When I go to the sign up page, I see that giving MS my phone number is required to set up an account.  Really?  Is MS not satisfied they can track every time I turn on my computer, every website I visit, every word I search for, every file on my computer, every email I send and receive.  This company knows more about me than girlfriend and family members. And now they want to be able to spam me on the single device that I reserve for communicating with my friends and family.

The brazen, shameless, intrusion into our personal lives by corporate entities simply has to be stopped.  Its out of control, and has been for a long time.

Guys please help me help Microsoft.  Don't give them your phone number.

BTW please don't tell me how MS needs my phone number to contact me if my site goes down, my bill is past due, blah blah blah.  I can see how THE USER might want that as an OPTION, not as a REQUIREMENT.

I cant give them a fake number because they text a confirmation code to it.

For the record MS has been good about not spamming except when I installed windows 8.  Now I get a lot of email for windows store.  I don't want to have to trust them. 

Also, for spam email I can send it to a junk folder.  When I get a text on my phone I expect it to be from someone I know and I often stop what I'm doing to read it.  When its spam I go berserk.  It is so completely intrusive that some idiot or some company can inject themselves into your daily life like that.

This is yet another step, and its a big one, down the slippery slope of eradication of personal privacy. 

Its also another big step toward making our planet a toilet bowl of corporate advertising. I am no longer able to listen to AM radio, nor am I able to watch NFL football or most TV shows because the amount of advertisng is off-the-chart.

12 hours ago, swheaties wrote

giving MS my phone number is required to set up an account.  ... And now they want to be able to spam me on the single device that I reserve for communicating with my friends and family.

The phone number is subject to Azure's privacy policy: http://www.windowsazure.com/en-us/support/legal/privacy-statement/?l=en-us.

Microsoft doesn't sell your phone number on to third parties, and doesn't use your phone number commercially.

The reason they ask for it is because they need to turn over the information to the FBI in the case where you set up a fake hotmail account, pay for the Azure account through a stolen credit card and then use the Azure account through TOR to set up illegal websites such as exploit websites. So the legal advice to the Azure team was to require a second physical medium that they can pass over to law enforcement in the event that the website is conducting illegal activity.

"Additionally, with your permission, we may contact you via phone or email to provide you with promotional offers regarding Microsoft Online Services. You may change your contact preferences in the account management portal."

So, buried somewhere in the portal, is some option that I have to find that says stop harassing me.

And with every change I make I'm sure I'm "opting in" to more harassment.

I don't want to have to trust them.  They don't need my phone number.  They have my bank account number for Christ sakes. From there the can get my home address  If I was a criminal I would spend twenty bucks and get a monthly throw away phone.  My phone number is just another way for them to spam me.  It is another piece of information about me that they can sell. 

Just give it a fake one.

++

7 hours ago, swheaties wrote

For the record MS has been good about not spamming except when I installed windows 8.  Now I get a lot of email for windows store.  I don't want to have to trust them.

Can anyone confirm this? I can't.

5 hours ago, ScottWelker wrote

@Ray7:

*snip*

++

Yea not a good idea; simply because Microsoft Account uses it in password resets. Or for two factor auth. And two factor auth is a good idea.

Plus, the only thing it's used for is clearly stated;

Complete the SMS challenge required during the purchasing process.  We do not use mobile phone numbers collected during the SMS challenge for any other purpose unless you choose to submit that mobile phone number as part of your contact information.

You don't have to look for an option to turn it off, you are the one choosing to turn them on.

And contact information doesn't have phone number as a mandatory field. Oh, AWS does exactly the same thing during signup.

If you want to check how your profile is configured, you can do so here

Here is an example of two factor auth. I use two factor auth on a Bloomberg terminal. AFTER verifying my identity, Bloomberg issued me a small device that generates a magic number.  Along with my password, that number is keyed in when I access the Bloomberg terminal.  So Bloomberg is able to authenticate me based on something I know (my password) and an authenticated device that I have (the number generator). 

Here is another example of two factor auth: Remember MS will want my bank info.  Most likely they will ask me for a number that is printed on the back of my bank card.  That indicates I physically have the card or have seen it.  That is a form two factor auth. 

Sending an email to device A instead of device B does nothing to verify the identity of the user if the authenticator is unable to verify the authenticity of either device.

This thread is sidetracked.  My point was and still is that MS does not need my phone number unless I CHOOSE to give it to them, and the least they can do is have a clause in the TOS that says we swear to GOD we wont call you unless its an emergency and we will never give this number to an affiliate (read: whoever pays enough for it).

15 minutes ago, swheaties wrote

Clearly you don't understand two factor auth.  How does sending an email to a phone qualify as two factor auth but sending an email to a computer does not. 

*snip*

Clearly you don't understand two factor auth

Multi-factor authentication was not designed to verify your identity; its purpose is just that of making it harder to compromise your account (and removing single points of failure). Leaving biometrics aside, it all boils down to mix "something you have" with "something you know", the typical example being an ATM card and a PIN. (the little device you mentioned is just a glorified ATM card, with the added bonus that it allows you to prove ownership online).

In the case at hand, the password to your email account serves as the "something you know" factor, while your mobile phone (actually, the phone number) serves as the "something you have", so it's a good example of two-factor authentication.

Things can be less than ideal with smartphones, where it's possible to set up the sensitive email account and leave it unlocked. But since someone cracking your password is a much bigger threat than someone stealing your phone, it's still better than nothing.

*shrug*

Anyways, you are signing up for a web hosting service.  Them having your phone number could actually work in your favour, in the event that Microsoft detects that your site has been compromised and they need to contact you directly, ASAP.  Plus if it's hosting for your business, well, ummm, isn't it a bit disingenuous to describe their asking for your business's phone number as a "brazen, shameless, intrusion into our personal lives"?

I mean, come on.... tone down the flaming BS just a little bit there.

4 hours ago, blowdart wrote

*snip*

Yea not a good idea; simply because Microsoft Account uses it in password resets. Or for two factor auth. And two factor auth is a good idea.

Plus, the only thing it's used for is clearly stated;

Complete the SMS challenge required during the purchasing process.  We do not use mobile phone numbers collected during the SMS challenge for any other purpose unless you choose to submit that mobile phone number as part of your contact information.

You don't have to look for an option to turn it off, you are the one choosing to turn them on.

And contact information doesn't have phone number as a mandatory field. Oh, AWS does exactly the same thing during signup.

If you want to check how your profile is configured, you can do so here

But why do they need a phone number for that? Isn't an alternative email address good enough?

40 seconds ago, Ray7 wrote

But why do they need a phone number for that? Isn't an alternative email address good enough?

In my view? (And I emphasis MY view) No. People carry their phones. It's a central point. Email addresses are too easily hijacked, read in multiple places and so on. Of course I'd prefer a secure ID myself, or a yubi key (maybe google authenticator at a push, but that's just a soft token, so do it properly with a soft SecureID then), but SMS is ubiquitous. My bank does it, Paypal does it, I have all MS billing transactions set up to do it.

20 hours ago, GoddersUK wrote

@evildictaitor: Which is pretty stupid really given that you could just use an unregistered PAYG sim... Except that makes you a terrorist

It ups the barrier, and that's what matters. Microsoft doesn't need to prevent bad people from mis-using Azure, they just need to take reasonable action to prevent it from happening.

Then I guess one possible solution (if you don't want to hand out your phone number) is to get a YAC number and use that.

13 hours ago, warren wrote

...they've only ever called me for renewing my MSDN or TechNet subscription

*shrug*

Same here but I don't want to be called. Phone calls are interrupts. Send me an email and I'll get to it on my time. Just a personal preference. Only a select few get to interrupt me... like my wife

I will NOT give you my phone number. It's personal and none of your business.

( Edit: Ok, I'll sometimes give it out but very very selectively. )

18 hours ago, blowdart wrote

*snip*

If you want to check how your profile is configured, you can do so here

Thanks! Some of my info was very dated. Nice and clean now

51 minutes ago, Craig_​Matthews wrote

Being able to read my email in multiple places makes my email address less capable of being a good contact point? You're right in that I always carry my phone. It receives my email.

Yes. You can only get SMSs from a single device. It's "something you have", not something you could have left logged in at an Internet cafe, or had the password sniffed when connecting via WIFI at Starbucks.

It's not used as a contact point. We don't ring you up for a chat.

Firstly I'm not a MS hater that is just finding fault.  I like what I know about Azure. When I went to sign up I had my wallet on my desk I was ready to fork over some bucks.  I am a MS developer. I want to learn Azure.  I want to use it. 

The flatulence about two factor auth is a red herring and not the subject of this thread.  A phone is not any more of a security device than a laptop or a desktop or a wristwatch or an abacus.   BTW please note that MS can, and does, obtain hardware ID's and various software ID's from computers and phones.  This is only one of dozens of reasons why MS does not need to REQUIRE your phone number.

Again - MS does not need to require you to give them your phone number. And, furthermore, if you choose to give it to them you should be protected by TOS which gives you ironclad protection against misuse or third party disclosure.  Its not rocket science guys.

Several have mentioned that MS has been good about not spamming.  Generally, I agree.  However: Don't expect that in the future.  I got so much spam for windows store that I had to take time to "opt out".  Do you think I ever "opted in?"  Seriously?  Did I unsubscribe from every affiliate that bought my info? Probably not. 

You don't know what you don't know.  Remember that MS has the "affiliate" clause which means they can sell your info to whoever wants to buy it.  So you may have been spammed by an affiliate and not known they got your info from MS.

Finally, if your phone is like mine you dont have a junk box for spam sms messages. And if the big players get their way, you never will.  Your phone is going to become a toilet for spammers and it is going to become as useless as that hotmail account you never use anymore........because you get so much spam that its impossible to use. 

Its not going to happen overnight.  It begins with small baby steps, just like what you see with Azure. 

Next, you will need to give MS your phone number to use msdn.

Then windows support forums.

Then windows update. 

Next you will see messages on your phone to the effect "The icon for notepad has been updated!!!!" 

Later you will see "The icon for notepad has been updated!!!  Refinance your mortgage now...yada"

I mention MS in this post, but Google is equally guilty of intrusion, if not more so. Everything I've said applies to them also. 

THINK PEOPLE!!!!!

11 hours ago, swheaties wrote

The flatulence about two factor auth is a red herring and not the subject of this thread.  A phone is not any more of a security device than a laptop or a desktop or a wristwatch or an abacus.   BTW please note that MS can, and does, obtain hardware ID's and various software ID's from computers and phones.  This is only one of dozens of reasons why MS does not need to REQUIRE your phone number.

It was explained, fairly nicely, how SMS is better here. If you don't agree you have to address that, not just say that two factor auth is a red herring. BTW, hardware ID's and other such metadata aren't going to make for "good" solutions to the "something you have" argument about e-mail. Actually, it won't make for any kind of solution here.

11 hours ago, swheaties wrote

Again - MS does not need to require you to give them your phone number. And, furthermore, if you choose to give it to them you should be protected by TOS which gives you ironclad protection against misuse or third party disclosure.  Its not rocket science guys.

It was already pointed out that the TOS does give you ironclad protection here. Like you say, it's not rocket science.

Honestly, very few things for which I get billed don't require both an address and a phone number, so I don't get the concern here. If a free service required my phone number I'd have to consider, but Azure isn't that. BTW, I have been asked for my phone number when purchasing something in a store on more than one occasion, so that little analogy you made earlier is more real than you seem to realize.

12 hours ago, swheaties wrote

The flatulence about two factor auth is a red herring and not the subject of this thread.  A phone is not any more of a security device than a laptop or a desktop or a wristwatch or an abacus.   BTW please note that MS can, and does, obtain hardware ID's and various software ID's from computers and phones.  This is only one of dozens of reasons why MS does not need to REQUIRE your phone number.

In azure's case it's not about two-factor auth. It's about making it harder to pay for Azure accounts using stolen credit cards.

This is from the TOS link posted earlier in this thread:

• Additionally, with your permission, we may contact you via phone or email to provide you with promotional offers regarding Microsoft Online Services. You may change your contact preferences in the account management portal.

>>>BTW, I have been asked for my phone number when purchasing something in a store on more than one occasion, so that little analogy you made earlier is more real than you seem to realize

Indeed.  Would you continue to shop at that store if they required your phone number?  Interesting story:  There is a grocery store chain here in So. CA (Albertsons) that was doing very well until a few years ago when they switched to a pricing model that required customers to swipe a store ID card in order to receive discounts.  I immediately stopped buying there.  They recently closed about half their stores.  Now, I am not 100% certain the ID cards where the only contributor to their downfall, or even a primary contributor.  But their stores got really empty really fast right after they started doing that. 

32 minutes ago, evildictait​or wrote

*snip*

In azure's case it's not about two-factor auth. It's about making it harder to pay for Azure accounts using stolen credit cards.

An aside: would you like two-factor auth on the azure portal?

36 minutes ago, swheaties wrote

@wkempf: 

This is from the TOS link posted earlier in this thread:

• Additionally, with your permission, we may contact you via phone or email to provide you with promotional offers regarding Microsoft Online Services. You may change your contact preferences in the account management portal.

First, what I quoted was a rant about selling this information to third parties, and you conveniently left out the part where that's explicitly called out as something they won't do. Second, "misuse" is something you've not defined, but what ever it is, you have the option, spelled out in the TOS, to prevent whatever it is. So, no matter how much you dislike things here, you're rant about the TOS is simply wrong. The TOS "gives you ironclad protection against misuse or third party disclosure".

36 minutes ago, swheaties wrote

@wkempf: 

Indeed.  Would you continue to shop at that store if they required your phone number?  Interesting story:  There is a grocery store chain here in So. CA (Albertsons) that was doing very well until a few years ago when they switched to a pricing model that required customers to swipe a store ID card in order to receive discounts.  I immediately stopped buying there.  They recently closed about half their stores.  Now, I am not 100% certain the ID cards where the only contributor to their downfall, or even a primary contributor.  But their stores got really empty really fast right after they started doing that. 

I did, and I do. BTW, Albertson's is alive and kicking in my area. Further, most grocery stores here have the same "member card" savings policies. None of them are hurting for customers. By all means, if you don't like the terms, vote with your wallet. However, you're going to find yourself in a minority on this subject.

>>It was explained, fairly nicely, how SMS is better here. If you don't agree you have to address that, not just say that two factor auth is a red herring.

Fair enough.  The false dilemma is more easily seen if the argument is stated like this:

"We cannot guarantee the safety of your data unless you give us your phone number"

"We cannot be certain of your identity unless you give us your phone number"

Are either of those statements true?  Of course not!!  I'm not making an argument against security.  Hooray for security already.  I'm just saying that your phone number is not a requirement for your data to be secure or your identity to be confirmed.

At this point, there's not much more to be said to you. You don't like giving out your phone number. Fair enough. Don't. Don't expect anyone else to have the same issue here that you do. More importantly, don't make claims that are simply false while trying to convince other's to agree with you.

2 hours ago, swheaties wrote

I'm just saying that your phone number is not a requirement for your data to be secure or your identity to be confirmed.

Microsoft is not confirming your identity via your phone number. It is collecting information that is required by the payment company in return for being exempt from charges in the event that a payment is made using a stolen credit card.

It's standard practice when a large company takes large numbers of online payments in return for fungible goods or services that are not delivered to an address. Paypal uses the ~10c deposit into your account, Microsoft sends an SMS message to a phone that you control.