Facebook has come under fire yet again for another privacy issue, with the social network not providing its users with any way to opt out of having their phone number, submitted to enable two-factor authentication to secure the account, used by others to look up their profile.
Facebook encourages its users to set up two-factor authentication on their account, usually by asking them to submit their phone number, a process that is relatively common across various account systems online. In Facebook's case, the number gets associated with the account, but users are still able to hide it from view on their profile, preventing anyone from being able to see it.
However, it was recently discovered on Twitter that it is possible for users to be searched for on the social network by the number submitted for the additional authentication, even if it is hidden from view on the profile page. Facebook's support pages notes users can "look up" profiles in various ways, like when they upload their contact information to Facebook from heir mobile device.
For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that. pic.twitter.com/zpYhuwADMS
— Jeremy Burge (@jeremyburge) March 1, 2019
Crucially, TechCrunch reports that, though there are options to limit who can look up a user by phone number, there is no option to disable it completely. Usually set to "Everyone" by default, there are options to only be discovered by phone number by "friends of friends" and by "friends," but nothing further to stop it from being used at all.
Facebook spokesperson Jay Nancarrow advised to the report the settings "are not new," and that the setting "applies to any phone numbers you added to your profile and isn't specific to any feature."
While the phone number may have been submitted just for two-factor authentication use, it was reported in 2018 that it "became targetable by an advertiser within a couple of weeks," giving Facebook another way to track users and feed advertising.
The issues relating to phone numbers could get worse, as Facebook has already signalled an intention to merge WhatsApp with Instagram's messaging tools and Messenger. As WhatsApp heavily uses phone numbers, the chance that the user's phone number will be taken advantage of by the social network is quite high.
This is far from the only privacy issue that Facebook has been forced to handle, with many issues coming to light since the discovery of the Cambridge Analytica scandal. Facebook and the US FTC are in negotiations to determine a fine over the privacy violations, which could be in excess of a billion dollars.
Facebook has also pledged to shutter a VPN app used to collect data on its users, saw disruption to its internal apps after Apple pulled a certificatedue to Facebook's flouting of its enterprise app rules, and some apps have been found to share sensitive data with the company, including financial and medical data.
18 Comments
Where FB sees a "feature", users experience privacy violations.
@apple: please remove Facebook from the app store...
The solution is obvious, don’t use Facebook. Stop the spread of the disease...
At least now know where phone spammers are getting their list of phone numbers from. :-o Facebook is becoming really nefarious.
Glad I have never given Facebook my phone number for two factor authentication. But the app was on my phone for a bit so I'm sure they have my number that way.