"will likely owe a fine of up to $250 million"<p><a href="https://arstechnica.com/tech-policy/2020/08/twitter-faces-ftc-probe-likely-fine-over-use-of-phone-numbers-for-ads/" rel="nofollow">https://arstechnica.com/tech-policy/2020/08/twitter-faces-ft...</a>
Interesting bits: "No personal data was ever shared externally with our partners or any other third parties." Advertisers uploaded lists with email/phone, and Twitter matched them to users.<p>In any case, it does not help paranoid people like me, who are always reluctant to share a phone number as a recovery method (I use self-hosted email, it's the most reliable recovery method, but I understand it's not an option for most people).
I think it should be fairly obvious to most here, but it bears repeating that any service which requires a phone number for 2FA is to be avoided like the plague.
Facebook did this to me as well. I provided a number long ago after they requested it under the premise of security (and it was used for that, as I recall), but then they started texting me about all the people I know posting stuff after I hadn't logged on for many months. I promptly blocked the number.
It's so frustrating being forced to use your cell # to register. Obviously they're using it to tie together data.<p>For the developers out there reading this: please be the change you want to see, or at least try. If your company wants to add a user requirement like this, be the person who speaks up against it.
It's not a perfect "solution" but I've had so many instances of services requiring phone numbers for 2FA that I've dedicated a voip number for it.