10 + VKB > iOS + Android
    01-21-20 11:51 PM
43 12

Similar Threads

  1. Stop Playing With My Emotions Johnny Boy
    By Zukadomis in forum BBRY
    Replies: 8
    Last Post: 01-29-20, 04:35 PM
  2. Beat automated application systems with this $29 resume-building software
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 01-11-20, 11:40 AM
  3. Ace your IT certification exams with this $39 course bundle
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 01-10-20, 01:40 PM
  4. BlackBerry KEYone With Foursquare/Swarm Game?
    By TurtleShroom in forum BlackBerry KEYone
    Replies: 3
    Last Post: 01-10-20, 01:36 AM
  5. Replies: 2
    Last Post: 01-08-20, 03:25 PM
LINK TO POST COPIED TO CLIPBOARD