Facebook continues exploiting users privacy and this one involves your phone number. With increasing privacy breaches, some of us have set up 2-factor authentication to increase the security of our accounts in case our passwords get leaked.
If you have set up your Facebook account’s 2FA with your phone number, Facebook isn’t keeping that number to itself – this means that anyone can search for your profile using your number. Facebook connects that number with your account and you can’t dissociate it from your profile.
Last year, Facebook was found to use these same phone numbers to target users with ads after aggressively pushing them to adopt 2FA using their phone numbers in an effort to secure their accounts – a heinous tactic by the giant social media company especially now with waning trust among its users.
The phone number is also connected to your Instagram account when you sign it up for 2FA. WhatsApp also shares your phone number with Facebook but you can opt out.
People can still search for you even after hiding your phone number when someone uploads your contact information to Facebook from their mobile phone but is way harder than using their phone number since facebook put up measures that limit how often people could search after being warned by security researchers that user account information could be scrapped by scammers.
“Facebook lacks even a shred of ethics” ~ Walt Mossberg
What do I do?
Head over to the privacy tab. You’ll notice that your phone number is public by default to “everyone” who looks you up which you can change to “friends of friends” or just the user’s “friends.”
What is Facebook doing?
Facebook said the feature is on by default so that it is easier to find friends. It also looks like Facebook isn’t going to allow users to opt out as its core business is run by ads. In an interview Mark held at Harvard, he pointed out that Facebook as a subscription service isn’t as easy as it seems.
Its data collection is so complicated as it gathers this data from lots of sources(including from people who don’t even have Facebook accounts) that it has to come up with new features that in order to stop this collection.
In the interview, Mark said that they are working on new data privacy controls and that a subscription service won’t be necessary as Facebook will have figured out a way for users to better control the data Facebook collects.
This is why tech companies need somebody advocating for security as a first-class goal in product, which is a different function than good security engineering. FB can’t credibly require 2FA for high-risk accounts without segmenting that from search & ads. https://t.co/CzDyuRInBU
— Alex Stamos (@alexstamos) March 2, 2019
An extra step
As SMS become the more convenient method of adapting to 2FA, companies ranging from social media platforms to telcoms have started exploiting phone numbers for search and ads and it’s imperative to switch to Authenticator apps – the true 2-factor authentication.
Facebook allows you to add an authentication app. On the app, click the hamburger icon on the top left, go to Settings and Privacy > Privacy > Privacy Shortcuts.
From the Settings, scroll through to Security and Privacy then select two-factor authentication and click on the Authentication app option.