Could you link to a reputable resource for this? I've always imagined that phone number background checks were mostly scams with a bit of public information sprinkled on top.
I'd be very surprised to learn that I could purchase a burner phone, give you the phone number, and have you be able to tell me my address and criminal history.
> I'd be very surprised to learn that I could purchase a burner phone, give you the phone number, and have you be able to tell me my address and criminal history.
OK, so even if you pay cash, there's video surveillance in the store, and surveillance (license tag, video, etc) on the route. And that's linked to the number. Then there's the number that you call from to activate the burner phone account, which may have some identity information. Plus geolocation data for that, and for the burner phone.
When I was living in Brazil to buy any kind of SIM card you had to give your CPF or whatever it was called number from your residency card. I believe many countries have this rule as coiner terrorism measure or whatever. Of course for bad guys it’s trivial to go around those restrictions.
And that's a near best case scenario in the US, UK, etc. In most of Europe and many other countries, you have to officially register a SIM card with an ID/residence document to use it.
Right, I meant that the scenario described is a near-best case in a global context as many (most?) countries unlike the US/UK/etc. require ID verification.
I don't believe this is true. It's very trivial to find a prepaid SIM in the US that one can just purchase, activate, and top-up with reload cards (which in turn can also be purchased with cash). Postpaid plans do often require ID verification because of the credit that is being extended, which I think is more than reasonable.
For non-burner phones, just Google the phone number---you'll probably get a sketchy "look this person up for $XX.YY" telephone directory page that will contain their full name and age, if not their address.
So, I just Googled my phone number, and the phone numbers of several friends.
In each case I got dozens of the same flavour of site, which I've seen many times before, it has a paginated list of every possible phone number that could exist, and an advertisement. These sites are pretty cheap to build and presumably over their lifetime they bring in enough advertising revenue to justify renewal costs, hosting and so on.
But they don't offer (and couldn't deliver) personal information about any of us, since that isn't publicly available.
At any rate all of this misses the point; Signal doesn't use phone numbers because phone numbers are an especially good identifier, but as a UX tradeoff to keep metadata off their servers.
I have good reason to believe this UX "tradeoff" is being actively abused. Several vectors,but the main one has to do with contacts of a compromised target,or when a target adds you as contact.
In practice,it's worse than having to use your SSN. You don't need SSN to sign up with all the major apps and sites (including free email),but you do need a phone#.
I think it boils down to the fact that in Signal the server can't see which conversation messages belong to - and if sealed sender (aka secret sender) is enabled, the server can't see who they're from. (As far as I know, the server still tracks the phone number of accounts and thus the recipients though - looking at https://github.com/signalapp/Signal-Server/blob/2b987e6e9301...)
Unsure how this relates to contact lists though (other than that secret sender is apparently only available for messages from people in your contact list?)
Matrix on the other hand isn't a message-passing system like Signal (or IRC or XMPP or SMTP) - instead it's a way of securely storing your conversations (more like NNTP or IMAP). This means that when you log into a new Matrix client you can get at your conversation history, and it means that even if you lose all your clients you don't lose your history.
The compromise is that Matrix ends up storing the metadata of who spoke to when in the conversation history which is stored on the server.
However, we're working on mitigating this with P2P Matrix (where you run the server clientside, unless you explicitly want to pin that conversation to a serverside server), as per https://fosdem.org/2020/schedule/event/dip_p2p_matrix/ - and it even works :)
Did you pay? At least in the U.S., states release ridiculous amounts of information on people. It's "publicly available", but in practice states charge a high fee for the databases, which means most of this data exists behind paywalls. The data on sites like spokeo.com and intelius.com isn't great--not at all comparable to the breadth and quality of data LexisNexis offers with their 5- and 6-figure subscriptions--but it's amazing how many phone numbers, names, and addresses you can still match up.
Then there's all the "private" data about you that is commercially available. That's what credit agencies and similar companies do--buy your data from any company willing to sell it. Such databases are so deep and comprehensive that these companies have become extensions of intelligence organizations for all the business they do with government. In fact, just a year or two ago there was the "scandal" where it turned out cellphone companies were selling location data, which some savvy police departments started using to avoid dealing with warrants.
Could you link to a reputable resource for this? I've always imagined that phone number background checks were mostly scams with a bit of public information sprinkled on top.
I'd be very surprised to learn that I could purchase a burner phone, give you the phone number, and have you be able to tell me my address and criminal history.