What’s wrong with two-factor authentication on WordPress, Twitter, etc

If WordPress ever makes two-factor authentication mandatory, THIS SITE WILL BE SHUT DOWN.

If you have a wordpress site, they are begging you to “enable two-factor authentication.” This is OK for businessses, etc who are in the shitter if their page is hacked, but NOT a good idea for anyone concerned with data privacy and willing to risk having to junk an online account to protect it.

Once a site is connected to a cell phone, ad tracking agencies, the cops, and the courts can all use the phone number to attempt to determine your true identity. Buying a “burn phone” costs money and is thus not reasonable for any expendable webpage run with the intention of engaging in no financial transactions of any type. Even a burn phone requires careful use: never from near your home nor anywhere you are known to hang out, batteries out at all other times. It must be purchased with cash, far from your home town, and wearing dark sunglasses as protection against facial recognition sofware used with security camera footage.

Neither this website nor your personal blog is worth the hassle and expense of a burn phone, nor is it worth the added risk of dealing with cell phone vendors, security cameras in their stores, etc. Something like an ALF or ELF press office might justify this-but only if the admin has the capability to turn off IP address logging and all third party content, not just ads. Admins on WordPress sites do not have that power, so it is unlikely a hacked account would be more dangerous to either the admin or a third party poster than an account simply subjected to surveillance with or without a warrant. On the other hand, posession of that phone would prove ownership of the site, possibly enough for a “material support” charge in court, so I still would not recommend it. Only encrypted tokens sent to a user and stored on a flash drive-and totally unidentifiable to a third party-could ever really be trusted. Possibly a user-provided photo not posted to the site, containing a stego code bearing an encrypted token?

WordPress, I understand you are trying to help those with mission-critical pages that cannot be replaced, but on this site privacy is the top concern. I will never “add a phone” to any online account anywhere,nor will I ever permit Google to run closed-source software on any machine I own as I consider them as dangerous as the NSA.

I do not have, nor do I want a smartphone, tablet, etc. I do not trust any vendor-provided operating system as I do not trust any of the telecoms.

Leave a Reply --WARNING: do not "Comment using Facebook" or using Twitter-you expose your information to 3ed party tracking

This site uses Akismet to reduce spam. Learn how your comment data is processed.