About security, numbers, emails and quite a bit about advertising

Warning!

In order to prevent various issues in advance, as well as to ensure ease of reading, hereinafter a small disclaimer: everything that will be written further is based on personal and subjective experience, expresses the personal opinion of the author and in no case is an appeal to any illegal or anti-state actions , the article is written in dry language and without pictures in a flash, is not informative or true.

Something like historical background

Surely everyone remembers how the Internet used to work for most people: an uncle arrives, runs a cable, you click on the Internet explorer icon and voila on your desktop, you are an Internet user. You could search for information by searching, create an e-mail one at a time, not the fact that the real name, register on blogs and social networks by mail, buy something in online stores all the same by name and mail.



But as time went on, corporations learned to earn on personal data, to display targeted and contextual advertising, states, in search of terrorists and “terrorists,” stuck their noses deeper into big data, users learned to worry about their privacy.



So we came in 2019.

Reality

And the reality is sad and alarming: how often during registration did you come across a request to indicate your number? I am sure that over the past 3 years this has happened if not every, then 9 out of 10 times. Moreover, a rare of the old services will not ask for a number when re-logging in if you have not logged in for two or three years.



How did that happen? It's simple: your mobile number, officially issued to you, is the best way to identify you, attract your attention, and disturb you.



Anyone can find you by your number, from an employee of the “E” center to a fraudster, to which there was a lot of evidence, including on this portal.



However, the saddest thing for me personally is that many users sincerely believe that the request to indicate the number is a concern for them, and by indicating the number, mail and real name, they protect themselves, information about themselves.



Next is a text about why this is not so, as well as why the number as a way of communication and advertising is out of date and your service should possibly refuse it right away.

To users

Imagine that you registered on the next portal, whether it be an online store or a site with memes, indicated your mail, number, FI, and the portal turned out to be hacked. Or it was initially fraudulent or advertising, but the first is better.



Let's look at an example of me, how much you can ONLY from open sources learn about you information:

1. Google nickname: we find out that at least I am a Picabu user, I used to play browsers for a long time, but now I own a Steam account, I'm interested in design, custom firmware for xperia z1 and carding.
2. Unfortunately we do not find anything useful in the mail , except for the nickname that has already been viewed above.
3. We find nothing by the same number. Can I relax? It’s not so: we type “number identification” in the play market, download the first application that comes across and suddenly see that you can immediately find out at least the FI, the maximum that I dress stylishly, go to some courses, work as a courier, presumably understand in marketing and studying at the International University in Moscow at the Faculty of Management of Large Cities.

Further more: using a nickname and a search service by number, we find VKontakte, where we get indirect confirmations to the theses expressed above on subscriptions and profile information, and we get the opportunity to get acquainted with the list of friends.



You ask: “So what? This information is useless! ”



Not at all. Imagine yourself as an unscrupulous cop who needs a stick or a scammer. This set, at a minimum, allows me to advertise a certain set of services, like advertising bots, regular courses for something, spare parts for an old phone, new games, and, as a maximum, in the assumption that I am not just interested in carding, try to blackmail me on this topic .



So what? You simply send the blackmailers, and the advertisement is an advertisement for that, so as not to look at it.



Again, imagine ourselves in the role of an unscrupulous policeman, fraudster, etc:

In fact, all that was written above for us is baby talk, the white top of the black pyramid. I will not write about how to access the “black” part of the data, all prices have already been described here: 1 ; 2 ; 3 .



Better think about what you can do about it.



And I can do a lot, I assure you, from the most obvious : we break through the card number and balance, if we suspect that I may have money, we call, we introduce ourselves as an employee of Sberbank and ask us to send an SMS.



The following is usually described in a statement to the police, we will not focus on this, as well as on a huge number of other possible variations ....... cheating an honest Internet user, who may not be me, but any of you, your parents and ancestors, friends.

What to do?

My, although why are my basic recommendations are as follows:

1. Keep at least two SIM cards: For one, register on different sites on the Internet, banks, bookmakers and anything else, but in no case publish this number in the public domain and do not tell anyone including friends, relatives, etc. Accordingly, use the other in public, to communicate with friends. It will not protect against a major comrade, but it will create additional obstacles to fraudsters, or at least increase their activity by another couple of thousand rubles.
2. Same as 1, only with emails.
3. Use the services that provide a temporary number and temporary mail for registration, I will not give a link because those are easily googled.
4. Do not publish important confidential information on the Internet anywhere, whether it is a LiveJournal blog or VKontakte private messages.
5. If possible, do not provide your real data anywhere.
6. Do not use the home delivery service, or call the courier at some nearest address (for example, a neighboring house, if it’s about a city, a large street, if it’s about a village or worse)
7. Do not use the internet.
8. Go to the taiga, but no, it burned down .

Holders of sites, applications, VKontakte mini-applications, games and anything else.

This article and section, in general, implies that you are a responsible citizen, respect human rights and the constitution, if this is not so, please stop reading and follow for a long time to come.



So, how to ensure the safety of users and maintain a reputation? My options are below:



1) Registration without mail and phone.



An ideal option, as an example of which you can recall the well-known three-headed website in the .onion zone, where during registration you enter the login, the displayed login and password, and, as it were, everything. An ideal user uses a unique username and password for such a site (not used by him on other sites), which does not allow even in the case of a database theft and public access to establish associations with other more accessible (read above how) services and public information.



Of the problems is the display of advertising, which, however, will not be much difficult if you use solutions from google, Yandex and others, as well as problems in relations with the state, which, in most cases, are solved by registering the site in a foreign jurisdiction and hosting them there , and if you publish information about countering the security forces, libertarianism, anime and seals and you do not fall into this majority - even more so.

It is important to understand that this option does not imply the absence of a user ip record in your databases, the storage of cookies and reading webRTC, such solutions are more for criminal communities, but it is about protecting citizens from all the bad things.



2) Registration only by number.



Surprisingly, the option is much more convenient than registering by mail, which in 2019 is automatically perceived as “we will spam you useless mailing all day every day,” and in fact it is.



When using this option, it is ideal to use two-factor authentication so that an attacker who has a number and password could not log in without an SMS code, and who has a duplicate of a SIM card or SMS forwarding stumbles on a password.



3) Registration only by mail.



Option for the "old", which, however, does not add any additional useful features to the first, except for account recovery by mail, which the attacker will often use.



It is important to understand that the options above will suit the corporate blog, but not the bank and not the state. service (their safety is a separate huge question that no one raises because of their reluctance to go to the forest or to sit down), however, to refuse the ideal model is not to love yourself, because all that is not development is degradation.



Well, a little about advertising, in the title, after all, it was promised



2019 - this is when you delete letters without reading, 2019 - when you hear a call, you think “again these free legal advice / water filters for only 100 TR / polls / whatever else). 2019 is the year when you and your service need to reduce contact with the client by e-mail and mobile number to a minimum. Create a chat on the website or in the application in your account. It is not difficult, not expensive, but it is priceless when it comes to loyalty.



And if you do not agree, answer a simple question - will you answer the phone if you see that Google dialer, get-contact or something like that marks it as spam, and if so, with what attitude.



From life stories: summer, 10am, I'm on the bed, sleeping. CALL. Google defines as reg.ru

I wake up, in my head the thoughts are that the site’s eshnists are covering me? I answer the call:



-> Good afternoon, this is reg.ru, did you have any problems using our service?

-> No, the service is convenient, the interface is clear.

-> Thanks, bye.



What it was, I still did not understand, but the morning was spoiled, and an unpleasant residue remained in my head.

And there are a million such stories only with me.



Upd: Many thanks to the user berez , for correcting my school errors with commas and tsya / tsya.