Wikipedia:Reference desk/Archives/Computing/2019 November 24

Computing desk
< November 23	<< Oct | November | Dec >>	November 25 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

November 24

unsupported video format

Occasionally, in an attempt to watch a video from the internet, a message is received, saying: "HTML5: unsupported video format: try installing Adobe Flash", despite being installed already in the 'settings' within Google Chrome I'm currently using. Maybe I didn't define what's required correctly - the present definition is "a confirmation request will appear" (translated from another language), with no other options to choose from. What's wrong or missing ? בנצי (talk) 09:54, 24 November 2019 (UTC)[reply]

Burner phone for 2FA

I have a question that may not have an answer. (TLDR at the end for the impatient).

I recently picked up a Chromebook dirt cheap and wanted to try it (I normally use Linux 80% of the time and Windows ten 20% of the time). To do that I need to set up a google gmail account.

Alas, there appears to be no way to do that without giving Google your cell phone number and responding to a text message. Only my close family and my doctor get my cell phone number, and to avoid spam I use a cellphone with no ability to receive text messages.

--Guy Macon (talk) 18:53, 24 November 2019 (UTC)[reply]

Update: It turns out that when I entered my landline number, next to the "send text message" button there was a "call instead" button, which resulted in a robocall that gave me an access code. So you don't actually need text messaging, but you do need to give Google your phone number. I am still going to get the burner phone. --Guy Macon (talk) 01:38, 25 November 2019 (UTC)[reply]

So I decided to get a prepaid "burner cellphone" with a different number. I could use it when some website requires text messaging, and it would be a nice emergency backup if I ever have trouble with my regular cell phone. How hard could it be to get a burner phone? Drug dealers manage it, and some of them aren't particularly bright.

I checked out a bunch of providers. Here is a typical deal: Tracfone will sell me a dumb flip phone for $20 and will sell me 60 prepaid minutes and 90 days of service for another $20. They even let me keep unused minutes. But that's $80 per year, and I have to keep track of when to renew. Or they will sell me 400 minutes and a year of service for $100. More convenient, but I would still be buying 390 more minutes than I need.

Is there a provider who will simply sell me a flip phone with prepaid minutes that doesn't expire at all? I am willing to pay a lot more (one time) for the convenience. Or one that requires re-buying once a year without costing me a hundred buck a year?

TLDR: Looking for a cheap prepaid emergency backup cellphone phone that I will almost never actually use. --Guy Macon (talk) 18:53, 24 November 2019 (UTC)[reply]

Hmm, I don't have any recommendations in this regard. But I also have an emergency backup cellphone, and I subscribed to one of those discount reseller carriers that markets to elderly and retired people. I will take the opportunity to bemoan the state of 2FA, though. 2FA should never be used through SMS, that is a security hole big enough to drive a truck through. SMS can be compromised so easily that it's not worth it. Get a security token or Authenticator app. Of course, Google isn't giving you a choice here; they have ulterior motives. It's not merely to provide you 2FA security, of course. It's also to harvest a valid phone number to put in their database, and associate it with you, or at least your account. But thirdly, it's also to validate that you are a real person, and not a bot or malicious script signing up for accounts. It's a CAPTCHA on steroids, essentially. They assume that everyone who wants a Google account already has some kind of cell service, and so that's your key to prove "yes, I'm a human being." It's a bummer that we've come to this! Elizium23 (talk) 19:56, 24 November 2019 (UTC)[reply]

For clarity, Google most definitely does allow you to use TOTP for 2FA. They only don't allow it for signing up for an account. Note that while Google does normally require a phone number to sign up, they've been doing this since long before they used it for 2FA. While I know Google is evil and all that, I'm not convince in this instance they really care that much about harvesting your number. IMO the main reason is simply to make it more difficult for bulk malicious signups. (I'm reminded of an argument I got into with some editor about whether Google blocking Tor require ReCaptcha's etc was really because they didn't like the tracking problems it create, or mostly that didn't like SEO etc using scripts to try and analyse stuff. IMO it's a mistake to assume everything has a 'malicious' (for lack of better word) angle just because the company's practices often are 'malicious') Nil Einne (talk) 07:14, 25 November 2019 (UTC)[reply]

As an additional point of clarification, while Google does support 2FA both SMS and TOTP and Google can also tie a phone number to your account as a recovery number for their "on demand" 2FA (where they may ask for verification when you try to sign in from a new browser or device and an unusual IP or they otherwise decide there is some risk even without 2FA enabled), I believe it is still possible to have a Google account without a recovery number or email explicitly attached, even if it's attached somewhere in Google's database. In that case, they may ask you to provide a number if they are suspicious, for the aforementioned human check reasons. I believe this number is also not attached as a recovery number unless you ask them too. (I.E. you may be asked again for a number.) Although if you use the same number for too many accounts, or I suspect keep using a different number for signins, they may stop that. Also as an interesting additional point some of the commentators at [1] some to suggest occasionally they will accept a email instead or that if you create an account from Android, putting you age below 15 (but I assume 13 or above) may mean they don't ask. I'm fairly sure these only work in very limited scenarios since if they did widely work they would be abused, but Google's account creation processes are definitely a dark art and what they require are going to depend on a lot on their own internal assessment of whether you might be trying bulk account creations. As that thread also shows, those who do want to bulk account create can easily get software to try and get around these limits including by obtaining numbers somehow but from Google's POV I'm sure they still have some success in limiting it. Nil Einne (talk) 09:58, 25 November 2019 (UTC)[reply]

@Guy Macon: Maybe one from this list? [2] ? There is also a plan for $10 per year here: [3]. It will also depend on what country you are in... RudolfRed (talk) 20:58, 24 November 2019 (UTC)[reply]

Thanks! Super helpful. I am in Southern California USA (to be specific, I live where the TMZ crosses the Orange Curtain). --Guy Macon (talk) 00:18, 25 November 2019 (UTC)[reply]

1. If you just want SMS, you can get a VOIP number for about $1 to $1.50/month that will forward SMS and voice mail to email (you can get the emailed voice messages as .wav and/or speech to text transcriptions that are scarily good). You can also set it to forward voice calls to another number (1 cent or so per minute connect time) and that is quite handy. Twilio.com has the most convenient API if you want to automate your setup, but they are a somewhat annoying company. vitelity.net doesn't seem as evil but you have to use their crappy web interface. voip.ms is the cheapest afaik and I haven't used them. Google Voice may have something comparable for free but remember that means you are the product ;P. I can afford the $1.50 for vitelity so I stay away from google.

2. For cheap cell cell service t-mobile has a $3/month plan with 30 minutes included, then 10 cents/minute, SMS=1 minute, called "pay as you go". I think they recently shovelled it off to one of their MVNOs so I don't know if you can get it in their store any more, but it still exists. You can get a used GSM phone from craigslist for almost free and it should work for this. I relied on this for a long time and it is a good plan for very occasional users. Biggest nuisance is you have to remember to renew it every 3 months (pay in $10 minimum, which gives you a little bit of overage credit). You can't just put in $36 and have it for a full year. Edit: found it https://www.ultramobile.com/paygo/ here.

3. Don't use SMS-based 2FA if you can help it, use TOTP instead. There are all kinds of phone apps to show the totp tokens. I forget which one I use but it is from F-droid so the source is available. You should be able to run something like that on a crappy old android phone without any type of service plan. You can also run it as a desktop or command line app (the algorithm is very simple). Someone explained the trouble with SMS further up (SIM swap scam) and also it's just a pain in the neck to get SMS messages whenever you want to log into an authenticated site. TOTP is much nicer. 67.164.113.165 (talk) 04:37, 25 November 2019 (UTC)[reply]

Good advice for those who use 2FA. I don't use 2FA unless a site forces me to. There is absolutely nothing wrong with relying on a unique 256+-bit password generated by my hardware random number generator and never revealed or reused.

"Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench." --Gene Spafford

--Guy Macon (talk) 07:42, 25 November 2019 (UTC)[reply]

Sure, but every computer you buy in a store comes pre-installed with a gigantic directory-listing of all the trustworthy park-benches. Nimur (talk) 15:59, 25 November 2019 (UTC)[reply]

Unless you buy one without an operating system preinstalled. Martin of Sheffield (talk) 20:13, 25 November 2019 (UTC)[reply]

And most of those listings include a couple bonus park benches run by crime syndicates and hostile state actors, just kinda mixed in there. Elizium23 (talk) 22:38, 25 November 2019 (UTC)[reply]

If anyone tries that supposedly $10/year Lyca plan, can they post here about whether it really works? If it's like T-mobile (and they are a T-mobile MVNO, I think) then you have to make a payment every 90 days, with a $10 minumum, so it's really about $40 a year, still not too bad. If it's really $10/year that's great, and I'll buy a few sims since I have some crappy old phones laying around, and it's worth something to make them occasionally usable. The Lifewire list is not very good, and Ting in particular is overpriced at low usage rates. Remember if you get even one SMS message (and you will get SMS spam), they charge you $3 minimum for SMS usage that month. 67.164.113.165 (talk) 21:52, 26 November 2019 (UTC)[reply]

Added: it looks like that was the Lyca PAYGO plan, and they no longer offer it. It sounded impossible because a phone number by itself is around $1/month in the highly competitive VOIP industry. I'd love to overthrow the NANP sometime to get around this, but the bureaucratic navigation involved would have to be ridiculous. Meanwhile T-mobile's offloaded PAYGO still seems like about the best you can do. 67.164.113.165 (talk) 22:01, 26 November 2019 (UTC)[reply]