Privacy

31816 readers

296 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Dropping Cellular for VoIP? Daily Phone use. (lemmy.ml)

submitted 1 month ago by OhVenus_Baby@lemmy.ml to c/privacy@lemmy.ml

41 comments fedilink hide all child comments

This should be far more secure and privacy friendly than a Sim card of a cellular connection. Why isn't this done more often? What are the Pros and Cons. I bet the price is similar as well.

you are viewing a single comment's thread
view the rest of the comments

[–] delirious_owl@discuss.online 3 points 1 month ago* (last edited 1 month ago) (2 children)

Can you name me an EU bank that doesn't demand a phone number to signup?

Unfortunately, PSD2 doesn't support TOTP and other strong 2FA solutions, so they all appear to require phone numbers. This is one area where EU is worse than US

[–] JustEnoughDucks@feddit.nl 3 points 1 month ago* (last edited 1 month ago) (1 children)

That is a completely separate issue from the above commenter.

You absolutely cannot get 2FA authenticator codes from 90% of services

A shockingly large amount of companies demand phone numbers and send verification texts before allowing you to do business with them, to create an account, to recover an account, to delete an account, to place an order, etc.

They really shouldn’t, it’s a bad security practice but companies love it because with a phone number they can lower support costs by just allowing people to do a self-service where they get an automated text and can unlock their locked account.

Also an issue, but indeed a separate issue from using unsecure SMS as TOTP.

[–] delirious_owl@discuss.online 1 points 1 month ago

I don't follow. Banks are required to use insecure SMS for OTPs by PSD2

[–] Nithanim@programming.dev 2 points 1 month ago (1 children)

My EU bank never ever used my phone number to verify anything. They only used it to contact me on some occasions. 2FA is done through their app.

[–] delirious_owl@discuss.online 1 points 1 month ago* (last edited 1 month ago)

Oh, right, their closed source app. Thats allowed. So it requires a phone.

So the OTP is still transmitted to satisfy the requirements of PSD2. But TOTP (a more secure system that doesn't transmit the OTP at all) is not allowed.