According to the Tweet, the leaker provides a claimed data sample that is a list of phone numbers without any additional information.
A list of 3.8 billion phone numbers that simply exist is useless. The leak would only have value if the numbers were associated with some identifying information.
If it’s really only phone numbers, I wonder if it’s a leak or if someone brute-forced all possible phone numbers against a ClubHouse API that leaked information about whether or not the number existed in their database.
Because they encourage users to upload their contacts so they can connect them on the platform. At one point when it was invite-only these uploaded contacts were the only way to invite friends.
Last I heard, they had around 10M users. Since they employ the, what I would consider, dark pattern of heavily encouraging folks to upload their contact list, that comes out to an average of 380 people per person. Given the Clubhouse user base demographics, I find this at least plausible.
I'd say it's even more of a dark pattern than that. They didn't encourage me to "upload my contact list" but rather "give access to my contacts" (or something like that) Perhaps the difference is trivial in how it's coded yet even though I've removed their access to my contacts, they still have my contacts. I think they should have to delete them whenever I remove their access, or not even upload them in the first place but just read them when necessary.
Also, some apps seem to do this with photos, asking for access, does anyone know if these apps also upload all of one's photos once the user grants permission on iOS?
> does anyone know if these apps also upload all of one's photos once the user grants permission on iOS
That would eat up a lot of bandwidth. I suspect someone would notice it. An app could extract a lot of information from the metadata though, assuming it had access (I'm not sure how permissions on iOS work currently). It could also potentially run facial recognition algorithms locally (not sure how well that would work in practice though).
I really like that point about the bandwidth and also about the metadata and facial recognition.
I guess I just wish we had more insight into what info companies take and how, permissions on iOS and Android seem to be getting more granular and yet still seem quite broad to me.
I’m particularly fond of iOS’s new “selected photos only” setting, but apps really don’t support it well in general (so I chose not to use them anymore). Instagram used to support it decently well, but in a recent update they removed the “select more” button and my usage of Instagram has dropped dropped dramatically since.
I mean, I like it in theory, however I find it can be really cumbersome. I don't see why they can't just have me open my "pick a photo" browser on iOS without needing access to the photos. Seems odd that choosing photos from the OS can't just be the default option.
When an app first requests access to photos, it’s one of the options listed in the system permissions dialog, so it’s virtually the default. The problem isn’t that, it’s that once you’ve picked the “selected photos only”, apps can choose to make it a pain to pick additional photos if they don’t add a UI element for it. Given that Instagram had it before and then removed it, I can only assume that the real reason is to try to coerce users into granting all access (nice try FB, but not going to happen for me!).
Oh wow I didn't know this. From what I see on iOS, IG still lets me Manage>Select more photos, whereas WhatsApp has a tiny "You've given WhatsApp access to only a select number of photos. Manage" at the top.
So now I've set all to Selected Photos and will just click manage and add extra photos when I need them. So much easier than I had thought, thank you!!
> From what I see on iOS, IG still lets me Manage>Select more photos
Weird! That option is missing from mine as of about a few weeks ago when doing a normal post. Stories’s picker gives me the option to “Manage”, but no where can I find the option for normal posts as of the last app update. Would you mind sharing a screenshot? I’d love to see if our UIs are different in some way. My contact info is in my profile here if you prefer to share privately.
> I'm pretty sure that would qualify as the number being "made up".
Not necessarily. Let me give you an example, if there’s other metadata included with a specific contact list entry, it would be valuable to have duplicate numbers, as that extra metadata could then be leveraged potentially.
they didn't "validate" anything, they just opened the csv. also i'd be interested in their take on the second column, that looks like clubhouse's scoring system (which they ran without telling anyone, likely for marketing purposes, according to this* article). if so, you can in fact tell which numbers are more significant than others.
Hmm, so the "highest" numbers would be publicly-knowable numbers anyway (because they are the numbers to dial and contact the government/customer service of a private company).
If this is only a list of numbers and their relative popularity, the best you can do is accusation of adultery (and even in that, you could say that you're "popular" because coworkers also store your numbers).
this tweet says it's BS (they validated the japan sample)