By Gennie Gebhart | 27 September 2018
ELECTRONIC FRONTIER FOUNDATION — Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes — or that users never provided at all — for targeted advertising.
A group of academic researchers from Northeastern University and Princeton University, along with Gizmodo reporters, have used real-world tests to demonstrate how Facebook’s latest deceptive practice works. They found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information.
Two-Factor Authentication Is Not The Problem
First, when a user gives Facebook their number for security purposes — to set up 2FA, or to receive alerts about new logins to their account— that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.) […]