Thursday, May 26, 2022

Twitter Agrees to Pay $150 Million FTC Fine for Using Two Factor Authentication as Ruse to Sell Targeted User Data to Advertisers


Two-Factor authentication has always been a platform ruse for gathering data on platform users.  Twitter was just one company amid a large number of on-line platforms who pushed “two factor authentication” as a security measure.  The real motive of TFA was to gain the user cell phone number in order to gain more specific information about the user.

Today multiple media outlets are reporting the FTC and Twitter have agreed to a settlement where Twitter will pay a $150 million settlement for violating user privacy and selling user data.  Twitter collected cell phone and email account information for users under the auspices of user security.  However, Twitter actually planned to use the cell phone and email data to sell a more comprehensive package of user identification to advertisers.

(Reuters) – […] The company will pay $150 million as part of the settlement announced by the Justice Department and the Federal Trade Commission (FTC). In addition to the monetary settlement, the agreement requires Twitter to improve its compliance practices.

The complaint said that the misrepresentations violated the FTC Act and a 2011 settlement with the agency.

“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint said.

[…]  “Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina Khan in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”

The complaint also alleges that Twitter falsely said it complied with the European Union-U.S. and Swiss-U.S. Privacy Shield Frameworks, which bar companies from using data in ways that consumers do not authorize.

Twitter’s settlement follows years of fallout over the privacy practices of tech companies.

Revelations in 2018 that Facebook, the world’s biggest social network, was using phone numbers provided for two-factor authentication to serve ads enraged privacy advocates.

Facebook, now called Meta (FB.O), similarly settled with the FTC over the issue as part of a $5 billion agreement reached in 2019. (read more)

Two Factor Authentication (TfA) and the 5G telecommunications network work hand in glove.

By connecting the registered user id to their cell phone number, advertisers can target platform users with far more granular detail.  3G networks tracked user history to build the user portfolio.  5G networks bridge the space between user identity, cell phone, and geolocation services and apps on cell phones.

Cell phones are registered to people.  The TfA purpose was to identify the actual people behind the registered accounts and then monitor them for enhanced targeting.  The data of the user is monetized and your unique identity is sold to advertisers.

This is one of the reasons CTH does not track anyone, or ask for any data on any user.  We do not monetize users at The Conservative Treehouse, and all of our engagement systems, including the comment system, are built around the principle that user privacy is our number one priority.

Any engagement platform that asks you to enter your cell phone as part of the registration process is going to have the ability to sell your data and user identity to a third party.  It really is that simple.