thank goodness for this guy. I thought I was the ONLY PERSON IN THE UNIVERSE that noticed that all the companies were suddenly trying to get your phone number and NOBODY CARES. This guy gets it. This guy is my spirit animal.
This is one of the many things that bugs me about Google 2FA (including with paid Workspace). You MUST use a phone number for initial 2FA setup. Sure, you can setup Authenticator-based 2FA after the fact, but now they have your phone number. And I don’t trust that they delete the record of your number from their system if you remove it as a 2FA option later.
If you provide a burner phone number on a de-Googled Android phone, I don't see how this would be a great issue. A de-Googled phone cannot be location-tracked by Google - so they don't know where you are at any moment in time. Plus if the burner phone number is known only to you and does not appear against your identity in anyone else's online contacts, then how does Google get your true ID from it anyway? Sure, I'm not denying that phone-based 2FA is a scam, but specifically for this one-time authentication, I don't see that it's a great issue with a de-Googled burner phone.
@webwabo16you can use Authenticator as the FIRST method you set up? Is it only Google Authenticator? I use an alternate authenticator method, maybe that’s my issue?
More and more online services are asking straight up phone numbers now instead of an email. I'm not interested in giving anyone my phone numbers it only leads to more unsollicited robotcalls.
One saying in life that is so true. There is no free lunch. Everybody thinks all this is free and for me when they are the product and the digital cage is closing.
exactly! they want people to use their phones as much as possible. because it is way better to track you and everything you are doing. you will have never such control over your phone as you can have over your pc...
That's the number one reason and we've gotten to the point where you can't function very well in everyday life without a smartphone. My sister and brother-in-law who have shunned smartphones (they are mid-70s) are finally breaking down to get one after going to a restaurant the other night and finding out that they could not park at l the place without having a smartphone to shoot a QR code. They also travel and have found it increasingly difficult to get thru airports without a smartphone.
@@nosac1230 Along with the cost reductions that often accompany not having to have employees managing so many things manually, it seems like non-smartphone options should still be available---for a 30% - 50% luddite premium that reimburses businesses for the expense of handling them. Even then, though, KYC is the law for financial institutions, so if someone wants to have access accordingly without having to go to the branch every time, they can either play by the rules or call it all a scam and continue with the inconveniences but also with the costs involved.
Rob, thank you for all you do for us. You have taught me so much about privacy. I appreciate you so much. I also use your email, sms and vpn service. Thanks again Rob!
I hate 2FA, I don't have stable phone numbers so I've lost and almost lost a lot of accounts to it. I refuse to use it and will never use a service that requires it.
Literally everything you described is what I've been narrating to family, friends and on internet forums for a while now, and why I avoid 2FA by SMS by all means. Thanks for creating this detailed explanatory video about it.
Two-Factor Authentication is one of the reasons I have been distancing myself from everything Google for the last few years. It is security theater at best, an invasion of privacy at worst.
I don't use 2FA on anything, but both Steam and Discord (along with Google) have demanded me to provide a mobile phone number anyway, which is quite aggravating.
To be fair your phone number is only used for your Google account verification. You don't have to use it for 2fa and in fact you can delete from your Google account at any time. Google also allows TOTP 2fa, passkeys, backup codes and over methods of 2fa.
What kind of 2FA are you referring to? SIM based authentication is incredibly insecure, however i wouldn't call it a security theater. Any additional security layer adds some amount of extra protection, because it is an extra think attackers need to bypass. Though authenticator apps i think are a much better option, and physical keys are best. That said, not all accounts need the same level of security. There might be some accounts that one doesn't care about getting breeched, and the inconvenience of an added security layer is not worth it...
@@sigma_X_infj I'd assume it's a balancing act between security and practicality. Further, I've been sensing that a lot of threat models employed by companies treat phones as a trusted device. Granted, they do require biometric verification, which adds a layer of protection in case someone snatches your phone while you're using it, but yeah... I agree that it should at the bare minimum be an available option for those that want it... And that it's stupid that the option isn't even there. Another piece of stupidity that's quite prevalent is when companies do allow security keys as a second factor auth, but it's treated as an *alternative* to sim based authentication, not as a replacement... -_-
Timestamps 00:00 Preface 02:07 The truth about 2FA 03:26 Pseudo-anonymity 06:23 Are all platforms a threat? 08:47 Credit reporting agency leak 10:25 Contact list leak 12:29 The surveillance database 13:35 An exception: non-KYC phone numbers 15:12 Let's strategize 15:47 Phone #1 - KYC 17:48 Phone #2 - Friends and Family 19:40 Phone #3 - Internet platform 2FA 22:49 What about information from the past 23:37 Summary 24:19 Brax phone
unless you're lucky enough to be sitting on a pile of cash... you're FORCED to participate in all of this BS.. if you don't want to live in the street. I HATE IT HERE
I live in a country that requires 2fa to do banking. It is required for government tax accounts, all accountibg software, its not just social media. We need to be functioning people. @robbraxmantech
Exactly. I live in a country that requires 2da to do all banking, all government accounts like tax or services, all accounting software, etc. Most people cannot spend alot of time and resources to "fight" this.
@@robbraxmantech We have cricket service bought used IPhones 8pro & 12pro on eBay. How much would it cost me to change to your service after I buy your brax phone? I would want your: mobile, email & VPN services. Do I need a de-google phone also I hope not… How do I deal with key loggers?
People used to threaten Radio Shack employees with physical violence when they asked for your phone number. Millennials decided they'd rather give it out to literally anyone who asks and then they wonder why they get so many spam calls.
Funny, I ran into this video. I've had recently, a similar situation. When I try to watch any videos on RUclips, while using my VPN. They won't allow me to watch the video. Claiming, please log in, to make sure you're not a robot? Apparently, we have a lot of robots attempting to watch RUclips videos. But, when I go to Rumble, while using the same VPN, they allow me to watch videos. Coincidence? I think not. Is like you say in this video. Big tech simply wants to ID you, and track your every move. Scary times we live in. But hey, only China and Russia do mass surveillance.
2FA violates the American Disabilities Act because many disabled people do not own or use cell phones or email, there needs to be a class action law suit against companies that are not ADA compliant. it is also a violation to not allow a disabled person to access a website which is what 2FA does. I am disabled, vision impaired and will never own a cell phone and do not use email, I also live in rural area that does not get a cell signal, and is in a wifi deadzone. I have lost access to several websites including online access to my bank account due to 2FA. The other form of 2FA is the unlawful asking of a social security number or part of it or asking birthday or address, which is a violation of PLL laws & constitutional laws. The narcissist that invented 2FA needs to be imprisoned for being a traitor to the U.S. Constitution. Are there any other people on disability that will join with me in contacting the DOJ to file class action law suits?
Sorry, but that's a idiotic reasoning. Forcing removal of 2FA for everyone because that someone don't own a phone or e-mail is just plain stupid. Most people use weak, reused passwords. 2FA is the only thing protecting them from account takeover. Here in Sweden everyone is mandatory to use BankID (2FA) to access their bank online. It not, they need to visit the bank i person. Sorry, but security takes president here. I have a bachelors in digital forensics and information security, so I actually know what I talk about in this area.
@@KennyG944 It is a law that all websites & businesses be ADA compliant, Because so many people are so prideful & ignorant that they discriminate against the disabled.
@miry2510 You are fooled if you think this. There are many alternate solutions that do not include FORCING MOBILE PHONE as an ID. Amazon doesn't force me to do anything for example. They're behaving rationally and obviously they are concerned about security.
Damn if you do and damn if you don’t! There is no hiding from big tech. My take is to do as much as you can to protect your privacy and hope this is enough.
Agree, can't achieve 100% privacy does not mean one must not try, they may have some of my data but at least they won't have a complete picture of me. Better let them have a distorted version of you rather than a complete clone of you.
@@robbraxmantech - I've seen some off-shore text companies which will mirror any US phone number using SS7 so all the texts are seen by an attacker. Crazy stuff.
@@robbraxmantech True and I worked for some companies they restrict phone number as 2FA only if it's corporate owned since it's not possible to transfer but still restricted
What about the "Magic Login Link" scam? If someone gets your email they then have automaic access to any account that uses this scam "security". Not sure if you may have addressed this yet, if so, please direct me to the video !
I have a really cheap phone with a pay as you go real SIM but under a false name. After using this phone to sign up to various sites, i take out the batter and put the phone away, Unlike the USA every other country i have been to does not make you top up your card ever month. I have had a working SIM here in europe with the same 10 euro balance on it for 2 years and it still works.
I always joke with friends that the only American I've ever seen successfully buy a burner with cash and activate it without CC was Jason Bourne, and he was outside the US when he did it 😂
@@fondy44 Really? I've done it many times, simply go to a store that sells prepaid phones and prepaid phone cards, pay cash for them, activate prepaid phone with prepaid phone card. I think you're too dependent on your credit card, I don't even have one, I have a debit card but I don't even take it anywhere I go, I only use it for online shopping.
I bought a new phone on your recommendation. I am sure that it’s great but not 100% sure about all of the benefits. Look forward to finding out. The video was convincing for sure, thank you
Greetings: 2FA is 2 internet as plastic. Both R security and privacy risks. Both segregate and oppress. Repeal the Real ID Act and approve the Payment Choice Act. Thx 4 the share.
I just watched a video on SS7 signaling on cell phones. There they intercepted the 2FA code generated, and the phone that it was supposed to be sent to have no information it had been sent. End result, a hacker can get into one of your services, have a 2FA generated, fully access and tamper with your account and you will have no idea it has happened until you find the account emptied of money. 2FA does not give secure security.
I had no idea of the level of my ignorance!! Thank you for teaching us in ways I can (usually😉) understand. It's super appreciated!!!! I'm interested in your phones, but not tech savy. Please keep up your wonderful explanations and maybe will you do some videos of you using the Brax phone (s)?
My employer says in their employee fine print, “we will not give your private information to third parties unless they pay us.” No minimum amount nor currency unit is specified. Go figure.
This will only work temporarily until they identify your service is a VoIP line and then they get banned/blacklisted as not being real phone lines. That's what has happened with a lot of these providers...only a matter of time, and unless you want to keep jumping ship every couple of months/years - the effort is futile unless you have endless cash to throw at this problem and time to manage all of this. I use to use privacy for virtual cards, and eventually my bank caught on and banned those as well. What am I suppose to do, change banks every year? It's getting ridiculous to protect your own data/info out here.
My biggest issue with phone 2FA is that, when I'm travelling in another country with a SIM card for that country, my US phone doesn't work so I can not receive the text messages.
I love that it takes about 20 minutes just to log into your bank account. They send a code to your email. Now you have to 2 factor authenticate your ID just to get into your email... so you can log into your 2FA bank account! What could go wrong??
What's crazy is I recently got a new pixel and degoogled it (formerly iPhone user) and the next month my car insurance went down $50/month with progressive insurance (which is the cheapest its ever been... I drive really fast often. I never had any location services enabled nor had the snapshot thing and also had bluelink deactivated on the car since I got it. Wonder if apple was selling my location data with them? I had even had all the 3rd party apps background location off too. What a strange coincidence.... My insurance kept going up before I degoogled. Anyone else have the same experience?
The problem is that most people dont care that they are being tracked. Even if people just cared about this matter, we could make a difference and push back on these companies taking away our freedoms.
This is simular way I use my email. 1 for family & friends, another for JUST business such as banking and the 3rd is others and that 3rd one gets deleted as needed.
This idea of phone number isolation seems like an awesome tool to fight the creeping privacy threats posed by various entities. I love the idea of having a no KYC number and only using that for pseudo anonymous websites. I'm a little bit murky though on what it accomplishes to have different phone numbers for strong kyc institutions like banks and for your friends and family since they will both know your real identity anyway. You talked about about this at a couple points in the video eg 8:04 and18:50 with regards to leaks to credit reporting agencies but I'm still not sure what the danger is since the only parties that could tap into this would already be those that also know your real identity. Could you please clarify? Thanks in advance.
Not true about credit reports. Big tech may access credit reports. And don't forget existing leaks like the Equifax leak that's already out there. I talked about that in detail in the video
@@robbraxmantech/videos Thanks again for responding. Yes, I remember well you explaining about the equifax leak and I even made a mental note of it as an example to convince "normies" of our philosophy lol. But I was thinking that leak was in 2017 so I didn't know how it could affect us going forward. You know what would really crystalize the point? If you could provide an example of what information which party would get if you combined numbers 1 and 2 that they wouldn't get if you kept them separate. That would really drive it home.
Where i'm from, you can get SIM cards without subscription, personal identification or anything like that. You can just grab one and pay cash. Since you're not sending anything from it, it won't cost almost anything to keep. You could top it off with 5$ cash every year or half year just to keep it alive and receiving, with cash, from some sort of automated boots where you feed the cash and you transfer the credit to that phone number. Maybe i explained poorly, non native speaker, but you understand
Also another big question, I do not have a post history on twitter. I'm wondering since I am a public person advertising with my name, should I use a alias handle and not my real name and email for Twitter
For logins to sites that do banking, investment, finance or payment processors, knowing your real contact info is legit. I agree that having a 2nd number for banking only if you have the money to invest in this,
23:41 - you recommend a sim card # for financial institutions(phone 1), but then say to have no kyc line for any 2FA (phone 3). What if our financial banks require a 2FA to log into our accounts? Do we go for a sim card # or a 'no kyc line'??🤔
Thanks for the breakdown! A bit off-topic, but I wanted to ask: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
Like most people, I find 2FA a bit annoying at times. And think customer should be given the option of turning it on in the first place, and not have it turned on automatically.
I stay away from 2FA for a simple reason. When I travel and my phone gets lost or the SIM card fails I can't get a SIM replacement. Now I can't access anything that requires 2FA.
It's what they say, sure. What they don't say is that they LOVE phone numbers for advertising reasons... they can link your activities with your phone number and for most people that might as well be an SSN. They'll never say the second part.
If you get a carrier service, even if you only use it for banking, it will not hide you. Your PII will be associated with the number and thinking it’s private from hackers is not a good assumption. Also, if you use an application that accepts VOIP then please understand that VOIP can be spoofed which means your application cannot guarantee you are secure. A hacker can spoof a mobile number as well, but the banks will not accept VOIP so you’re more secure. Any application like a bank where they insure your assets will require regular mobile for this reason and reject VOIP.
I MUST use 2FA for business...quickbooks for accounting requires it. Banking requires in from all the major banks in my country, .It's not about choosing to fight back, its a matter of literal being a functional person now. Many banks have limited hours, and require you to do online banking.
The other problem with 2FA is that increasingly, they don't accept VOIP or eSim thereby "forcing" people to purchase a sim-based phone plan just to have access to their bank account.
Rob, have you spoken on the subject of Mimix and the Intel Management Engine burnt in PC mainboards' firmware? Just learned of it. Apparently been around since 2009, and it renders all attempts to bypass it useless at the hardware level.
@@robbraxmantech ...thx. I suppose, though, individuals reactions would be proportional to their perception of "state agencies" levels of intrusion of the common user. Namely, in the year since this video posting, my suspicions over the extent of government intrusiveness has been largely confirmed.
I love when people complain about Facebook then have a Facebook account! 🤣🤣🤣 I've never had a FB account and stay in contact with friends and family and conduct business just fine! If you don't want to get Zucked, don't bend over for Big Tech!!
Wanna say: I'm a none phone users (for complicated health reason / metal) so i cant use phones and this locks me out of so many things. including monetizing my channel. but no one cares kicker is, under the laws in my country (UK) as my condition is medically registered and the lack of phone possession is a direct issue arising from a disability, covered by law and equal access act, e.g. RUclips is braking UK equality law... so, doesn't matter cus no one will fight on my behalf and RUclips don care (2 years asking them)
Not all Winblows PCs. I use XP so I don't have to worry about their invasions. I plan to upgrade to Linux if I can ever afford to upgrade to a newer computer.
This is all so overwhelming, my throat is tightening up and I have this sense of impending doom. We're all screwed... There's just no way around it is there
This just happened to me with FB. They wanted my mobile number. I gave them a proxy number. Now, they want facial recognition with a 180 degree view of my face. I'm not doing that. F them.
😳 Google is really fond of it 😄 & I make it a point to ignore them in an attempt to escape them . I am definitely degoogling my life! Platforms also scan devices when id not a bot. & Fir the same purpose as 2FA.
@@chrimony exactly. Session is better but they don't allow much customizing of disappearing messages. Signal wants a number but they have a clear track record of not storing info when asked by gov.
@@teru797 no, they don't have such "track record", the opposite is true - Tucker have said it - some agencies knew he was going to make a Putin interview exactly by his Signal account some years ago, and this is how his first attempt to make the interview was intentionally sabotaged by the US Gov. On the other hand - the CEO of Telegram is under arrest and not the CEO of Signal. I wonder why.... I guess it's hard to comprehend :)
@@robbraxmantech Thank U very much! I tic the link you kindly provided so I now have to sign up to BUY? Rather than L@@K first to see if I do actually want to signup??? Well again thank you very much for your share of the link! Pleas stay GREAT!
Brad virtual phone sounds like a great idea. I’d love to know how competitive the pricing is vs Magicjack and whether the SMS and tone dial actually work consistently unlike Magicjack.
As much as I agree that it makes sense, I don't think many people are willing to drop using all services that require a non-virtual mobile number. It's making a difficult "demand"/suggestion to them amongst an already extremely small portion of the population (I'm guessing like 1-5%; currently probably closer to the 1%), and would lose even more of them there.
I am curious about the Google option that will bypass the need for a non-VIOP phone number. The last time I created a Google account, I was forced to provide a phone number and it would not accept a VOIP number. There was no way around it that I could find. Would love a follow up video that shows exactly how to do this.
Useless annoyance, though enforced legally in other services like e.g. banks. I get that if that was one of option in state run OpenID equivalent. Another problem is that it increases stack of services which NEED TO WORK to proceed with authantication. If anything in chain breaks - you are out of luck. On the other hand, bogous VPNs or things advertised here suffer from the same issue - introducting another layer.
I have been trying for weeks to make an email account without giving my phone number. Cant figure out how. Even proton mail let me make an account but not use it for 2FA without giving my number. All i can think to do is get a burner phone
Seems this strategy needs some more distilling. The things we need are not quite in place. Laying it out even more simple like an action list and really reviewing how to accomplish each step and why.
KFC - Kentucky Fried Computer. I heard to use a yahoo email as a secondary reference/backup because they don't 2fa it's own service. If you break or lose your phone, bonding two gmails can create a circular security fail when it tries to identify you. At least you can log in to yahoo and start recovery. It's worth finding backup emails that don't demand 2FA or your first born.
I always thought these small outfits sell your number to google. I use a pay as you go sim card for phone registrations that I don't trust. In Canada there is Speakout for 25/year. Maybe there is a voip service that works with 2fa as well, but not mine.
Never provide a phone number to an entity that you would not trust as KYC financial/government. Every phone line effectively becomes a KYC line as soon as you share it to multiple parties, who continually share the pairing of your name + phone nbr. Data brokers have this solved. Co-operation from a phone company is irrelevant, other than very slightly increasing the certainty of the match.
i never submit to this. it is very concerning. and as you said, security is not real reason. it even doesn't make sense! they tell you that because of security you should confirm that's you. like my older google account. but how they can identify me, when i never gave them my number and no number is connected with that account?! it is ridiculous lie. i had same problems with instagram, which i almost don't use. same with twitch. they are pushing to get your number too. btw twitch has ugliest gui i can imagine...
thank goodness for this guy. I thought I was the ONLY PERSON IN THE UNIVERSE that noticed that all the companies were suddenly trying to get your phone number and NOBODY CARES. This guy gets it. This guy is my spirit animal.
I don't like that all my friends shared my phone number with Facebook when they agreed to access the contacts
I second this! All these steps just to log in, AND the hackers still get our info.
This is one of the many things that bugs me about Google 2FA (including with paid Workspace). You MUST use a phone number for initial 2FA setup. Sure, you can setup Authenticator-based 2FA after the fact, but now they have your phone number. And I don’t trust that they delete the record of your number from their system if you remove it as a 2FA option later.
I didn't know that. Fortunately for me, I've changed numbers several times since. My old strategy was changing a secondary SIM card every 6 months
If you provide a burner phone number on a de-Googled Android phone, I don't see how this would be a great issue.
A de-Googled phone cannot be location-tracked by Google - so they don't know where you are at any moment in time. Plus if the burner phone number is known only to you and does not appear against your identity in anyone else's online contacts, then how does Google get your true ID from it anyway?
Sure, I'm not denying that phone-based 2FA is a scam, but specifically for this one-time authentication, I don't see that it's a great issue with a de-Googled burner phone.
@@robbraxmantech when you change your phone number, do the phone companies keep track of your old numbers? I assume they do but maybe not forever?
@@terrydaktyllus1320Google is very picky on the numbers they accept for 2FA. Most burner numbers won't be accepted
@webwabo16you can use Authenticator as the FIRST method you set up? Is it only Google Authenticator? I use an alternate authenticator method, maybe that’s my issue?
More and more online services are asking straight up phone numbers now instead of an email. I'm not interested in giving anyone my phone numbers it only leads to more unsollicited robotcalls.
Its all a scam to force smartphone use as well.
One saying in life that is so true. There is no free lunch. Everybody thinks all this is free and for me when they are the product and the digital cage is closing.
exactly! they want people to use their phones as much as possible. because it is way better to track you and everything you are doing. you will have never such control over your phone as you can have over your pc...
That's the number one reason and we've gotten to the point where you can't function very well in everyday life without a smartphone.
My sister and brother-in-law who have shunned smartphones (they are mid-70s) are finally breaking down to get one after going to a restaurant the other night and finding out that they could not park at l the place without having a smartphone to shoot a QR code. They also travel and have found it increasingly difficult to get thru airports without a smartphone.
@@nosac1230 Along with the cost reductions that often accompany not having to have employees managing so many things manually, it seems like non-smartphone options should still be available---for a 30% - 50% luddite premium that reimburses businesses for the expense of handling them. Even then, though, KYC is the law for financial institutions, so if someone wants to have access accordingly without having to go to the branch every time, they can either play by the rules or call it all a scam and continue with the inconveniences but also with the costs involved.
I THINK I WANT TO MOVE TO A AMISH COMMUNITY.
"Equifax hacked", good one! Don't you mean sold our info? Let's be real.
To be real, when a company sells information, it knows its customer. When a company is hacked, it doesn’t.
Rob, thank you for all you do for us. You have taught me so much about privacy. I appreciate you so much. I also use your email, sms and vpn service. Thanks again Rob!
I hate 2FA, I don't have stable phone numbers so I've lost and almost lost a lot of accounts to it. I refuse to use it and will never use a service that requires it.
Rob Braxman's virtual phone (the cheapest plan) is perfect if you absolutely must use 2FA.
then complain about it, tell other people, do the best to be as vocal as possible.
Same. I refuse to use any services that require it
I lived in a house with no cellular coverage. To login with 2FA from there, I'd have to drive up the road to get the text, and hurry back.
@@Wolfe2x7 I don't have a cellbone.
Literally everything you described is what I've been narrating to family, friends and on internet forums for a while now, and why I avoid 2FA by SMS by all means. Thanks for creating this detailed explanatory video about it.
Two-Factor Authentication is one of the reasons I have been distancing myself from everything Google for the last few years. It is security theater at best, an invasion of privacy at worst.
I don't use 2FA on anything, but both Steam and Discord (along with Google) have demanded me to provide a mobile phone number anyway, which is quite aggravating.
To be fair your phone number is only used for your Google account verification. You don't have to use it for 2fa and in fact you can delete from your Google account at any time. Google also allows TOTP 2fa, passkeys, backup codes and over methods of 2fa.
I think this comment proves that you have a Google Account though ;)
What kind of 2FA are you referring to? SIM based authentication is incredibly insecure, however i wouldn't call it a security theater. Any additional security layer adds some amount of extra protection, because it is an extra think attackers need to bypass. Though authenticator apps i think are a much better option, and physical keys are best.
That said, not all accounts need the same level of security. There might be some accounts that one doesn't care about getting breeched, and the inconvenience of an added security layer is not worth it...
@@sigma_X_infj I'd assume it's a balancing act between security and practicality. Further, I've been sensing that a lot of threat models employed by companies treat phones as a trusted device. Granted, they do require biometric verification, which adds a layer of protection in case someone snatches your phone while you're using it, but yeah... I agree that it should at the bare minimum be an available option for those that want it... And that it's stupid that the option isn't even there.
Another piece of stupidity that's quite prevalent is when companies do allow security keys as a second factor auth, but it's treated as an *alternative* to sim based authentication, not as a replacement... -_-
It seems that no matter which way we turn, we are totally Zucked!😂
I just gave you techniques to unzuck yourselves
Timestamps
00:00 Preface
02:07 The truth about 2FA
03:26 Pseudo-anonymity
06:23 Are all platforms a threat?
08:47 Credit reporting agency leak
10:25 Contact list leak
12:29 The surveillance database
13:35 An exception: non-KYC phone numbers
15:12 Let's strategize
15:47 Phone #1 - KYC
17:48 Phone #2 - Friends and Family
19:40 Phone #3 - Internet platform 2FA
22:49 What about information from the past
23:37 Summary
24:19 Brax phone
unless you're lucky enough to be sitting on a pile of cash... you're FORCED to participate in all of this BS.. if you don't want to live in the street. I HATE IT HERE
This solution is not expensive. It could be cheaper than your current line
I live in a country that requires 2fa to do banking. It is required for government tax accounts, all accountibg software, its not just social media. We need to be functioning people. @robbraxmantech
Exactly. I live in a country that requires 2da to do all banking, all government accounts like tax or services, all accounting software, etc. Most people cannot spend alot of time and resources to "fight" this.
@@robbraxmantech Yes, but it involves the company actually doing the right thing.
@@robbraxmantech We have cricket service bought used IPhones 8pro & 12pro on eBay. How much would it cost me to change to your service after I buy your brax phone? I would want your: mobile, email & VPN services. Do I need a de-google phone also I hope not…
How do I deal with key loggers?
This is great and eye opening information.
Thanks as always Rob!
People used to threaten Radio Shack employees with physical violence when they asked for your phone number. Millennials decided they'd rather give it out to literally anyone who asks and then they wonder why they get so many spam calls.
*** WARNING *** Facebook now requires a photo that they use for biometric identification.
Zuck Facebook!
Oh that's ultimate zucking of the population right there
You got Zucked!! lol
If this is true, I will cancel Facebook. Zuck them!
@@markfanny599 Try opening a new account and see for yourself what they ask for.
Funny, I ran into this video. I've had recently, a similar situation. When I try to watch any videos on RUclips, while using my VPN. They won't allow me to watch the video. Claiming, please log in, to make sure you're not a robot? Apparently, we have a lot of robots attempting to watch RUclips videos. But, when I go to Rumble, while using the same VPN, they allow me to watch videos. Coincidence? I think not. Is like you say in this video. Big tech simply wants to ID you, and track your every move. Scary times we live in. But hey, only China and Russia do mass surveillance.
2FA violates the American Disabilities Act because many disabled people do not own or use cell phones or email, there needs to be a class action law suit against companies that are not ADA compliant. it is also a violation to not allow a disabled person to access a website which is what 2FA does. I am disabled, vision impaired and will never own a cell phone and do not use email, I also live in rural area that does not get a cell signal, and is in a wifi deadzone. I have lost access to several websites including online access to my bank account due to 2FA. The other form of 2FA is the unlawful asking of a social security number or part of it or asking birthday or address, which is a violation of PLL laws & constitutional laws. The narcissist that invented 2FA needs to be imprisoned for being a traitor to the U.S. Constitution. Are there any other people on disability that will join with me in contacting the DOJ to file class action law suits?
Sorry, but that's a idiotic reasoning. Forcing removal of 2FA for everyone because that someone don't own a phone or e-mail is just plain stupid. Most people use weak, reused passwords. 2FA is the only thing protecting them from account takeover. Here in Sweden everyone is mandatory to use BankID (2FA) to access their bank online. It not, they need to visit the bank i person. Sorry, but security takes president here. I have a bachelors in digital forensics and information security, so I actually know what I talk about in this area.
Also a 1A violation since some religious groups such as the Amish cannot use these technologies.
If a website if made to be handicap accessible, fine. But no one should be forced to make their website ADA compliant.
@@KennyG944 It is a law that all websites & businesses be ADA compliant, Because so many people are so prideful & ignorant that they discriminate against the disabled.
@miry2510 You are fooled if you think this. There are many alternate solutions that do not include FORCING MOBILE PHONE as an ID. Amazon doesn't force me to do anything for example. They're behaving rationally and obviously they are concerned about security.
Damn if you do and damn if you don’t! There is no hiding from big tech. My take is to do as much as you can to protect your privacy and hope this is enough.
Agree, can't achieve 100% privacy does not mean one must not try, they may have some of my data but at least they won't have a complete picture of me. Better let them have a distorted version of you rather than a complete clone of you.
Phone text code is not a security measure. Physical key or time based 2FA
Exactly. It's not even safe since SS7 can be utilized to intercept. And who can control SS7? The Gubmint.
@@robbraxmantech - I've seen some off-shore text companies which will mirror any US phone number using SS7 so all the texts are seen by an attacker. Crazy stuff.
@@robbraxmantech 😂 Gubmint cheese 🧀
@@robbraxmantech True and I worked for some companies they restrict phone number as 2FA only if it's corporate owned since it's not possible to transfer but still restricted
If possible use a passkey. That's bullet proof unless your device itself gets compromised.
What about the "Magic Login Link" scam? If someone gets your email they then have automaic access to any account that uses this scam "security". Not sure if you may have addressed this yet, if so, please direct me to the video !
Great video for explaining the differences!
I have a really cheap phone with a pay as you go real SIM but under a false name. After using this phone to sign up to various sites, i take out the batter and put the phone away, Unlike the USA every other country i have been to does not make you top up your card ever month. I have had a working SIM here in europe with the same 10 euro balance on it for 2 years and it still works.
Why is europe so lax
I always joke with friends that the only American I've ever seen successfully buy a burner with cash and activate it without CC was Jason Bourne, and he was outside the US when he did it 😂
@@fondy44 Really? I've done it many times, simply go to a store that sells prepaid phones and prepaid phone cards, pay cash for them, activate prepaid phone with prepaid phone card. I think you're too dependent on your credit card, I don't even have one, I have a debit card but I don't even take it anywhere I go, I only use it for online shopping.
I bought a new phone on your recommendation. I am sure that it’s great but not 100% sure about all of the benefits. Look forward to finding out. The video was convincing for sure, thank you
Greetings: 2FA is 2 internet as plastic. Both R security and privacy risks. Both segregate and oppress. Repeal the Real ID Act and approve the Payment Choice Act. Thx 4 the share.
I just watched a video on SS7 signaling on cell phones. There they intercepted the 2FA code generated, and the phone that it was supposed to be sent to have no information it had been sent. End result, a hacker can get into one of your services, have a 2FA generated, fully access and tamper with your account and you will have no idea it has happened until you find the account emptied of money. 2FA does not give secure security.
I had no idea of the level of my ignorance!! Thank you for teaching us in ways I can (usually😉) understand. It's super appreciated!!!!
I'm interested in your phones, but not tech savy. Please keep up your wonderful explanations and maybe will you do some videos of you using the Brax phone (s)?
There are many videos of de-Googled phones which we have. But BraX2 phones are sold out
i Rob,
Could you do a comprehensive report on the new Tesla Model π phone? I think it would be a great topic to cover.
Thank you!
My employer says in their employee fine print, “we will not give your private information to third parties unless they pay us.” No minimum amount nor currency unit is specified. Go figure.
This will only work temporarily until they identify your service is a VoIP line and then they get banned/blacklisted as not being real phone lines. That's what has happened with a lot of these providers...only a matter of time, and unless you want to keep jumping ship every couple of months/years - the effort is futile unless you have endless cash to throw at this problem and time to manage all of this.
I use to use privacy for virtual cards, and eventually my bank caught on and banned those as well. What am I suppose to do, change banks every year? It's getting ridiculous to protect your own data/info out here.
Thank you Rob, you are awesome as always. Have to see this video over again. Important stuff. thank you again.
My own dr office hates me cuz i change my number like a meth head with a new idea
S/ Rob, I feel super secure. Our overloards care for us in a good way.
👍❤
Makes me glad I don't have any friends 😂
same here
Same here.
And me 🎉
My biggest issue with phone 2FA is that, when I'm travelling in another country with a SIM card for that country, my US phone doesn't work so I can not receive the text messages.
Right there is a truly valid reason to say how scammy it is because this would be an obvious fail on the platform's part by requiring this
Use open-source 2FA such as Aegis. TOTP is an open standard and supported by many sites & open-source apps.
I love that it takes about 20 minutes just to log into your bank account. They send a code to your email. Now you have to 2 factor authenticate your ID just to get into your email... so you can log into your 2FA bank account! What could go wrong??
Thank U Rob 🙏♥️🕊😎
What's crazy is I recently got a new pixel and degoogled it (formerly iPhone user) and the next month my car insurance went down $50/month with progressive insurance (which is the cheapest its ever been... I drive really fast often. I never had any location services enabled nor had the snapshot thing and also had bluelink deactivated on the car since I got it.
Wonder if apple was selling my location data with them? I had even had all the 3rd party apps background location off too. What a strange coincidence.... My insurance kept going up before I degoogled. Anyone else have the same experience?
At first I thought you were a spam bot, until I read the rest.
2FA via SMS is insecure for decades, besides it is a great way to steal your account, so it actually decreases your security.
NHS online is a major user of 2 factor I'd.
The content is so good!.✌️
isn't my number instantly leaked the moment i sign up for a phone number? you don't think the phone company is selling my data?
Not my service. I don't ask for ID.
The problem isn't that they're tracking us, it's that they're allowed to track us.
The problem is that most people dont care that they are being tracked. Even if people just cared about this matter, we could make a difference and push back on these companies taking away our freedoms.
Wells Fargo bank does this and I cannot turn it off.
This is simular way I use my email. 1 for family & friends, another for JUST business such as banking and the 3rd is others and that 3rd one gets deleted as needed.
Or you could buy a "domestic only Chinese phone" that has no Google at all. Not sure about the SIM card though😢
This idea of phone number isolation seems like an awesome tool to fight the creeping privacy threats posed by various entities. I love the idea of having a no KYC number and only using that for pseudo anonymous websites. I'm a little bit murky though on what it accomplishes to have different phone numbers for strong kyc institutions like banks and for your friends and family since they will both know your real identity anyway. You talked about about this at a couple points in the video eg 8:04 and18:50 with regards to leaks to credit reporting agencies but I'm still not sure what the danger is since the only parties that could tap into this would already be those that also know your real identity. Could you please clarify? Thanks in advance.
Not true about credit reports. Big tech may access credit reports. And don't forget existing leaks like the Equifax leak that's already out there. I talked about that in detail in the video
@@robbraxmantech/videos Thanks again for responding. Yes, I remember well you explaining about the equifax leak and I even made a mental note of it as an example to convince "normies" of our philosophy lol. But I was thinking that leak was in 2017 so I didn't know how it could affect us going forward.
You know what would really crystalize the point? If you could provide an example of what information which party would get if you combined numbers 1 and 2 that they wouldn't get if you kept them separate. That would really drive it home.
I just got a different phone number for the stuff requiring it and even then I still stay away from anything that requires it.
You pay for an entire other line just for that? Is that the only way
Where i'm from, you can get SIM cards without subscription, personal identification or anything like that. You can just grab one and pay cash. Since you're not sending anything from it, it won't cost almost anything to keep.
You could top it off with 5$ cash every year or half year just to keep it alive and receiving, with cash, from some sort of automated boots where you feed the cash and you transfer the credit to that phone number.
Maybe i explained poorly, non native speaker, but you understand
Also another big question, I do not have a post history on twitter. I'm wondering since I am a public person advertising with my name, should I use a alias handle and not my real name and email for Twitter
Any company that does any business with the federal government is required to do KYC searches to ensure you aren't using them for money laundering.
Excellent information! Thank you.
For logins to sites that do banking, investment, finance or payment processors, knowing your real contact info is legit. I agree that having a 2nd number for banking only if you have the money to invest in this,
23:41 - you recommend a sim card # for financial institutions(phone 1), but then say to have no kyc line for any 2FA (phone 3). What if our financial banks require a 2FA to log into our accounts? Do we go for a sim card # or a 'no kyc line'??🤔
Thanks for the breakdown! A bit off-topic, but I wanted to ask: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
Like most people, I find 2FA a bit annoying at times. And think customer should be given the option of turning it on in the first place, and not have it turned on automatically.
I stay away from 2FA for a simple reason. When I travel and my phone gets lost or the SIM card fails I can't get a SIM replacement. Now I can't access anything that requires 2FA.
Why do bank refuse to use Authenticator Apps?
Most companies allow Aegis and similar, but not banks.
Some do but it's very rare.
Banks are old fashioned, so they only allow phone verification. If you wanna use authenticator apps then might have to use Bitcoin instead.
Don't bank online, security problem solved.
I've never felt safe with the 2FA. It's not secure. And I always at least kept my gmail account contact lists empty.
2FA with TOTP/HOTP is secure. It uses standardized cryptographic algorithm for the calculations of the one time password. SMS/e-mail is not secure.
I've generally assumed requiring a cell number is to avoid people making multiple accounts easily.
It's what they say, sure.
What they don't say is that they LOVE phone numbers for advertising reasons... they can link your activities with your phone number and for most people that might as well be an SSN. They'll never say the second part.
If you get a carrier service, even if you only use it for banking, it will not hide you. Your PII will be associated with the number and thinking it’s private from hackers is not a good assumption. Also, if you use an application that accepts VOIP then please understand that VOIP can be spoofed which means your application cannot guarantee you are secure. A hacker can spoof a mobile number as well, but the banks will not accept VOIP so you’re more secure. Any application like a bank where they insure your assets will require regular mobile for this reason and reject VOIP.
Thank you, Rob. If that is your real name... ;)
My comments disappear lol.
The first time I had TFA, I was so frustrated I almost cried.
I knew that this is just to spy and watch you
I MUST use 2FA for business...quickbooks for accounting requires it. Banking requires in from all the major banks in my country, .It's not about choosing to fight back, its a matter of literal being a functional person now. Many banks have limited hours, and require you to do online banking.
THAT is solved here if you watch the video in full
The other problem with 2FA is that increasingly, they don't accept VOIP or eSim thereby "forcing" people to purchase a sim-based phone plan just to have access to their bank account.
I have newer videos that explain the correct strategy
Rob, have you spoken on the subject of Mimix and the Intel Management Engine burnt in PC mainboards' firmware? Just learned of it. Apparently been around since 2009, and it renders all attempts to bypass it useless at the hardware level.
There's a video I made on it. Conclusion: Don't worry. Doesn't affect home users
@@robbraxmantech ...thx. I suppose, though, individuals reactions would be proportional to their perception of "state agencies" levels of intrusion of the common user. Namely, in the year since this video posting, my suspicions over the extent of government intrusiveness has been largely confirmed.
I love when people complain about Facebook then have a Facebook account! 🤣🤣🤣 I've never had a FB account and stay in contact with friends and family and conduct business just fine! If you don't want to get Zucked, don't bend over for Big Tech!!
I hate the idea of getting a new number or multiple numbers... But seems I have to consider it!
No one wants to do it but if attacked, we have to attack back
@@robbraxmantech absolutely. Best defense is offense. Joined your site :)
Wanna say: I'm a none phone users (for complicated health reason / metal) so i cant use phones and this locks me out of so many things. including monetizing my channel. but no one cares
kicker is, under the laws in my country (UK) as my condition is medically registered and the lack of phone possession is a direct issue arising from a disability, covered by law and equal access act, e.g. RUclips is braking UK equality law... so, doesn't matter cus no one will fight on my behalf and RUclips don care (2 years asking them)
Phone Link just appeared on all Windows PCs, and can't be uninstalled.
Not all Winblows PCs. I use XP so I don't have to worry about their invasions. I plan to upgrade to Linux if I can ever afford to upgrade to a newer computer.
This is all so overwhelming, my throat is tightening up and I have this sense of impending doom. We're all screwed... There's just no way around it is there
KYJ is the way to go
This just happened to me with FB. They wanted my mobile number. I gave them a proxy number. Now, they want facial recognition with a 180 degree view of my face. I'm not doing that. F them.
😳 Google is really fond of it 😄 & I make it a point to ignore them in an attempt to escape them . I am definitely degoogling my life! Platforms also scan devices when id not a bot. & Fir the same purpose as 2FA.
20:15 telegram does not accept VoIP numbers
This is why I don't use Telegram.
Yep they banned me for doing a voip number.
OK thanks for the correction. It was listed as OK by somebody using Brax VP.
@@chrimony exactly. Session is better but they don't allow much customizing of disappearing messages. Signal wants a number but they have a clear track record of not storing info when asked by gov.
@@teru797 no, they don't have such "track record", the opposite is true - Tucker have said it - some agencies knew he was going to make a Putin interview exactly by his Signal account some years ago, and this is how his first attempt to make the interview was intentionally sabotaged by the US Gov.
On the other hand - the CEO of Telegram is under arrest and not the CEO of Signal. I wonder why.... I guess it's hard to comprehend :)
Great. . . but finding only "shirts" which are GREAT, but what I'm in the market for, which is more than just shirts!
You are in the WRONG place. Everywhere it says brax.me
@@robbraxmantech Thank U very much! I tic the link you kindly provided so I now have to sign up to BUY? Rather than L@@K first to see if I do actually want to signup??? Well again thank you very much for your share of the link! Pleas stay GREAT!
btw do you do mobiles for eu?
yes
I use a Solokey. I love it. Nothing t do with my ID. I touch it, but it's not reading my thumb print.
Brad virtual phone sounds like a great idea. I’d love to know how competitive the pricing is vs Magicjack and whether the SMS and tone dial actually work consistently unlike Magicjack.
SMS is 100% when using MySMS on Brax.Me
YT is disappearing comments.
Get revenge in person.
Wait till this guy hears about MLMs...
I gave up a long time ago. I realized that being useless and broke was my best defense 😂
My bed is gonna eat me alive if I close my eyes! 🥶🥶🥶
As much as I agree that it makes sense, I don't think many people are willing to drop using all services that require a non-virtual mobile number. It's making a difficult "demand"/suggestion to them amongst an already extremely small portion of the population (I'm guessing like 1-5%; currently probably closer to the 1%), and would lose even more of them there.
There's only a few of these and they're bad sites. So up to you. Get zucked or not.
I am curious about the Google option that will bypass the need for a non-VIOP phone number. The last time I created a Google account, I was forced to provide a phone number and it would not accept a VOIP number. There was no way around it that I could find. Would love a follow up video that shows exactly how to do this.
Useless annoyance, though enforced legally in other services like e.g. banks. I get that if that was one of option in state run OpenID equivalent. Another problem is that it increases stack of services which NEED TO WORK to proceed with authantication. If anything in chain breaks - you are out of luck. On the other hand, bogous VPNs or things advertised here suffer from the same issue - introducting another layer.
I deny Facebook access to my contacts, and yet they keep suggesting me people I add to my contacts.
It's not your phone
It's not your data
It's not your photos
It's not your phone #
What is your take on passkeys ? I use them whenever I can.
I "used" them (past tense). But doesn't work on Linux
- The CEO of telegram was arrested in France
😢😢😢😢😢😢😢😢
🤬🤬🤬🤬🤬🤬🤬🤬 0:45
The longer you’re here you see everything is a scam 😅
I have been trying for weeks to make an email account without giving my phone number. Cant figure out how. Even proton mail let me make an account but not use it for 2FA without giving my number. All i can think to do is get a burner phone
braxmail which we offer, does not require anything. No KYC
Seems this strategy needs some more distilling. The things we need are not quite in place. Laying it out even more simple like an action list and really reviewing how to accomplish each step and why.
KFC - Kentucky Fried Computer. I heard to use a yahoo email as a secondary reference/backup because they don't 2fa it's own service. If you break or lose your phone, bonding two gmails can create a circular security fail when it tries to identify you. At least you can log in to yahoo and start recovery. It's worth finding backup emails that don't demand 2FA or your first born.
Only use Aegis, as its the legitimate 2FA.
asking mobile number is a scam in itself! now they are taking front and sideways photo while buying a new some Sim in many countries.
😵💫gosh there's so much to catch up on
I always thought these small outfits sell your number to google.
I use a pay as you go sim card for phone registrations that I don't trust. In Canada there is Speakout for 25/year.
Maybe there is a voip service that works with 2fa as well, but not mine.
same for online payment apps to 😮
Never provide a phone number to an entity that you would not trust as KYC financial/government. Every phone line effectively becomes a KYC line as soon as you share it to multiple parties, who continually share the pairing of your name + phone nbr. Data brokers have this solved. Co-operation from a phone company is irrelevant, other than very slightly increasing the certainty of the match.
i never submit to this. it is very concerning. and as you said, security is not real reason. it even doesn't make sense! they tell you that because of security you should confirm that's you. like my older google account. but how they can identify me, when i never gave them my number and no number is connected with that account?! it is ridiculous lie. i had same problems with instagram, which i almost don't use. same with twitch. they are pushing to get your number too. btw twitch has ugliest gui i can imagine...
KYC 2FA is causing allot of trouble, aspecially when you trade crypto or stockmarkets.