It’s almost too ironic that something that’s meant to be used to increase security can also be used to invade one’s privacy. Perhaps it isn’t too surprising, however, that Facebook is the one doing it. The latest in the never-ending litany of privacy sins involves the already misused phone number you may have submitted for two-factor authentication or 2FA. Not only did Facebook use that for ads, it apparently also made it too easy for someone to hunt you down on Facebook with that same number.
To be fair, the setting in question isn’t actually new, which is why Facebook seems to be downplaying it the revelation. It’s just that no one noticed until now, which implies that Facebook may have been relying on the default setting remaining undiscovered for as long as possible. And that default setting means that anyone with the phone number you provided Facebook can you look you up using that data.
Here’s where it gets a bit tricky. Not everyone provided Facebook that personal piece of information. And those that did may have presumed it would only be used for authentication and nothing else. Of course, if Facebook had enough guts to use that for ads, using it for lookups almost sounds tame.
That’s not the end of it though. As TechCrunch reports, there is no way to make that information private after you’ve given it to Facebook. You can only choose whether it can be seen by Everyone, Friends of Friends, or just Friends. But even if you limited its scope, anyone who has your number will be able to look you up when they upload their address book to Facebook, which is another privacy complaint Facebook faces.
Being able to look up users with just their phone numbers is just the beginning of the journey towards identity theft and scams. Unfortunately, Facebook doesn’t seem at all bothered by it. It seems to firmly believe in the usefulness of the feature in letting people you know find you on Facebook, even if it means people you don’t know will be able to do so as well.