Facebook Stops Using Phone Numbers for Advertisements

John Lister's picture

Facebook is to stop treating user's phone numbers as a way to target advertising and recommend friends. Critics said the practice undermined a key security measure.

The company says it wasn't collecting the numbers directly from phones or the Facebook app. Instead, users provided the number when taking advantage of two factor authentication.

With this set-up, it means that if a user tries to log in to Facebook on a new device or from a new location, Facebook sends a security code by text message to the number on file. The user then has to type the code in to Facebook before they can login from that new location or device.

The idea is to restrict the damage if a hacker gets hold of somebody's password, either through a phishing scam or a security breach.

Potential Friends Spotted

The problem was that Facebook was also using the numbers for two other purposes. The first was for targeted advertising. This involved using the number to identify the individual and link them to other sources of data.

The second use was for Facebook's "People You May Know" feature which suggests people to add as friends. The idea is that the more people a user connects with, the more time they will spend on Facebook.

In this case, it wasn't the person who provided the number for the two-factor authentication who got the suggestions. Instead, when other people gave permission for Facebook to look through the contacts list on their phone, it would suggest the person if their number was on the list.

Practice Ends In 2020

The set-up created two main problems. It was misleading for users who didn't know their number would be used for these purposes. It also risked putting people off agreeing to two-factor authentication if and when they found out their number was being misused.

Facebook stopped using the numbers for targeting advertising last June. Now it says it will stop using them for "People You May Know" in some countries this week and rolling out worldwide next year. (Source: bbc.co.uk)

However, it's taking a different approach to making the two changes. It stopped the advertising automatically with no need for user action. However, once it stops using numbers for "People You May Know" in a country, users will need to delete their number to break the link, then enter it again if they want to continue using two-factor authentication.

Facebook will need to include details of the changes as part of a quarterly report to the Federal Trade Commission (FTC) which has agreed a $5 billion settlement over other privacy violations. (Source: slashgear.com)

What's Your Opinion?

Was Facebook wrong to use numbers in this way? Would the thought of this happening put you off using two-factor authentication? Should this incident also have led to FTC penalties?

Rate this article: 
Average: 5 (5 votes)

Comments

buzzallnight's picture

They closed my account because I would not give them my phone number!!!!!!!!!!!!
I sent them a copy of an article about all the phone numbers they gave away when they got hacked!!!!!!!!!!!!

F*** facebook!!!!!!!!!!!!!!!

Unrecognised's picture

I could not possibly ever, ever, ever, agree more.

matt_2058's picture

I don't use FB, but this could very well happen with any company or service that uses the 'call-with-a-code' method.

YES -- Was Facebook wrong to use numbers in this way?
YES -- Would the thought of this happening put you off using two-factor authentication?
YES -- Should this incident also have led to FTC penalties?

I wonder why the FTC did not section this mess out from the previous privacy violation settlement and levy a new fine. And why no compensation for the individuals this affected. Until the consequences are large enough to cripple the company, this crap won't stop.

The whole paragraph titled "Potential Friends Spotted" is the problem. The phone number was supposed to be used for authentication, not for the actions mentioned in the paragraph.

Really, what companies can you trust these days? None, as all have the disclaimer that their privacy policy does not apply to companies they do business with or that in the case of a merger or sale, your information is included in the sale without your knowledge.

David's picture

Just dump it. Delete your account, encourage anyone you know to dump theirs too. Remember, when the service is free YOU are the product being marketed.

Jim-in-kansas's picture

David,
I have come sooo close to deleting my FB account over the years.

The only reason I have not is that I have family, old military buddies, hobby friends, etc scattered all over the world.

FaceBook, in many instances, is my only link to these people who are in or have been in my life over the past 68+ years.

I always tell my kids and grand-kids, (you know, the Zombie-eyed ones with arthritic looking thumbs, at family gatherings!) "If its free YOU are the product" as you so rightly point out.

Merry Christmas, Cheers and always look BOTH WAYS before stepping into the street !

Jim-in-Kansas

dwightlightnin_12354's picture

Who gets all the settlement money all these tech companies are fined? And I notice on every article similiar to this 1 that " other countries" is always what catchs me eye. FB sucks and I only use it for marketplace because CLs is charging to post adds. Why do all other countries make these tech giants change there ways but not in the USA? Look both ways twice!!

Unrecognised's picture

AT LAST THIS IS FINALLY BEING MENTIONED AND DEALT WITH!

The second they instituted 2-factor auth I started hating them in earnest. I want security the constituents of which I am 100% aware.
Login was username, email, password, secret questions.
I NEVER gave them permission to scrape my IP without my knowledge and to lock me out if a VPN was in use or the IP for any other reason different.
... and no way in hell was I ever going to give those private companies my phone number- and I never have.
Were they going to use phone numbers for nefarious purposes?
What a stupid question.

By far the scariest thing about this is the way billions of people simply complied without question. My parents never regulated my childhood reading, and after seeing some horrifying news footage on TV I read up on war, especially WWII and the Jewish/minorities genocide. That happened because you and I and all the ordinary people let it happen.

We KNOW people/organisations will do the wrong thing when profit/power is involved, and individuals will usually comply. That is what has to change. Individual responsibility. FB users, stop being so designedly naive lazy and complacent and stand up for what you know is right. FB should never have been allowed to get away with this for a single minute. That they have is the fault of each individual user who traded their rights/values for expediency.

In closing, I present for your stunned contemplation the words of a friend. This friend was the orphaned infant child of Jewish parents murdered in WWII. She was hidden in someone's attic, then shipped to Perth to grow up with adoptive parents.
When I told her that there were grave concerns regarding privacy and agency for users of FB, she responded "well I don't mind- I've got nothing to hide".

Learn from this, and learn harder, knowing how we always unlearn, reverse progress. You can never afford to relax your vigilance, particularly in times of rapid change such as this Internet Age that's sprung up overnight.