Coffeehouse Thread

37 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Dont give Microsoft your phone number

Back to Forum: Coffeehouse
  • User profile image
    swheaties

    I need a hosting service so I've been reading up on Azure.  The service sounds good although the pricing requires a four year degree to understand.   The company I work for is going to roll out some big project on it and they want developers to learn the API so I was pretty incentivized to get started. 

    When I go to the sign up page, I see that giving MS my phone number is required to set up an account.  Really?  Is MS not satisfied they can track every time I turn on my computer, every website I visit, every word I search for, every file on my computer, every email I send and receive.  This company knows more about me than girlfriend and family members. And now they want to be able to spam me on the single device that I reserve for communicating with my friends and family.

    The brazen, shameless, intrusion into our personal lives by corporate entities simply has to be stopped.  Its out of control, and has been for a long time.

    Guys please help me help Microsoft.  Don't give them your phone number.

    BTW please don't tell me how MS needs my phone number to contact me if my site goes down, my bill is past due, blah blah blah.  I can see how THE USER might want that as an OPTION, not as a REQUIREMENT.

     

     

  • User profile image
    Ray7

    Unfortunately, lots of services try to gather phone numbers these days. Just give it a fake one. 

  • User profile image
    Jim Young

    Honestly, Microsoft has had every one of my contact channels for years. I opt out of any emails I don't want and they rarely call me.

  • User profile image
    Craig_​Matthews

    Microsoft has every bit of contact information I have and they never call or spam email me. The only things I usually get - now and then -- are emailed invitations to product events where I typically get free products.

  • User profile image
    swheaties

    What if you went to the grocery store and went up to the counter and the clerk said "I'll need your phone number before I can ring you up.  Your receipt will be sent to your phone.".  Would you do it?  How is it any different than what MS is doing with Azure?

    I cant give them a fake number because they text a confirmation code to it.

    For the record MS has been good about not spamming except when I installed windows 8.  Now I get a lot of email for windows store.  I don't want to have to trust them. 

    Also, for spam email I can send it to a junk folder.  When I get a text on my phone I expect it to be from someone I know and I often stop what I'm doing to read it.  When its spam I go berserk.  It is so completely intrusive that some idiot or some company can inject themselves into your daily life like that.

    This is yet another step, and its a big one, down the slippery slope of eradication of personal privacy. 

    Its also another big step toward making our planet a toilet bowl of corporate advertising. I am no longer able to listen to AM radio, nor am I able to watch NFL football or most TV shows because the amount of advertisng is off-the-chart.

  • User profile image
    PaoloM

    I guess you never heard of two factors authentication. Enjoy your reduced security!

  • User profile image
    evildictait​or

    , swheaties wrote

    giving MS my phone number is required to set up an account.  ... And now they want to be able to spam me on the single device that I reserve for communicating with my friends and family.

    The phone number is subject to Azure's privacy policy: http://www.windowsazure.com/en-us/support/legal/privacy-statement/?l=en-us.

    Microsoft doesn't sell your phone number on to third parties, and doesn't use your phone number commercially.

    The reason they ask for it is because they need to turn over the information to the FBI in the case where you set up a fake hotmail account, pay for the Azure account through a stolen credit card and then use the Azure account through TOR to set up illegal websites such as exploit websites. So the legal advice to the Azure team was to require a second physical medium that they can pass over to law enforcement in the event that the website is conducting illegal activity.

  • User profile image
    swheaties

    evildictator, this is a paste from the link you provided:

    "Additionally, with your permission, we may contact you via phone or email to provide you with promotional offers regarding Microsoft Online Services. You may change your contact preferences in the account management portal."

     

    So, buried somewhere in the portal, is some option that I have to find that says stop harassing me.

    And with every change I make I'm sure I'm "opting in" to more harassment.

    I don't want to have to trust them.  They don't need my phone number.  They have my bank account number for Christ sakes. From there the can get my home address  If I was a criminal I would spend twenty bucks and get a monthly throw away phone.  My phone number is just another way for them to spam me.  It is another piece of information about me that they can sell. 

  • User profile image
    GoddersUK

    @evildictaitor: Which is pretty stupid really given that you could just use an unregistered PAYG sim... Except that makes you a terrorist Perplexed

  • User profile image
    ScottWelker

    @Ray7:

    Just give it a fake one.

    ++

  • User profile image
    ZippyV

    , swheaties wrote

    For the record MS has been good about not spamming except when I installed windows 8.  Now I get a lot of email for windows store.  I don't want to have to trust them.

    Can anyone confirm this? I can't.

  • User profile image
    Dbarselow

    They more than likely have it all ready any how, dont you think?

  • User profile image
    blowdart

    , ScottWelker wrote

    @Ray7:

    *snip*

    ++

    Yea not a good idea; simply because Microsoft Account uses it in password resets. Or for two factor auth. And two factor auth is a good idea.

    Plus, the only thing it's used for is clearly stated;

    Complete the SMS challenge required during the purchasing process.  We do not use mobile phone numbers collected during the SMS challenge for any other purpose unless you choose to submit that mobile phone number as part of your contact information.

    You don't have to look for an option to turn it off, you are the one choosing to turn them on.

    And contact information doesn't have phone number as a mandatory field. Oh, AWS does exactly the same thing during signup.

    If you want to check how your profile is configured, you can do so here

  • User profile image
    swheaties

    Clearly you don't understand two factor auth.  How does sending an email to a phone qualify as two factor auth but sending an email to a computer does not.  It could be a phone I've stolen.  It could be a throw away monthly phone.  MS has no way to authenticate either device (if I'm a criminal I will be paying for the phone with a stolen identity). For a device to qualify the authenticator has to have some way of knowing the device is in the hands of the person who is supposed to have it and that the device itself is verified.

    Here is an example of two factor auth. I use two factor auth on a Bloomberg terminal. AFTER verifying my identity, Bloomberg issued me a small device that generates a magic number.  Along with my password, that number is keyed in when I access the Bloomberg terminal.  So Bloomberg is able to authenticate me based on something I know (my password) and an authenticated device that I have (the number generator). 

    Here is another example of two factor auth: Remember MS will want my bank info.  Most likely they will ask me for a number that is printed on the back of my bank card.  That indicates I physically have the card or have seen it.  That is a form two factor auth. 

    Sending an email to device A instead of device B does nothing to verify the identity of the user if the authenticator is unable to verify the authenticity of either device.

    This thread is sidetracked.  My point was and still is that MS does not need my phone number unless I CHOOSE to give it to them, and the least they can do is have a clause in the TOS that says we swear to GOD we wont call you unless its an emergency and we will never give this number to an affiliate (read: whoever pays enough for it).

  • User profile image
    PaoloM

    Expressionless

  • User profile image
    Blue Ink

    , swheaties wrote

    Clearly you don't understand two factor auth.  How does sending an email to a phone qualify as two factor auth but sending an email to a computer does not. 

    *snip*

    Clearly you don't understand two factor auth Wink

    Multi-factor authentication was not designed to verify your identity; its purpose is just that of making it harder to compromise your account (and removing single points of failure). Leaving biometrics aside, it all boils down to mix "something you have" with "something you know", the typical example being an ATM card and a PIN. (the little device you mentioned is just a glorified ATM card, with the added bonus that it allows you to prove ownership online).

    In the case at hand, the password to your email account serves as the "something you know" factor, while your mobile phone (actually, the phone number) serves as the "something you have", so it's a good example of two-factor authentication.

    Things can be less than ideal with smartphones, where it's possible to set up the sensitive email account and leave it unlocked. But since someone cracking your password is a much bigger threat than someone stealing your phone, it's still better than nothing.

  • User profile image
    warren

    Microsoft has had my phone number for a number of years... far back as 2004 at least.... and they've only ever called me for renewing my MSDN or TechNet subscription, or in conjunction with a support request that I initiated.

    *shrug*

    Anyways, you are signing up for a web hosting service.  Them having your phone number could actually work in your favour, in the event that Microsoft detects that your site has been compromised and they need to contact you directly, ASAP.  Plus if it's hosting for your business, well, ummm, isn't it a bit disingenuous to describe their asking for your business's phone number as a "brazen, shameless, intrusion into our personal lives"?

    I mean, come on.... tone down the flaming BS just a little bit there.

     

  • User profile image
    Ray7

    , blowdart wrote

    *snip*

    Yea not a good idea; simply because Microsoft Account uses it in password resets. Or for two factor auth. And two factor auth is a good idea.

    Plus, the only thing it's used for is clearly stated;

    Complete the SMS challenge required during the purchasing process.  We do not use mobile phone numbers collected during the SMS challenge for any other purpose unless you choose to submit that mobile phone number as part of your contact information.

    You don't have to look for an option to turn it off, you are the one choosing to turn them on.

    And contact information doesn't have phone number as a mandatory field. Oh, AWS does exactly the same thing during signup.

    If you want to check how your profile is configured, you can do so here

    But why do they need a phone number for that? Isn't an alternative email address good enough?

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.