[indiandragon]

> prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising

Facebook is not alone in misuse or wrongful use of phone number given for 2FA. LinkedIn explicitly requires phone number to be added on the profile to enable 2FA and makes the phone number visible by default to all the contacts, if you don't want your phone number visible; you'll have to loose 2FA as LinkedIn doesn't support authenticator or other alternate 2FA means(FB does).

I came to know this as after I enabled 2FA on LinkedIn, I started receiving messages from random people on WhatsApp whom I later found to be my LinkedIn contacts.

[elliekelly]

Yesterday I went to set up 2FA for MongoDB and entered my phone number in the form but then realized I could use Authy so I never hit save/submit. I’ve already gotten two text messages from them even though my account shows my phone number as “Not Set.”

It really made me wonder what other shady stuff they might be doing with my and my customer’s data.

[o10449366]

The same thing happens on many retail websites when you choose to check out as a guest or begin account creation and cancel. I automatically boycott any website that follows these dark patterns.

[jkestner]

What's the /dev/null of phone numbers?

[magashna]

Occasionally I'll send the most relentless phishermen the number of a local FBI office

[godzillabrennus]

4158675309

[dmitrygr]

Rejection Hotline (605) 475-6968

[jammygit]

Mongodb does this? Does that affect how trustworthy they are for hipaa compliant services?

[kgwxd]

Based on that phrasing, I feel like they could just reword the way they ask for the number. Instead of "Enter your phone number to enable 2FA" it would say "2FA can not be enabled without a phone number associated with your profile" and leave it at that. Then on the profile page where you enter you phone number it just list various "benefits" of giving them your phone number "friends can use it to find you", "faster support times", "ability to enable 2FA". Then they can claim they don't know the reason you added the number was just for 2FA.

[clay_the_ripper]

That’s a smart point. Yes they could probably do that.

[wutbrodo]

I'm not surprised to hear this at all. LinkedIn is probably the scummiest tech company of reasonable size, and always have been. Facebook only gets more attention because they're much bigger and more powerful, so people notice their constant toeing of the boundaries while ignoring LinkedIn blithely leaping across them.

[rgharris]

Your comment prompted me to check my LinkedIn 2FA and it turns out that they now support TOTP apps (they list Authenticator App as the option). I believe it is very new though.

[indiandragon]

You are correct. Authenticator is now available, I used to check every month and I didn't before writing this comment and resulting in stale information.

[Sargos]

Where do you see that? I still only see the option for SMS 2FA.

[rgharris]

On desktop I saw it under Settings & Privacy -> Two-step Verification after clicking "Change verification method" (previously had SMS setup).

Here is a direct link: https://www.linkedin.com/psettings/two-step-verification

[tlavoie]

Odd, on my desktop view, there is no option to change the method. It's SMS or nothing.

[yomly]

Omg this is gross. I definitely do not want random recruiters having my phone number...

[mtgx]

Definitely not. Google does (did?) it, too. It may have stopped when GDPR went into effect.

[indiandragon]

Did Google show the phone number to contacts when 2FA was added?