Facebook Doesn’t Let Users Opt-Out Of Phone Number Search
Recent user complaints highlight yet another gap in Facebook security practices. It turns out that the phone number users were asked (and, in some case, required) to submit for two-factor authentication can actually be used to look up individual profiles. Even more damning? There’s no option for opting out.
To be clear, it’s not possible to simply add someone’s number and be brought to their account. Facebook got rid of that feature last year, after it became clear that numbers were being scraped and used by scammers. And users are still able to keep their phone number off of their public-facing profile. However, if one user uploads their contacts in order to connect with people they know (which Facebook strongly encourages), those numbers can be linked with a specific profile.
While this feature might just feel creepy in ways that other Facebook privacy violations feel creepy for many people, for some it’s a direct danger. For example, if a victim of domestic abuse has left their abuser but kept their phone number, it could be possible for their to abuser to find them this way. Other dangerous situations include stalkers and minors being tracked by pedophiles.
More generally, phone numbers have become an important identifier in the modern age. They’re used for many services — including banks — for two-factor identification. If a cyber criminal gets their hands on a phone number, it’s possible for them to “SIM-swap” someone’s phone and take it over. This kind of theft renders two-factor authentication useless, as all messages are re-routed away from the legitimate user’s phone and through the cyber criminal’s phone.
Facebook has made it so that your number can be looked by “everyone” this way by default. So when it comes to restricting who can find your profile this way, users can set search functions to “friends of friends” or simply “friends.” There is not, however, an option for opting out of this type of search entirely. If you want to check your settings — and/or change them — you can do so here.
“When asked specifically if Facebook will allow users to users to opt-out of the setting, Facebook said it won’t comment on future plans,” Zack Whittaker writes in TechCrunch. “And, asked why it was set to ‘everyone’ by default, Facebook said the feature makes it easier to find people you know but aren’t yet friends with.”
This is the second privacy issue that has come up with Facebook two-factor authentication, which is supposed to provide users with more security, not less. The first was in 2018, when the company confirmed that they were using phone numbers provided for two-factor authentication for targeted advertisements. While a spokesperson told TechCrunch that the company is “clear about how we use the information we collect, including the contact information that people upload or add to their own accounts,” it’s doubtful that many users knew that their phone numbers would be used for both ad targeting and for people they might not want to find them to find them.Share this post
Install Tenta Browser Free!
Start protecting your online privacy today with Tenta Browser.