Email or username:

Password:

Forgot your password?
BrianKrebs

I'm pretty sure Mastodon is the first social network I've been on that didn't immediately ask me to betray all of the people in my address book.

256 comments
Loukas Christodoulou

@briankrebs now I'm imagining how signing up with all the others is like being a member of the French resistance captured by the Gestapo.

WE WANT NAMES

Mx. Eddie R

@Loukas @briankrebs@infosec.exchange
It's in your power to make the email digests stop.
All you need to do is give us a name.

Reduxe

@briankrebs and check your add blocker... There's nothing for it to do...

Andrei Kucharavy

@reduxe @briankrebs

It is one of maybe 5 websites for which I did not have to adjust my uMatrix flags. Because it's all first-party.

Geoff Green

@briankrebs yes, I had to take an extra step to betray them!

Hambone Fakenamington

@briankrebs I can help you with that, please send your address book for validation.

GrayGooGirl 🏳️‍🌈

@briankrebs
No profit motive means no need for never ending userbase growth. It's a beautiful thing antithetical to what we've come to expect of social media.

Jay Taylor

@briankrebs True. But, Mastodon is the first social network I've joined where none of my friends IRL have accounts.

Woodrow Douglass

@jaytaylor @briankrebs me too... It's the first social network that is free from my friends stupid politics. I'm just here for the CS papers and cat pictures.

Oblomov

@jaytaylor
that's easy to solve: tell your friends IRL to make an account without giving away their contact information to parasitic third parties!

@briankrebs

Pete

@briankrebs I hadn’t even noticed, but you’re right. On the other hand, if we’re feeling nostalgic we can always copy paste it in to some request headers or something.

BrianKrebs

I mean, think about this for just a sec: LinkedIn, Twitter, SnapChat, Instagram, the list goes on and on. The VERY first thing these platforms will do after you've installed the app and logged in is to ask you to share all of the information in your address book. Ever wonder how these social networks got so big so fast? It's remarkable how much of their growth is based on convincing everyone it's totally fine and normal to give away all of the contact information given to them by friends, family and acquaintances.

Jurjen Heeck :mastodon:

@briankrebs The one & only reason I refuse to use or even install those apps on devices containing address information. I only have an Instagram app on a tablet with zero contacts.

Christian Fomm

@jurjen_heeck @briankrebs

Even if you have never been registered on Facebook etc.: Facebook knows your mobile number and mail address because other people have already uploaded them.

You can delete your phone number/mail address from meta's database via the following website:

facebook.com/contacts/removal

Shannon

@fomm @jurjen_heeck @briankrebs is there one for LinkedIn? I purposely deleted my original LinkedIn account to get a fresh restart with no connections. When I created a new LinkedIn account and instructed it not to be found via email or phone, I was still located by people who had my contact info.

Jurjen Heeck :mastodon:

@shecantech @fomm @briankrebs Same issue. Linkedin occasionally pushes me to invite people to join LinkedIn based on such network knowledge.

Shaun Dyer

@jurjen_heeck @briankrebs @fomm Thanks for the link that’s really useful. I wonder if the other big tech companies have something similar

David Penfold :verified:

@fomm @jurjen_heeck @briankrebs it seems to work for mobiles and landlines, but refuses to allow me to select email (FF on Android)

Jan Schaumann

@fomm @jurjen_heeck @briankrebs

Fun fact: the mail server(s) Meta uses to send the confirmation email are in Spamhaus's Block List...

Louis Ingenthron

@jurjen_heeck With modern phones, you can just deny them the permission to access the data.

J$

@briankrebs This is exactly what turned my stomach immediately, and then strengthened my resolve. I’ve also made myself impopular by raising an eyebrow here and there when actual friends just started giving away my personal info without even as much as a single thought.

John Gordon

@briankrebs

There was a brief time that printed White Pages went digital and even national. That was mind blowing. I could see contact information for everyone in the US.

It only lasted a few months I think. Then gradually all White Pages went away.

So the process can reverse.

Francisca Sinn

@briankrebs and how many people say “yes” to sharing that information without a thought.

Karsten Johansson

@fsinn @briankrebs It's done under the guise of finding out who in your contacts also use the app or site. So I'd hazard to say pretty much everyone.

Of course it is used for that, but oh so much more, too.

Francisca Sinn

@ksaj @briankrebs Oh I understand what they say it’s for, I’ve just never said yes, so as to protect both my info and that of my contacts.

Francisca Sinn

@quotesofnote @briankrebs I guess so. I recognize that I’m an outlier, but I’ve never said yes.

DELETED

@fsinn @briankrebs OK, I think "everyone" is too strong. I would dial that back to "far, far too many". I am appalled by how much of their own personal information so many people will give away without a second thought, and really disturbed that someone else gives away my contact information (with or without a thought).

I have never said "yes" to providing contacts, but then again, I haven't even signed up for things like facebook, linkedin, etc.

DELETED

@fsinn @briankrebs And I am aware that despite my attempt to avoid it, most of my "data" is harvested/shared with various actors on-line (when it isn't outright hacked or stolen).

joy larkin 🌺✨

@briankrebs One thing about this ever persistent social graph building... I'm just more (or less) shocked by the number of long-ago exes who apparently still have my number in their contact lists.

AardvarkSagus

@briankrebs and that’s something I’ve not given any app the rights to.

Dr James J Teeth

@briankrebs

I generally avoid apps unless they provide me a utility that isn’t available through a browser. And then the utility needs to be significant. Social media data mining of devices is a big driver of that.

Proxima Centauri

@jernej__s @briankrebs

Mikko is here in spirit: @mikko the reality is that the Finnish elite and most of the European elite too aren't as bothered by Elon.

In here, Elon news isn't as well covered.

Proxima Centauri

@jernej__s @briankrebs @mikko

That said, they would jump ship like rats when the US Democratic party jump ships.

If US Democratic party elite for some reason finds their way to Mastodon rest of the world elite follows, they aren't that fond of Republican-only Twitter at that point.

jo

@briankrebs And that's the reason I don't use Signal. Doesn't matter how great the crypto is. The app part of it is shit.
(Not to mention relying on phone numbers for identifiers...)

corq

@briankrebs @viss Cool, since we're all the last bastion of good examples, none of us use that tech at all, amirite?

2xfo

@briankrebs I shared my contact details with LinkedIn once because I didn't realize they had scrapped that from me somehow and those people weren't already on the service. I felt pretty used when I realized it sent them invites on my behalf.

I never allowed a service to do that again. I care about the privacy of my contacts as much as my own. (I mean, I guess it's still my privacy too.)

Picardy Security

@briankrebs You mean like Zoominfo (which at one point had billboards in California airports) building it's business model on people sharing their outlook contact forever via a plugin for access to searching everyone else's aggregated outlook contact info?

Robbie Coleman

@briankrebs it's also the feature that I believe was responsible for Facebook's ability to take the lead from MySpace in late 2009.

Kohan Ikin

@briankrebs You can add Viber to that list! I blocked it from accessing my Android contacts, and yet within seconds of providing my number (and no other details yet, not even name or photo, hadn't finished signup), I started getting Viber messages from old friends who have my number.

Viber insists they don't upload numbers and that what I describe couldn't have happened. Never figured who to report that privacy breach to... but it wouldn't get anywhere anyway, right?

Dave

@briankrebs Remember MCI's Friends and Family campaign and how many hated the spam? Tobe social media was taking notes to improve on MCI's mistakes.

Grant Denkinson

@briankrebs Indeed. I'd never want to do that without explicit permission from every single person and I'm not likely to ever want to ask that. Feels like some apps are not helpful but tripwires to do something bad by accident. They shouldn't be and my operating system should help protect from such leaks by disabling the capability. I do want my contacts manager to let me try to contact someone via a service.

OldHound

@briankrebs I don’t think I’ve ever shared my contacts with any platform. It’s one thing for me to consent to give some of my personal information to these patrons, but completely another if I sell out family and friends without router consent. 🤷🏻‍♂️

Sam Gross

@briankrebs the big weird is that everyone acts like it’s *their* data to share when it really is *mine*

DELETED

@briankrebs in the middle ages the inquisition used to have to torture people for their contact list... Torquemada wishes he had been alive in these times!

Nantucket E-Books

@briankrebs Your post prompted me to delete my Instagram account, which I haven't used in several months. Then I was reminded Facebook makes it almost impossible to delete accounts.

I deleted my LinkedIn a couple years ago.

Michael

@briankrebs Smells like a story that media outlets should be digging into. Society needs to understand the depravity.

Matthew Clover

@briankrebs Everything feels way more low key here, in a good way. When I go into my Instagram account, I can barely stay there for very long with all the ads and sponsored posts. Had completely forgotten about the whole giving away contacts thing.

Rich Felker

@briankrebs The concept of devices having a global contacts list, rather than each app having its own, is just so stupid and ripe for abuse. There are exactly zero times I've wanted to use someone's legacy POTS phone number in a context other than the stock phone/SMS apps (which could & should have been a single unified thing so as not to have to share data).

jomo

@dalias @briankrebs this. It's terrible how you share all contact details, i.e. contact's photo, email address, postal address, etc when you'd just need the phone mumber for contact discovery

Rich Felker

@jomo @briankrebs Ok but I don't even want contact discovery except manually. Just because I've once contacted a person on one channel doesn't mean I want to see and be seen by them on every random platform we happen to use. For the vast majority of contacts, a single preferred platform/channel to reach them thru is (more than) sufficient.

jomo

@dalias @briankrebs agree, it's overall terrible how mobile OS handle this.

Jernej Simončič �

@dalias @briankrebs The problem is that there's an app privilege to access full contact list, instead of an API to have the user choose a specific contact to share with the app on as-needed basis.

FeralRobots

@briankrebs
I'm so used to reflexively working around the request that I don't even notice it anymore. But...yeah!

J🍩hn Fünk

@briankrebs Wow, excellent point. I'm so accustomed to ignoring that prompt when the other guys do it that I didn't even realize Mastodon didn't.

Peter Emery on The Blower

@briankrebs Go back 10 years. AppDotNet was the Twitter/Facebook refuge where users' data was their own.

Paul Turnbull :CApride:

@briankrebs Well at least the ones of the last couple decades. In my head there’s a continuity from the old BBS’s through UseNet to the current iterations so I remember the time when I could sign up to stuff and not get that stuff.

rimugú

@briankrebs
That is an interest take.
No social network I have been in has asked me to betray anyone.
They try to manipulate me, but none as ASKED to betray (all they do is without asking and rarely they do something in my or my friends benefit).

BeeCycling

@briankrebs Even Pokemon Go wants me to give up all my contacts in my address book. Et tu, Pikachu?

RuralTechie

@briankrebs Or provide a phone number "for verification".

David Hopeward

@briankrebs Mastodon is here to build slowly, naturally, with real human interaction and interest in openly shared ideas. You build a network with your own choices and whatever connections you make (and allow). It’s like a nice party, not like a fever dream of manipulation and desperation- which is how most social media works, imho.

Inkican

@briankrebs Well I'll do it for them - GIVE ME YOUR ADDRESSES, BRIAN - GIVE THEM TO ME NOW.

Travis

@briankrebs @selea Even telegram. Telegram used to be cool, but it's generally just terrible now.

Mark Darbyshire

@briankrebs Ugh, it doesn't matter how many times I say NO and delete any data they got off me, the apps still try and trick me into giving them permission by springing dialogues on me at inconvenient times so I press yes without thinking. Or they suggest “contacts” to me regardless, perhaps because I'm in *their* contacts. They have no concept of how consent is meant to work.

IOU A Name

@briankrebs .... ..... ......... You need asked to do that? This is why Nixon called me a 'fine young gentleman.'

Cherteapet

@briankrebs You said it! We ‘had to’ buy a burner phone for Twitter because they began to require that!, & we weren’t about to give the real pn. They owe us for the stupid phone & all the minutes we had to purchase over the yrs. Then 2019:
Twitter says it "inadvertently" used phone numbers and email addresses its users provided for account security purposes to target ads t.co/gpRohWhlv1

8tpercent

@briankrebs this sounds like withdrawal symptoms... To ease your symptoms... Just copy all you contacts into notepad, a csv file or screengrabs... and attach to your posts here... I'm sure it'll be fine 😂 seriously though... It's very refreshing isn't it.

Glock Enterprises

@briankrebs …or force you to scroll down through 10 ads to find content by anyone you’re interested in

Jens

@briankrebs I agree. So nice. Dont miss the other ones

British Tech Guru

@briankrebs That's because Facebook, LinkedIn, Twitter, SnapChat, Instagram etc are not "social media" but marketing companies who pretend to provide social media but who actually market and sell all your personal data - including relationships. They're like recruiting companies that advertise fake jobs and collect resumes then demand references then try to sell their services to your referees.

James Corey

@briankrebs I figure someone will point out the existence of tools like twitodon or movetodon, either as a counter-example, or a way to address the tradeoff of making the connection process more convenient, as a service to the user. And so, I want to point out, having a way to find them is fundamentally different from exposing them, and if you wanted a good and trustworthy tool to expose selected rows and columns of your addressbook, it's easier to just bcc them, and/or post to whatever group.

Ciscogod

@briankrebs I don’t believe any of them ask, they just pilfer away.

KLB

@briankrebs or them to betray you!! (Great choice of words, btw)

JamesTDG

@briankrebs yup, even Reddit wanted my address book

Tom Walker

@briankrebs This reminded me of the time I went on Tiktok and I did *not* share my address book.

But then it showed me a video by an acquaintance from a few years back with the explanatory text:

"You're in their address book."

I genuinely physically recoiled.

DELETED

@briankrebs
I find that since I closed my twitter account, the craploads of political spam has dropped *almost* to zero from my email.

Nathan Wrigley :wordpress:

@briankrebs This is one of many indicators of why you 'might' like to stay here.

420

@briankrebs let’s see if Mastodon is going to make it or if all the Twitter refugees go to the next “big” thing. Bluesky or whatever.

Kaiiak

@briankrebs
But then you won't get a free whopper

Half Cocked Law

@briankrebs disappointing that I didn't poison another directory with false email and phone numbers and first name only entries

Jonathan B

@briankrebs lol, I don't remember myspace asking for that...

BlackDutchSnark

@briankrebs I never let any app link to my contacts. I learned the lesson long ago when someone linked me in another email into FB, then their account was hacked & I got so much crappy spam email, I had to delete the account. I really don’t want to follow most people in life anyways b/c I really don’t care that much about most people’s lives. If I want to follow certain people, I find the people I want to follow myself. If the app stops working b/c I say no, I delete it.

SymTrkl :bf_trans:

@briankrebs No, it usually takes a couple weeks for the "crap, I have to move before their instance defederates with us" rolls around.

:mastodonworld: Caleb

@briankrebs I’d be happy to have just one friend who thought like this before betraying me

St Joan 🌈of Mastodon:🦘 Saint

@briankrebs that's a point I had forgotten about the others. I've never let either of them in but with almost 4000 in the address book would make for some interesting reading.

Daniel Ninja

@briankrebs at a time when I hate everyone in my address book. Not hate hate, but like petty hate.

Phil Landmeier

@briankrebs Good point. I've been in the fediverse for years and never thought about this specifically.

It seemed obvious since what is Mastodon or any of the others going to do with contacts? Mastodon isn't selling anything, isn't trying to build up a user base to make money off of. In fact, in the early days membership was by invitation only. "Walk in" users were not welcome. Nobody was trying to increase the user base. We wanted to keep it small, to a limited number of select people. Asking for someone's contact list doesn't even make sense in that context.

@briankrebs Good point. I've been in the fediverse for years and never thought about this specifically.

It seemed obvious since what is Mastodon or any of the others going to do with contacts? Mastodon isn't selling anything, isn't trying to build up a user base to make money off of. In fact, in the early days membership was by invitation only. "Walk in" users were not welcome. Nobody was trying to increase the user base. We wanted to keep it small, to a limited number of select people. Asking for...

Billy Smith

@briankrebs

Back in 2001, when LinkedIn was in beta and i was working at a college, i got an email from one of my friends asking me to sign up to LinkedIn.

I said sure, and used the college email. After they extracted the contents of the address book that was attached to the college's email, everyone in the college received an email from the Dean, who had been targeted specifically.

All the staff at that college signed up.

"If the boss asks for it then..."

Jeff Morris ZA

@briankrebs I will never hand over my contacts voluntarily but there are positive and negative sides. Donating your contacts helps strengthen traction which is what a commercial social network is after. At #Mastodon growth is by word of mouth, as it were, and will be slower.

Osma A

@briankrebs I've worked on three that didn't, either. Mind you, they were pre-mobile.

DELETED

@briankrebs Reddit didn't for me but all the others, yes.

Arnan de Gans

@briankrebs first in a long time yes. Nor did it ask for my phone number under the guise of security…

(っ◔◡◔)っ 𝑱𝑬𝑵𝑺

@briankrebs one ☝️ question… who are the people in your address book?🥹

Iaη

@briankrebs I think it says more about you, and the networks you choose to join.
Never join centralised networks and help promote their lock in, and monopolies. Where they can do what they like because "people can't leave or they'll be cut off".
Never follow the crowd because they had to follow someone else or be excluded.
Stick to decentralised networks and do less harm.

Codey McCodeFace

@briankrebs @theropologist Me (stabbing my old college roommate) “Wow, did I pick the wrong server!”

AuntieTifa

@briankrebs it ain't the bird app 4 sure, takes awhile to adjust when you have Twitter PTSD.

Eshwar Nag

@briankrebs Nilay Patel on the Vergecast said that he doesn’t consider Mastodon as a social network like Twitter. He says it’s more like Wordpress for micro blogging but interface is built like Twitter but the system and larger setup is not.

Analog AI

@briankrebs And I could not make the IT security people at a company I used to work for believe that there was a security problem that LinkedIn was asking for permission to harvest contact information from my Corporate account -- information that clearly other people in the company were giving them ...

Stefan Brenner

@briankrebs MySpace never asked me for my address book. 🤷‍♂️

Ted Jackson

@briankrebs
I'm still waiting on my 30 pieces of silver from Herr Zuckerberg.

Michael

@briankrebs Take note, LinkedIn! Jeez, those people were TIRELESS in trying to get into my address book. Lousy grifters. A worthless piece of software.

Theo Salvo

@briankrebs Mastodon’s first message:

“We’ve been trying to reach you about your car’s extended warranty…”

#joke

Evan Holt

@briankrebs @chad It’s funny you should say that. I just installed Artifact (from the original creators of Instagram) which curates news articles that it thinks you will enjoy reading. So far so good… up until yesterday when out of the blue it asked me for my address book *sigh*.

ṫẎℭỚ◎ᾔ ṫ◎ℳ

@briankrebs At least didn't immediately get betrayed by Medical Group Inc👨‍⚕️ security breach notification letter I
just got✉️ 📬 🤦 "Ransomware cyber attack" :blob_dizzy_face: Credit monitoring Norton LifeLock offer 1 year meanwhile, SSN, DOB, address, medical info :headdesk: :fire_angry:

According to the Southern California health-care organizations, which include Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical, the security breach happened around December 1, 2022.

Medicine wholesaler AmerisourceBergen has also come under attack from Lorenz ransomware.

The American biz, currently under investigation by the US Department of Justice for allegedly misplacing "hundreds of thousands" of prescription opioids, confirmed a limited breach of its systems on Friday.

"AmerisourceBergen's internal investigation quickly identified that a subsidiary's IT system was compromised," it said. "We immediately engaged the appropriate teams to limit the intrusion, contained the disruption and took precautionary measures to ensure all systems were and are now clear of any intrusions."

"After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data," according to a notice posted on Regal's website and filed with the California Attorney General's office.

The medical outfit said it hired third-party incident responders to assist and worked with security vendors to restore access to its systems and determine what data was impacted.

Judging from the filings with various state and federal agencies, the news wasn't good.

Extortionists stole, among other things, from the medical groups: patients' names, social security numbers, addresses, dates of birth, diagnosis and treatment information, laboratory test results, prescription data, radiology reports, health plan member numbers, and phone numbers.

And according to the US Department of Health and Human Services, which is investigating the database breach, it affected 3,300,638 people.

Further reading:1

As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

This page lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights.

1 U.S. Department of Health and Human Services Office for Civil Rights — Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information, last updated 3 Feb. 2023, ocrportal.hhs.gov/ocr/breach/b

@briankrebs At least didn't immediately get betrayed by Medical Group Inc👨‍⚕️ security breach notification letter I
just got✉️ 📬 🤦 "Ransomware cyber attack" :blob_dizzy_face: Credit monitoring Norton LifeLock offer 1 year meanwhile, SSN, DOB, address, medical info :headdesk: :fire_angry:

According to the Southern California health-care organizations, which include Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical, the security breach happened around...

RolandOfGilead

@briankrebs Brian, please send me the email addresses of all your friends.

There, now we are as good as FB!

IOU A Name

@briankrebs - In other social platforms defense, what's friendship without a little bit of betrayal.

Wait .... this is why people don't invite me to parties, isn't it?

millions :spinny_cat_bi:

@briankrebs first app* I swear I could download a bible app and it could ask me to suggest it to my contacts

Go Up