this post was submitted on 14 Oct 2025
485 points (99.2% liked)

Technology

76041 readers
2564 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
485
Australian Government gets a taste of what everyday people have to deal with in terms of data breaches as Prime Minister Anthony Albanese's mobile phone number released online (www.abc.net.au)
submitted 1 day ago by Agent641@lemmy.world to c/technology@lemmy.world
50 comments fedilink hide all child comments
 

What are the chances this will lead to online data privacy reform and corporate accountability for PII for all? or just...some?

top 50 comments
sorted by: hot top controversial new old
[–] General_Effort@lemmy.world 37 points 1 day ago (1 children)

It's kinda funny how times change.

In Germany, it even used to be that your phone number, along with your name and address, was published in the phone book, by law. If you wanted to be delisted, you had to provide a valid reason, such as being stalked. Just because was not good enough. At every street corner was a phone booth with the phone book of your town with your name and address. At post offices, you could find phone books from other towns. (The phone system was run by the postal service, which was a government agency.)

Phone books were a bit of a plot point in Terminator. The terminator gets the list of Connors from the phone book and kills them in that order.

[–] captain_aggravated@sh.itjust.works 3 points 21 hours ago (2 children)

One thing that never got digitized and put on the internet was the phone book. And for damn good reason.

[–] muusemuuse@sh.itjust.works 6 points 20 hours ago

Yes it did. Data brokers are a thing. They sell your information to anyone they want and aren’t responsible for anything that happens.

[–] General_Effort@lemmy.world 1 points 20 hours ago (1 children)

I doubt there's anywhere where the phone book wasn't digitized. In Germany, the requirement to publish your address + number was eventually dropped, though; maybe because the phone system was privatized.

[–] captain_aggravated@sh.itjust.works 1 points 20 hours ago

I'm speaking of my experiences in the United States. Here, phone books tend to be separated into white pages and yellow pages. The white pages listed names, addresses and phone numbers of private lines, usually homes, and the yellow pages listed businesses. Taking out a listing in the yellow pages was the SEO of its day.

When the internet happened, the one thing that never really happened was a freely searchable database of the white pages. One thing the internet was never useful for as an upstanding citizen was looking up personal phone numbers.

[–] muusemuuse@sh.itjust.works 6 points 20 hours ago (1 children)

Why do we still still use phone numbers for communication? It’s a terrible idea. One unifying piece of information that if anyone gets they can use. Bah.

We should have a communication method that both sides consent to before allowing the connection. Either side can kill that connection at any time by revoking permission on either side. The contact info shouldn’t be the same for everyone either, but something ephemeral instead. Unique. A burner phone number that’s different to each person and only useful if the connection originates from the one meant to have that number.

It’s 2025. We still have “you have been hacked, give me gift cards to save your Google Chrome” style shit going on.

[–] luckyeddy@sh.itjust.works 3 points 19 hours ago* (last edited 19 hours ago)

This sounds cool! Reminds me of SSH keys a bit!

[–] SnoringEarthworm@sh.itjust.works 121 points 1 day ago (2 children)

New punishments for hacking politicians' phones.

Zero changes for anyone else.

[–] stefenauris@pawb.social 44 points 1 day ago

hate to say it but you're probably right

[–] Australis13@fedia.io 18 points 1 day ago

Probably right on the money, sadly.

[–] DirigibleProtein@aussie.zone 58 points 1 day ago (1 children)

Now get him to verify his age.

[–] Lost_My_Mind@lemmy.world 26 points 1 day ago

Prime Minister signs up for NordVPN

[–] logicbomb@lemmy.world 29 points 1 day ago (4 children)

It's really the phone companies' fault for stagnating instead of innovating.

There is no reason at this point for most people to have phone numbers at all. We have the technology today to throw the whole concept out the window.

Replace it with something where a stranger couldn't guess how to contact a random person. Replace it with something where third parties can't easily share your contact info.

You could even have both technologies at the same time to help transition. And we do, as users, but we still need phone numbers because our carriers don't give us multiple options directly.

Phone numbers are based on requirements for a system that's almost 150 years old now. Back when the numbers really meant locations and before people realized how easy it could be exploited to steal old people's retirement money.

[–] nyan@lemmy.cafe 12 points 1 day ago

Phone numbers are the equivalent of IP addresses. It's just that the accompanying DNS solutions are pretty badly broken and the firewall options are all iffy.

[–] echodot@feddit.uk 17 points 1 day ago (2 children)

You still have to have some kind of unique identifier. What do you propose phone numbers are replaced with because I can't think of anything that isn't basically just the same but with a different flavour or actually is actively worse.

[–] GasMaskedLunatic@lemmy.dbzer0.com 6 points 1 day ago* (last edited 1 day ago) (3 children)

Your device and account credentials are unique enough to identify you on the carrier-level, SIM/eSIM as well. Ultimately, every time you share your contact info, it should be a unique code (QR would be convenient enough) generated by your cell provider. If it's ever leaked, you just notify your carrier to burn it, and give the contact a new unique code. No two people should be given the same contact, and all of the contacts are simply correlated to your device by the carrier. Additionally, when sharing contacts via QR, they could be modified on the device-level to include e2e encryption keys, thus further securing the transmitted information, not at the trust-me-bro carrier level, but at the user-verifiable device level. If the carrier gets hacked, reset the identifiers, associate the new one in your text app to keep conversations going, and move on like nothing happened. You'll still be better off than if your phone number was leaked. It's not perfect, but it'd be a hell of a lot more secure than what we have now.

In other words: What if a billion dollar company made Signal, but with cell towers, and not as good?

[–] CameronDev@programming.dev 17 points 1 day ago (1 children)

QR would be convenient enough

My friend, that is not convenient. Phone numbers need to be memorable, and need to be transmittable offline without relying on technology. Old people use phones...

[–] GasMaskedLunatic@lemmy.dbzer0.com -2 points 1 day ago (1 children)

Phone numbers need to be memorable. A disposable unique contact does not. You can print a QR code, easily save it to a device, transmit it via nearly anything with a connectible screen. Of course you would want to launch it with alongside phone numbers, not in place of it, but this is what should be the next 'innovation' in cellular communication.
That said, it does pose the problem of contacting someone with a phone that isn't your own, perhaps from jail. I'm sure they would never suggest putting an emergency contact chip in your hand for your own health and safety. No government would ever suggest something so silly. /s

[–] echodot@feddit.uk 6 points 1 day ago (3 children)

If I want to contact a business though I know I need to dial 555-123-4568, and I know that because there was a little jingle at the end of the advert. But if they just flash up a QR code then do I just have to wait until the ad is on TV again? There's a reason they don't really put QR codes on TV but they do on YouTube where you can pause it, and queue up the video whenever you wanted.

It's not an awful idea but it needs a bit of refinement. That needs to be some kind of way to associate a human readable identifier to the contact.

We use QR codes all of the time for websites but eventually that still boils down to a URL in plain text.

[–] WhyJiffie@sh.itjust.works 1 points 21 hours ago* (last edited 21 hours ago)

usernames, like in signal. opt-in, customizable. maybe also add something automatically for the locality

[–] GasMaskedLunatic@lemmy.dbzer0.com -1 points 22 hours ago

The solution is simple then. Allow businesses to maintain a phone number for people who watch ads on TV. Not like businesses getting spam calls is that big an issue. Though I'm certain they'd be very enthusiastic to have the unique contact QR feature available for tracking in web ads.

[–] logicbomb@lemmy.world -1 points 1 day ago (1 children)

Businesses are a separate use case. Phone companies already handle separate use cases, where they use very short memorable numbers for specific purposes. They just need something similar, whether it's keeping phone numbers, or using something slightly different. Probably some sort of simple alias.

It's the phone companies that need to innovate, and the solution isn't very hard.

[–] echodot@feddit.uk 4 points 1 day ago* (last edited 1 day ago) (1 children)

You say the solution isn't very hard but what you are suggesting is basically just obfuscating phone numbers. Surely the actual solution is to just make spam calling illegal.

Oh and just cut Indias data connection, because those guys are never going to fix their scam call centre problem because the government and police are corrupt.

[–] logicbomb@lemmy.world 2 points 23 hours ago

You could argue that cryptography is nothing but a type of obfuscation. I was trying to explain things so that the very average person could understand it.

People don't stop doing things just because you make it illegal. You even know this because you mentioned India. However people actually do stop when you make it nearly impossible.

[–] vacuumflower@lemmy.sdf.org 2 points 1 day ago

In Tox you have a code on the end of the Tox address. One can do similar, but have different codes for different levels of acceptance. Default - ignore. Some other code - add to the list of callers without notification. Some other - with notification. Some other - for SMS, but not calls, or the other way around. And so on.

The problem with things being memorable exists, yes. Computers can make calls, meaning that there's no solution. A good secret required to call someone can't be memorable.

[–] RedGreenBlue@lemmy.zip 1 points 1 day ago (2 children)

Email should work similarly.

[–] vacuumflower@lemmy.sdf.org 4 points 1 day ago* (last edited 1 day ago)

For those who ran their own mail servers it already did, via the +something notation.

Unfortunately the industry and the Internet in general went the other way.

EDIT: Oh, you mean temporary address. Easy. You have tracker nodes and receipt nodes. You publish on all tracker nodes you know your receipt node (by temporary address) every time you generate a temporary address. So those mailing you find it on trackers and post there. On that receipt node your temporary address is associated with some secret, allowing you to retrieve your incoming mail. The easiest way is that the temporary address is a pubkey and to confirm ownership you just need to sign a request for mail, or maybe it'll be encrypted with it and no good for anyone else. Or both.

[–] chonglibloodsport@lemmy.world 3 points 1 day ago (2 children)

Sure you can have a unique identifier. That’s not the issue. The issue is that anyone can contact you via your phone number! This is not a problem with chat apps where people need permission to add you to their contact list. Why not have a system like that?

Same goes for credit cards. They should need to ask for permission to charge your credit card. Merely knowing your credit card info should not be enough.

[–] echodot@feddit.uk 4 points 1 day ago

But then you just get spammed with requests for connection. Just like spam email, the call coming through wouldn't be the point anymore it would be the connection request.

[–] rollerbang@lemmy.world 1 points 1 day ago

For CCs 3DS does exactly this, though not implemented everywhere.

[–] gian@lemmy.grys.it 14 points 1 day ago

As today if I give you a phone number you have no idea who is the owner if you don't look up on some service.
It will not change if instead of the phone number we use the IMEI or a UUID, somewhere you need to have a link between the owner and the something, if nothing else in your phone and at the phone company.

[–] AwesomeLowlander@sh.itjust.works 9 points 1 day ago (1 children)

Would you care to describe how you would implement said system? Because I can't see how that would work technologically

[–] logicbomb@lemmy.world -3 points 1 day ago (2 children)

I intentionally was vague because there are many possible existing ways to accomplish each thing I said, and it is up to the phone company to innovate.

The simplest way to keep people from guessing phone numbers is to make them very long and sparse. If an autodialer had to dial 1000 invalid numbers before finding a valid number, it would make the endeavor that much harder. This is just a convenient example because the cryptography equivalent is harder to explain, but you could make contact info so hard to guess that it would be basically impossible.

Probably the easiest way to explain how to keep people from passing contact info is to imagine a two step process like facebook has. If I pass your facebook username to someone else, they don't automatically become your friend. The cryptographic equivalent would involve a chain of trust, but again, harder to explain.

[–] explodicle@sh.itjust.works 5 points 1 day ago (1 children)

I love cryptography! Technical explanation please.

[–] Natanael@infosec.pub 1 points 22 hours ago

Literally just use existing standards (STIR/STUN) with some filtering by source network, etc

[–] AwesomeLowlander@sh.itjust.works 4 points 1 day ago (1 children)

Still not seeing how it would work. You're dropping random bits of the system and saying it would work but it's too complicated for you to explain, so there's really nothing to discuss.

[–] WhyJiffie@sh.itjust.works 2 points 22 hours ago* (last edited 22 hours ago) (1 children)

not op but signal has basically solved this. users are not just randomly accessible by anyone. they can share a long URL that contains an ID, or make a short username they like and pass around to people. and even then the recipient has to accept being contacted by each other user

true that signal now relies on the phone number system for trust and safety, but that's not core to how signal works, it could be replaced if they really wanted.

[–] AwesomeLowlander@sh.itjust.works 1 points 21 hours ago (1 children)

At that point, you (well, not you per se) are basically suggesting to replace the telephone system with a Signal-esque system. Which would break a billion things in real life, for little to no gain.

[–] WhyJiffie@sh.itjust.works 1 points 19 hours ago

any change would break a billion things in real life, so we could at least have a proper replacement.

the problem with signal here is that it's centralized, probably couldn't even handle the load besides other problems. but that's solvable, like look at simplex which is similar

[–] BigMacHole@sopuli.xyz 46 points 1 day ago (1 children)

This is HORRIBLE! That RICH people's Information was Leaked! This needs to be PUNISHED BY DEATH so they Learn to ONLY leak POOR People's information!

[–] Geobloke@aussie.zone 6 points 1 day ago (1 children)

Guaranteed rich people's phones are targeted for hacking more

[–] joshcodes@programming.dev 5 points 1 day ago

Yeah so targeting individuals or specific organisations is pretty hard. It sounds dumb but how do you get someone's phone number if they don't give it to you? Its hard unless you're determined tbh which most people aren't.

Most hackers setup watering hole style attacks, or use phishing which is roughly the same concept. Basically they cast a wide net and see what they can grab, like the browser credentials of Debra from accounting who knows everything about compound interest and nothing about opening an .exe file in an email. There are some big game hunting groups, and the LinkedIn breach made some waves (see the fappening), but your run of the mill discord-as-a-c2 style hacker isn't going after rich people.

Someone "hacking a phone" likely put a kitchen scale iPhone app on the app store, which when first opened asks for permissions for microphone, camera, text messages, contacts and file storage, and sends all that information to Argentina for a week or so until their app gets banned.

Also, the most likely person to hack your phone seems to be someone in your household, abusive parent or spouse sorta thing. Most common devices to get hacked are laptops, usually windows. Its just kinda hard to hack a phone. Unless you know a lot about compressed image formats and the iPhone messages app apparently because NSO made like 5 zero days in a row out of that.

[–] dumbass@aussie.zone 24 points 1 day ago (1 children)

Albo: I keep getting texts from random numbers, all saying the same thing... It just says, Cunt.

[–] Agent641@lemmy.world 8 points 1 day ago

Must be a nice change to get "Cunt" messages from random numbers instead of getting "Cunt" messages from his colleagues.

[–] AwesomeLowlander@sh.itjust.works 6 points 1 day ago

Federal political sources downplayed the seriousness of the issue, believing the issue was not related to a data leak or breach.

Sources noted the private contact information for politicians was often already widely available and known by stakeholders and members of the public they had interacted with. Some pointed out that politicians often kept the same contact details for years, from when they were more junior politicians who freely distributed their numbers on public documents like press releases or community announcements.

[–] RagingRobot@lemmy.world 10 points 1 day ago (1 children)

867-5309

[–] No1@aussie.zone 1 points 21 hours ago

5705 is the superior phone number rock song 😁

[–] JeeBaiChow@lemmy.world 6 points 1 day ago

What's the number? So I can make sure I don't accidentally send him a text...

[–] muntedcrocodile@hilariouschaos.com 2 points 1 day ago

I need someone where to send me the number so I can make sure I don't accidentally send him a message saying cunt