Twitter is turning oF SMS based 2 factors authentication for all users, making it a premium feature for paying users.
They claim they’re concerned with security because SMS is vulnerable, but if that was really the case, they’d turn it off for all users, not leaving it for paying customers… (notes L.Weinstein)
Read in a nnsquad newsletter (author withheld)
I wonder whether Twitter turning off 2FA as planned would survive FTC attention under Section 5. I suspect people at the FTC are watching keenly.
Generally, the FTC usually focuses on deceptive practices (did the company violate representations it made, about security or about notifying users of material changes?) rather than looking for unfair practices. A company with an FTC settlement provides the FTC even more opportunity to tie findings to something company-specific.
For example, Twitter had its 2011 FTC settlement that for 20 years bars it from misleading consumers about the extent to which it protects the security/privacy of nonpublic information, including the measures to prevent unauthorized access and honor the privacy choices made by consumers.
Then in 2022, though the issue was different, came new provisions related to security:
I hope Twitter does a thorough analysis before taking action and can prove that this is not a material change that diminishes security for users and puts them at risk of harm. Perhaps investors and/or users could even seek an injunction given the risks of harm if Twitter proceeds as announced.