Ask HN: Is your phone number “private”

3 points by Berniek ↗ HN
Most people use one mobile phone number. (unless of course you have a company phone as well as a personal phone) So..is the phone number itself subject to the privacy laws and or privacy statements of websites? Usage would be when you add it to a website for 2FA for instance. Is the website entitled to use it as an identifier? Because it is almost unique it could be used for tracking purposes. It is a unique identifier to you. I am not talking about phone calls, but because it can be associated with your interactions on a website it can be used as data and collated (by Google or Facebook etc). It can be cross referenced with other websites.

2 comments

[ 5.0 ms ] story [ 17.0 ms ] thread
Since IP adresses are considered PII under the GDPR, a phone number almost certainly is too.
As a practical matter a phone number given for MFA will be abused for other purposes, that happened at both FB and Twitter[1,2].

If the servers or companies are in America (where I was born), GDPR will be reactive to incidents and thus good opsec is needed since GDPR can't solve a damn thing if you're dead, severely injured, or horrifically traumatized.

That's why I suggest keeping two numbers -- one in a VOIP provider. That's your Signal, that's your "personal" number etc and you can filter what hits the phone in your pocket.

Then you have a sim in your phone that changes often which the above redirects to. (Pick one with a good data plan since connecting to wifi harms location privacy)

Just be wary of VPNs if using Tor, since it will erase the benefit of having multiple circuits[3].

Also on a personal note: I had several IT failures and this setup is currently broken -- I found the password to this account after recovered a passphrase last night I thought I had permanently forgotten after a violent incident -- I hope folks don't abuse the spirit of this advice by filling my phone with death threats, spam, and photos of themselves from the neck down like the last time I gave out privacy advice in the clear

(Sorry I couldn't be more help on the policy side -- those people seem to just... do whatever they want. Be careful!!)

--

[1] https://www.darkreading.com/endpoint/twitter-slip-up-spills-...

[2] https://techcrunch.com/2018/09/27/yes-facebook-is-using-your...

[3] https://web.archive.org/web/20161113094500/https://matt.trau...