back to article When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

Another week, another Facebook privacy storm. This time, the Silicon Valley giant has been caught red-handed using people's cellphone numbers, provided exclusively for two-factor authentication, for targeted advertising and search – after it previously insinuated it wouldn't do that. Folks handing over their mobile numbers to …

  1. Gene Cash Silver badge

    Google too

    Google has consistently badgered me for my mobile number for 2FA and/or password retrieval.

    Way back when they were offering vanity URLs for Google+ (e.g. plus.google.com/genecash) they would only accept a text asking for it. Of course I found an SMS gateway.

    1. Keef

      Re: Google too

      Might not be too easy in the UK to get an SMS gateway.

      https://www.theregister.co.uk/2019/02/05/gsm_gateway_judicial_review_home_office

      1. JimboSmith Silver badge

        Re: Google too

        There are still payphones that have SMS capabilities dotted around the UK. Plus you can buy a cheap mobile and a PAYG Sim/top up for under £30. No need to give them any information you don't need to - just don't use Facebook.

        1. don't you hate it when you lose your account

          Act like the crooks

          Says a lot when the best suggestion to protect your data on unsocial media is to buy a burner phone. I just want to chat to me dear old mum, not arrange her murder.

        2. Peter 26

          Re: Google too

          Can anyone recommend a cheap burner SIM? They all seem to start at £10 minimum topup. A bit much to create anonymous accounts.

          1. talk_is_cheap

            Re: Google too

            A Three 123 SIM allows for a £5 topup on their website. I now have such a SIM as my second SIM in my phone. You just have to remember to use it every 6 months.

            1. paulf Silver badge
              Alert

              Re: Google too

              Be careful as some PAYG schemes have some really arcane requirements in the Ts+Cs.

              I have an old O2 PAYG SIM which is my "burner phone". It has the usual requirement of a chargeable event once every 6 months (I play safe and make a call rather than risking just a text) BUT it also has to be topped up with at least £10 once every 999 days (no, really). I guess they don't want people topping up £10 and stringing it out over 5+ years.

              As a burner phone you may not be bothered if it does burn because you don't meet some obscure T+C like this but just make sure you can switch accounts that use it to your new burner number without the old now burnt number!

          2. Jamie Jones Silver badge

            Re: Google too

            A THREE sim can receive texts with no credit! I bought one for a quid and once activated (just putting it into the phone) I received a text without spending any more money.

            Yku can get a three sim for free from their website.. dunno if that would work too, but I suspect so (my £1 sim had zero credit on it - I guess the £1 was just for Sainsburys)

            EDIT: How did I stumble into a month old thread?

    2. ratfox Silver badge
      Meh

      Re: Google too

      2FA using SMS is dangerous anyway; nobody should be using it. It's only a matter of time before there is a massive number of accounts stolen, and then security people will as usual be able to say "Told you so"

      1. Anonymous Coward
        Anonymous Coward

        Re: Google too

        "2FA using SMS is dangerous anyway; nobody should be using it."

        It's a good job that credit card companies aren't forcing people into using it to validate some online transactions, then. Oh wait.*

        * As a result of recent legislation ("strong customer authentication"), the card companies are required to take additional steps to validate some online transactions. Rather than implementing this properly with authenticator apps or giving people OTP pads, it seems they're going down the route of "SMS, e-mail, or phone us (but e-mail will go away), and no, there aren't any other options".

        1. imanidiot Silver badge

          Re: Google too

          If the choice is NO 2FA or 2FA using SMS then SMS 2FA wins. It's still a stupid move when better options are already available though.

          1. JohnFen Silver badge

            Re: Google too

            "If the choice is NO 2FA or 2FA using SMS then SMS 2FA wins"

            Not when the phone # you provide is being used by the authenticator for unrelated purposes. In that case, I'd go with "no 2FA" as the better option -- but the actual best option is "delete your account".

        2. LDS Silver badge

          "As a result of recent legislation ("strong customer authentication")"

          My bank used an OTP pad - until they used the "recent legislation" to stop using it, and now you have to use or SMS (+10€/year) or their app - but frankly I don't trust phone security at all, moreover I'm forced to use a phone that can run its app - and its tracking, while with the OTP pad there was no need and they could no track anything else but the transaction.

          And they insist that now is "more secure" - I believe it means "cheaper and with more tracking".

          I'm just waiting for the day their "security" will be utterly exposed....

        3. JohnFen Silver badge

          Re: Google too

          "As a result of recent legislation ("strong customer authentication"), the card companies are required to take additional steps to validate some online transactions."

          But using SMS for 2FA isn't "strong customer authentication".

      2. Colin Ritman
        FAIL

        Re: Google too

        It's still WAY better than 1FA

    3. Fred Flintstone Gold badge

      Re: Google too

      Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.

      THAT is why the use of WhatsApp is pure poison for your contacts: the first thing it does is give their numbers to Facebook - it won't even work if you don't allow it to do that.

      This is why FB asking for your number is just insidious camouflage: they most likely already have it. They just don't want you to realise that.

      1. Stoneshop Silver badge
        Headmaster

        Re: Google too

        Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.

        For values of 'mobile phone' equal to 'smartphone'.

        Tracking my phone[0] is restricted to the people having that kind of access to cell phone tower data. So not none, but severely restricted. And I've yet to see that info being used for advertising by entities other than my provider.

        [0] apparently called a 'feature phone', even though its appeal is its utter lack of features.

        1. Anonymous Coward
          Anonymous Coward

          Re: Cell phone tracking restricted

          Search: A Bounty Hunter Tracked a Phone for $300.

          1. Stoneshop Silver badge
            FAIL

            Re: Cell phone tracking restricted

            Yes? An entirely different kind of tracking that Google et.al. want to achieve: knowing where you are, who you interact with, what websites you visit and what stuff you buy from whom. CONTINUOUSLY. So that they can determine patterns and use that data to sell advertising space.

    4. Anonymous Coward
      Anonymous Coward

      Re: Google too

      But they used it for what else? Clearly you missed the whole point of the post #moron

      1. Anonymous Coward
        Anonymous Coward

        Re: Google too

        Why do you call someone a moron for simply missing a point? It is exactly because we're so quick to label people that they stopped listening.

        Educate, don't belittle. It works more long term.

        1. Colin Ritman

          Re: Google too

          Because he clearly is a moron. This "news" is about abuse of mobile number by Facebook, and he clearly didn't grasp that really simple point, and just fell back to the lame internet moron stance that Google are just as bad (which they aren't, as in my experience, Google do exactly what they state they do, Facebook are the true evil ones, proven now on many occasions).

  2. hitmouse

    Their shadow profile system makes for even more potential to have data slurping out of control.

    In 2008 I uploaded my address book to Facebook. A few months ago before I closed my account I downloaded all my information. I was startled to find that acquaintances from ten years ago that I had not added as FB friends had had all their contact information updated and supplied back to me.

    Anyone hiding from a dangerous ex-partner would nearly need to go off grid and use burner accounts and devices to avoid having their location volunteered by Zuck's Detective Agency.

    1. werdsmith Silver badge

      Yes, slimy shites. If somebody (a friend)has you in their phone contacts and they download the Faecebook app and accept the permissions requests, their contacts and your details are slurped by Faecebook. Some friend they are.

      1. Anonymous Coward
        Anonymous Coward

        Friends like that

        IMO "Friends" sharing your personal data are not friends at all.

        A co-worker not only added my phone to his contacts but full real names, address, spouse, children, including pictures every bit of info they thought they thought made them a caring friend (or something) all without asking or caring.

        Of course Facebook feeds off such ignorance. It isn't a coincidence that those with the most complete contact lists are most likely to have google, facebook, and every other app on all their devices.

        Yes Facebook should be classed as a criminal organization but those willingly feeding them other peoples information should also face consequences.

        1. JohnFen Silver badge

          Re: Friends like that

          "IMO "Friends" sharing your personal data are not friends at all."

          A million times this.

      2. Fred Flintstone Gold badge

        Yes, slimy shites. If somebody (a friend)has you in their phone contacts and they download the Faecebook app and accept the permissions requests, their contacts and your details are slurped by Faecebook. Some friend they are.

        You might want to take into account that most people are utter innocents when it comes to privacy, they're no match for the conniving bastards that will use every psychological trick in the book to con people into giving permission to hand over details they should not share. It starts with roping in kids and establish the habit before they are old enough to judge their actions.

        They're not bad friends, they are simply innocents who have their innocence used against them - the basis of every con job ever.

        That's why you need to help them understand what FB is doing, in a language they can understand. Accusing people of something they're not even aware of is not going to help - we can (and must) do better.

        1. werdsmith Silver badge

          Each one of these contacts slurps without the permission of the people in the contacts is an unauthorised disclosure GPDR breach. Ignorantia juris non excusat

          1. Anonymous Coward
            Anonymous Coward

            Ignorantia juris non excusat

            Although it's nice that you pull in the argument that didn't work in the Nuremberg trials either, the problem is that there are no specific clauses in GDPR et al that address someone's information that was volunteered to a data collector by others about that person.

            GDPR only deals with data directly acquired from a data subject, not with indirect acquisition.

            1. werdsmith Silver badge

              GDPR only deals with data directly acquired from a data subject, not with indirect acquisition.

              That would be a loophole too big and exploitable to ignore so I don't believe that. For an organisation to acquire data indirectly there must be an illegal disclosure somewhere upstream and an organisation has no business using illegally obtained data, the onus will be on the organisation holding the data to demonstrate its permission to use it.

              Anyway, how did the "friend" that disclosed the contact details acquire the contact details indirectly?

        2. JohnFen Silver badge

          "You might want to take into account that most people are utter innocents when it comes to privacy"

          Perhaps incurring the wrath of the friends and family that they've innocently betrayed will educate them.

          1. Anonymous Coward
            Anonymous Coward

            Perhaps incurring the wrath of the friends and family that they've innocently betrayed will educate them.

            You're assuming (a) you'll ever find out, (b) you'll be able to accurately establish who leaked your data and (c) logic and sanity in relationships.

            I've got some bad news for you..

            1. JohnFen Silver badge

              It worked reasonably well for me. I only had to go off on two people in my social circle about including me in any way with Facebook, and now (as near as I can tell), I don't have that problem anymore. Several of my friends and family think I'm being overly sensitive about it, but they respect my stance regardless.

              If I discovered that someone routinely ignores my wishes on this, I would most likely cut them out out of my social circle entirely on the basis that they can't be trusted.

              1. Anonymous Coward
                Anonymous Coward

                If I discovered that someone routinely ignores my wishes on this, I would most likely cut them out out of my social circle entirely on the basis that they can't be trusted.

                I take it you're not married then :). It's a nice idea, but how are you going to stop everyone you're in touch with from adding your number to their WhatsApp infested phone book? The insidious side of this is that it only takes one single person to make that mistake and you're breached.

                That said, there is one instance where IMHO the use of WhatsApp could indeed result in legal consequences: its use in business. We have it barred to the point of it being a sackable offence, but we are in the fortunate position that privacy is our business. If your business is indeed connecting to people because you're in sales, you almost need a separate phone for business so that you only have business contacts. The problem: most people only have one mobile phone for both private and business use.

                All of the above shows that solving this privacy problem on OUR end end up mere symptom fighting. We need to rip out the cause with root and branch, and I for one wouldn't mind ripping out Zuckerberg's root. I take issue with anyone abusing someone's innocence against themselves for profit, and I have seen what can happen to kids and young adults in this context.

                This must stop.

        3. Anonymous Coward
          Anonymous Coward

          You might want to take into account that most people are utter innocents incompetents when it comes to privacy.

          FTFY.

  3. Dan 55 Silver badge

    Sounds like a case for GDPR

    And a fine for 4% of annual turnover. That'll learn 'em.

    1. Jack of Shadows Silver badge

      Re: Sounds like a case for GDPR

      I wouldn't be at all surprised if that becomes just another business expense to Zuck

      1. LDS Silver badge

        Re: Sounds like a case for GDPR

        A 2.3 billion fee would be still not appreciated by investors and shareholders. It's all money they lose. Remember it's calculated on revenues, but paid with profits...

        And that would be EU only - if other countries awake, that could multiply easily.

        Plus the bad PR - some customers (I mean advertiser) could go when they start to think FB is too toxic even for the vampires working in marketing.

      2. katrinab Silver badge
        Devil

        Re: Sounds like a case for GDPR

        If other EU countries do the same, then it is 112% of annual turnover.

        1. FrogsAndChips Bronze badge

          Re: Sounds like a case for GDPR

          108% next month.

          1. Loyal Commenter Silver badge

            Re: Sounds like a case for GDPR

            GDPR is still written into British law, even if the country doesn't come to its senses in time, so the ICO can still decide to pursue the case after March 29th.

    2. Loyal Commenter Silver badge

      Re: Sounds like a case for GDPR

      Yup, mobile phone numebrs are pretty obviously PID, and therefore protected under GDPR.

      They must onyl be collected if there is a legitiamte use for them (in this case for account recovery) and not be used for any other purpose. The data controller (FB in this case) must also gain explicit consent for their use, for each purpose it intends to use them for, which it clearly has not done in this case.

      Time to see which EU country's regulator has the teeth...

  4. Novex

    Well...

    ...we didn't expect this to happen, did we?

    I deleted my FB account many years ago when they started to try and force connection information to be linked to group pages and preventing it being kept in separate 'silos'. No way should any, any company be telling us they will do whatever they want with our private data. We should have final say, always. If laws need to be made to force this to be so, then so be it.

    1. Snake

      Wa-ha-ha-ha!!

      "..we didn't expect this to happen, did we?"

      Of course we did. I've posted it here and on every other forum / internet location I've ever visited. But sheep will be sheep: as long as they keep getting their snacks they'll happily follow their shepherds...straight into the meat processing plant.

      But this is a sign of the times. "Fake news" is anything that they simple don't want to hear - truth is irrelevant over convenience or personal political beliefs. They gladly turn their heads in disbelief of any truth which simply does not pre-align with their worldview. "Capitalist corporations making money = Good", "Government = Bad" has been blindly pounded into their heads, by the very corporatists who benefit from doing such things, and they've swallowed the entire facade lock, stock and barrel.

      Which only proves Goebbels was right all along. Sad to say :(

      1. Novex

        Re: Wa-ha-ha-ha!!

        My first sentence was me being sarcastic... :)

        1. Anonymous Coward
          Anonymous Coward

          Re: Wa-ha-ha-ha!!

          No sarcasm on El Reg, the yanks might read it!

    2. Anonymous Coward
      Anonymous Coward

      Re: Well...

      I deleted my FB account many years ago when they started to try and force connection information to be linked to group pages and preventing it being kept in separate 'silos'

      .. and yet, many have kept their LinkedIn accounts where the same is taking place..

  5. Doctor Syntax Silver badge

    If Facebook is the solution to a security requirement what on Earth is that requirement?

    1. VikiAi Silver badge
      Unhappy

      Monetising faux security?

  6. Anonymous Coward
    Anonymous Coward

    The 2FA isn't really optional anymore either

    After creating a Facebook profile linked to a fresh email address and setting most of the privacy settings it was locked after 2 days for "suspicious activity" to "protect your safety". They then demanded configuring a phone for SMS or installing the app. 2 days later the same thing happened and it demanded submitting a photo. The only account activity was submitting one friend request and joining a group that person set up for a party. The awesome thing is that once locked out there is no clear way to delete the account or opt-out of further use of the information they collected.

    Which is why it was set up on a burner email account and SIM card. People really shouldn't have to engage in spycraft to stay in touch with their family though.

    1. Joe W

      Re: The 2FA isn't really optional anymore either

      Same happened to me. I used an additional cell phone number that noone had, and an email alias. Got locked out after half a day - I uploaded a sanitised (exif header removed) landscape photo. If there are no persons to run their nasty face recognition software against it they don't want it.

      Yes, one can recover the account by sending in a scan of the passport / id-card. Not interested.

    2. werdsmith Silver badge

      Re: The 2FA isn't really optional anymore either

      People really shouldn't have to engage in spycraft to stay in touch with their family though.

      You don’t have to. There are numerous much better ways to stay in touch with your family for the unlazy.

      1. Patrician

        Re: The 2FA isn't really optional anymore either

        Unfortunately there isn't if the family members refuse to leave it.

        1. werdsmith Silver badge

          Re: The 2FA isn't really optional anymore either

          Unfortunately there isn't if the family members refuse to leave it.

          That's why I said "for the unlazy".

          And anyway, they are not cut off to any other means of communication because they use Faecebook.

    3. Anonymous Coward
      Anonymous Coward

      Re: The 2FA isn't really optional anymore either

      It does sound like we're up to something dodgy, doesn't it?

      I had a Facebook account with my real name back in about 2007 for about 3 months before I got worried about privacy and, after a struggle, got it shut down. I opened a dummy one maybe 5 years ago to let me log onto some apps that require it. I used a PAYG SIM I bought for a holiday in Spain, a webmail with no IMAP/POP integration option and an address from a house due for demolition around the block from me (so my GPS didn't give me away) along with my own first name and a surname with the same first letters. I've only ever accessed from the android Tinfoil for Facebook or similar.

      I'd probably make less effort if I was acting criminally, because I don't think the state (in my country) would have the resources to pull that much information together.

    4. Doctor Syntax Silver badge

      Re: The 2FA isn't really optional anymore either

      People really shouldn't don't have to engage in spycraft to stay in touch with their family though.

      Just use the phone to talk to the family instead of using it as a burner to install FB. Famlies kept in touch before Facebook existed and they'll still be able to do so after it disappears from the face of the Earth - which will happen as soon as people realise they don't really need it.

  7. Adrian 4 Silver badge

    I wish I was a member, so I could leave.

    1. SImon Hobson Silver badge
      Big Brother

      Like the Hotel California, you can leave leave. Unlike the Hotel California, you can't even check out.

    2. JohnFen Silver badge

      No, you don't. I left a few years ago, and I still regret ever joining.

  8. Winkypop Silver badge
    Facepalm

    Trump levels of dishonesty and corruption

    The fact that there isn't a stampede away from FB is telling.

    It seems the people enjoy the KoolAid too much.

    I'm proud to have never been a member.

    1. werdsmith Silver badge

      Re: Trump levels of dishonesty and corruption

      There are very few users left outside of chavdom. Unfortunately chavdom is a very big place.

  9. IGnatius T Foobar !

    Block Facebook. Always.

    Facebook's record is so horrible at this point, it isn't even enough to say that you're foolish if you still use the service. Today, you're foolish if you don't take steps to actively block connections to their domains.

    1. LDS Silver badge
      Big Brother

      Re: Block Facebook. Always.

      Today, you're foolish if you have friends/relatives/whatever that use Faceboook - you can block whatever you can and should, still someone else will upload data about you.

  10. eldakka Silver badge

    4 or 5 years ago I struck this problem.

    I had struck up a 'friendship' with a stripper. She was from this town, but had moved to a bigger city. Since she came back 3 or 4 times a year for a week or two to visit family etc, we swapped numbers so that she'd let me know when she came back to town so I could go down to the club and visit her (read: spend some money on her - but I had fun, and knew the limits of the 'friendship', it was a good night out).

    But after we swapped numbers, suddenly my Facebook 'people you may know' suggestions started having all her friends listed in it. It showed her real name, and that of other strippers she was friends with. It turned out that mysteriously, sometime in the past, my privacy setting of "Friends Only" for my phone number, and some option along the lines of "Allow searching on your phone number: Disabled" had reverted back to "Everyone" and "Enabled."

    I was mortified, we had no Facebook relationship or linkage, and didn't intend to have one, but because we had swapped phone numbers Facebook slurped the number from the phones and used that to link us even though there was no intention to be 'Facebook friends'. Since she had already told me her real name that aspect of it didn't matter, but many of her other friends who were strippers hadn't, and I felt like I was invading their privacy by doing nothing other than, IRL, swapping phone numbers with someone.

    Needless to say, I uninstalled Facebook apps and only used browsers to access Facebook (to prevent it slurping that information directly from me), and went and tightened up all my Facebook privacy permissions again because I had them all at pretty much maximum privacy years before, but many of them had mysteriously (not really, it was Facebook 'updates' that would have done it) become more open.

    Then I just gave up on Facebook entirely, I haven't used it in over 2 years now, and I don't miss it at all.

    1. Dan 55 Silver badge

      Tinfoil/Metal/Folio or another wrapper?

      1. Dan 55 Silver badge

        Judging by the downvotes, in case people have misunderstood that, these are names of android apps which allow access to Facebook without the Facebook apps' tentacles in your phone. They are wrappers for the website with no contact or phone number permissions, and do not share cookies with the Android browser.

        Hence useful if you 'must' use Facebook from your phone.

        1. Doctor Syntax Silver badge

          "Judging by the downvotes, in case people have misunderstood that, these are names of android apps which allow access to Facebook without the Facebook apps' tentacles in your phone."

          More likely they understood that. The downvotes would have been for the notion of using Facebook at all.

  11. LDS Silver badge

    And they have all those phonebooks nice data anyway....

    ... do people still think that phonebook harvesting apps are harmless?

    How many data Facebook has about people who never accepted to have those data used by Facebook? Is it legal, especially under GDPR - a third party can't consent to have my data collected.

    However, I pointed out several time that allowing data harvesting companies to use a phone number for 2FA or whatever was a big privacy risk, phone numbers are very good unique identifiers.

    1. whitepines Silver badge
      Unhappy

      Re: And they have all those phonebooks nice data anyway....

      However, I pointed out several time that allowing data harvesting companies to use a phone number for 2FA or whatever was a big privacy risk, phone numbers are very good unique identifiers.

      Of course they are. Our illustrious government ensured that for "national security" reasons each phone number is uniquely linked to a specific individual (to the point that it's fairly unsafe to lend someone your phone -- they do something nasty with it, you go directly to jail).

      This rot started a long time ago, Facebook just found a way to monetize it. Pushing back may involve more than just the GDPR; the overall rights to privacy probably need to be enhanced. But who's going to do that, such double plus ungood speak about limiting power might just allow us to be voted out of office help criminals don't you know?

    2. SImon Hobson Silver badge

      Re: And they have all those phonebooks nice data anyway....

      How many data Facebook has about people who never accepted to have those data used by Facebook? Is it legal, especially under GDPR - a third party can't consent to have my data collected.

      It wasn't legal before GDPR, GDPR hasn't actually changed anything in that respect other than the potential penalties.

      Under GDPR and earlier UK & EU data protection law, you would need the informed consent of EVERY other person before uploading their contact details (via a phonebook slurp) to the likes of FaecesBorg. To think that FaecesBorg weren't aware of that but just figured the potential costs were less than the realisable profits would be naive to say the least !

      Under GDPR the penalties are such that FaecesBorg won't be able to ignore them forever, and when they find that the law does apply to them then they'll find their business model is dead. There are already cases that have been started, but it'll take some time for them to work their way through the system of various tribunals, courts, appeals etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: And they have all those phonebooks nice data anyway....

        Under GDPR and earlier UK & EU data protection law, you would need the informed consent of EVERY other person before uploading their contact details (via a phonebook slurp) to the likes of FaecesBorg. To think that FaecesBorg weren't aware of that but just figured the potential costs were less than the realisable profits would be naive to say the least !

        Actually, no. There are zero provisions in GDPR that prevent a data grabber from obtaining people's information from OTHER people, nor is there any provision to force them informing people so affected that they grabbed their data. That is the big fat backdoor that WhatsApp has been using for years.

        1. Doctor Syntax Silver badge

          Re: And they have all those phonebooks nice data anyway....

          I don't know where you're based but here in the UK the current DPA, which enforces as much of GDPR as HMG decides it can't avoid, is actually the third (unless I missed one along the way). It tightens things up and increases penalties but the principles of data protection have been in place in legislation since the 1980s. I assume thinks are much the same for the older members of the EU and also for the new members but possibly with a shorter time-frame.

        2. SImon Hobson Silver badge

          Re: And they have all those phonebooks nice data anyway....

          <emThere are zero provisions in GDPR that prevent a data grabber from obtaining people's information from OTHER people</em>

          Wrong. Unless they have another lawful basis for processing (which would not apply here), then the data processor MUST have the consent of the person to whom the information relates. It does not matter where they get that data, they must have the consent of that person.

          So if another person uploads their contact list with my details in, the data processor (in this case, FaecesBorg) would be breaking the law to use it.

          If that wasn't the case, then it would be really easy for everyone to use these "got it from someone else" techniques to sidestep the law. But GDPR is clear on this - if a data processor gets information from a 3rd person, they must be able to show that they have the necessary processes/controls in place to be sure that that 3rd party did legitimately obtain the data and the data subject gave their informed consent for it to be shared.

  12. revenant Bronze badge

    It needs to be shared

    It's probably futile to do so, but this needs to be shared with the many people who don't read technical journals. I wonder how long the post would survive if I shared it on Facebook?

    1. BebopWeBop Silver badge

      Re: It needs to be shared

      Probably reported as child porn with the fibs being handed a list of all details/links to the user - getting in their retaliation pdq

  13. Milton Silver badge

    Proposing the New Interactive Model

    Internet ads have a feature that previous types didn't.

    Paper, radio and TV ads all required you to remember something, to be latently influenced. The effect was either subtle—subconscious reinforcement of brand awareness, more readily noticing 'Acme Inc' next time you saw the name—or direct, making you want to go and buy the great new product which the ad was selling. But you were rarely in a position to act immediately; to show an instant response.

    The net is different, since you can click the link and buy the product—or: you can demonstrate your response by some other method.

    So I propose that from now on, internet advertising is regulated to ensure that as well as being able to click on the 'Buy Now' or 'See More' link, there is also one labelled 'FOAD'. The law will require that the ad displays the number of FOAD clicks when it is shown, but, more importantly, the company in question is charged 1p/1¢ in extra taxation for each occurrence. The money raised will go directly into a national special educational fund, to be spent exclusively on improvements to schools, learning materials, teachers' and lecturers' salaries.

    We'd need to solve the problem of robots, of course, but that aside you now have an excellent and effective way of making sure that internet advertising has to seriously improve.

    Do you know why TV ads during Superbowl are of vastly better quality than the witless drivel vomited out by commercial radio? Because the former is expensive, of course. Radio ads are cheap as chips, which is why they are simply awful. Internet ads are even cheaper, which is why they occupy the very bottom of the quality sewer.

    So now we are using the interactivity of the internet to ensure that bad ads are punished, that advertising generally becomes more expensive so you'll start to see better ones, and money incidentally generated by bad ones goes towards a critically important cause: education. Crappy advertisers go out of business. You see better ads.

    All you have to do is press the 'Fsck Off And Die' button ...

    .

    Radio: Embarrassingly poor fake-Scandi accent drones on for 30 seconds about yet another dreary car, telling you how little it will cost; followed by a hasty babble with the usual rhyme "Terms and conditions apply, all the above was a lie" as someone else explains the real cost is twice as much. Does this transparently deceitful garbage work on anyone?

    1. LDS Silver badge

      "better quality than the witless drivel vomited out by commercial radio?"

      Don't know about US, which for what I can see from abroad has a large number of low quality ads, but here radio ads have to be smart enough to keep the listener "engaged" - but a lot depend on the target.

      1. Doctor Syntax Silver badge

        Re: "better quality than the witless drivel vomited out by commercial radio?"

        here radio ads have to be smart enough to keep the listener "engaged"

        If I find that all ads are smart enough to result in the radio being flipped over to a Beeb programme, usually Radio 3.

      2. JohnFen Silver badge

        Re: "better quality than the witless drivel vomited out by commercial radio?"

        Here in the US, the quantity and quality of broadcast advertising became intolerable years ago, and are why I stopped watching TV or listening to the radio entirely.

  14. Chris G Silver badge

    Who cares?

    The Zuckerborg certainly doesn't.

    He has at least 82 billion reasons why, that's an average of $40 a piece stealing data from his members.

    The most successful Nosy Parker ever.

    1. Mephistro Silver badge
      Flame

      Re: Who cares?

      Yep, totally agreed. And this is a good reason for adding fines and prison terms for the high executives, on top of the fines for the company as a whole. The risk of having to expend 10 years in a prison, separated from all that money and luxury, would probably improve Mark's -and the rest of the incumbents'- moral fibre a lot.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who cares?

      That's why I am personally for mandatory jail time for such people, or a multi-day stay in a pillory surrounded by rotten fruit and eggs for anyone to use (with free masks to prevent later retaliation - privacy matters here too).

      Financial fines have zero effect at that level, they just become an accounting problem.

  15. Hans 1 Silver badge
    WTF?

    They already have lots of phone number/contacts combinations with WhatsApp ...

    cf title

  16. Anonymous Coward
    Anonymous Coward

    Possibly Microsoft too

    I'm having an interesting thing happen with my Live account, only used for Visual Studio 2017. After a few months of a new Live account, suddenly it's blocked for "Potential Spamming", and I have to unblock it. To do that, I find out I have to add in my Date Of Birth and my Mobile Number...and when I get in there the account says it's brand new and has clearly not been hacked, or used for anything other than running and registering VS2017 Community Edition.

    As a result, I defend against what I see as a clear attempt at a data grab by creating another Live account every time they "Ban" me. Basically if a company isn't going to be forthright about what it's planning to do with my data, I try to give them as little as possible. So all hail Homer Kwyjibo (just deceased) and my new alter ego Marge Samson.

    1. FrogsAndChips Bronze badge

      Re: Possibly Microsoft too

      and eBay.

      Whenever I login, they ask me to confirm my mobile number (not sure where they got it in the first place). I always reply 'Maybe later' as I don't want to lie 'I don't have a mobile number'. My profile information has no phone number.

      Last month I made an order. A few days later, I get a text from DHL informing me of a planned delivery. So DHL got my number from the vendor. Now who did the vendor get my number from?

      1. Doctor Syntax Silver badge

        Re: Possibly Microsoft too

        "Now who did the vendor get my number from?"

        Possibly from another vendor (not necessarily on ebay) to whom you gave your number in the past. DHL the match it up with your address.

        Given that delivery drivers frequently have problems reading a house name written in 6" high letters beside the gate I find it useful that that happens.

      2. Loyal Commenter Silver badge

        Re: Possibly Microsoft too

        Now who did the vendor get my number from?

        Paypal?

      3. JohnFen Silver badge

        Re: Possibly Microsoft too

        "I always reply 'Maybe later' as I don't want to lie 'I don't have a mobile number'."

        Why not?

  17. Tigra 07 Silver badge
    Devil

    "Following online outcry over the weekend, a Facebook spokesperson told us today: "We appreciate the feedback we've received about these settings, and will take it into account.""

    Translation: "We hear you. We don't care. We don't even care enough to write a proper response, or stop harvesting phone numbers for advertising. Now fuck off and look at some more ads."

    1. SImon Hobson Silver badge

      Translation: "We hear you. We don't care.

      Translation: "We need to hide things better in future". There, fixed it for you.

    2. Eddy Ito Silver badge

      TLDR; "FYTW"

  18. J4

    At what point do the employees wise up ?

    FB is starting to lose the perception battle, just like the tobacco firms did. It's a long slow process but you can feel it in the air - reporting turns negative, they've become the punchline to jokes, politicians are jumping on the publicity opportunity, legislation is targeted against them.

    In other industries this led to problems with hiring. Staff and potential staff didn't want to be asked round the dinner table about their new job in cigarette design or animal testing of cosmetics. Ethical people turn them down until the firms can hire only the sociopaths and the desperate and the unethical, rather than the smartest and best qualified for the role. That then leads to a decline in corporate performance and a slow spiral into irrelevance.

    Are we there yet ? Do FB staff avoid admitting that's who they work for ? Are people turning down a FB job offer because of peer and family pressure ? Feels like not quite yet but right on the cusp. So do your bit. Put off everyone you know from ever contemplating taking FB's tainted money.

    And are you responsible for advertising spend ? If so then move your dollars away to other channels. I know that's difficult while the duopoly has such a tight grip, but that will only change when you change, so do it today.

    1. imanidiot Silver badge

      Re: At what point do the employees wise up ?

      While I can only applaud the eventual and inevitable decline of the Borg, I am fearful of what Facebook would do with their data when that decline hits. You can be damn sure they'll continue monetizing it to whomever will shovel money through their doors.

      1. Dan 55 Silver badge

        Re: At what point do the employees wise up ?

        You can be damn sure they'll continue monetizing it to whomever will shovel money through their doors.

        Aren't they doing that already?

        1. imanidiot Silver badge

          Re: At what point do the employees wise up ?

          The data is currently mostly kept inside the Borg. They don't sell the full data set, just certain processed data. They mostly just sell the processes.

          But what happens when the bottom of the barrel starts getting into sight and someone promises buckets full for all the data? Facebook is already concerning in what they do with the data, but I'm afraid some other companies might be downright scary.

          1. JohnFen Silver badge

            Re: At what point do the employees wise up ?

            "Facebook is already concerning in what they do with the data, but I'm afraid some other companies might be downright scary."

            I think Facebook is downright scary.

    2. this

      Re: At what point do the employees wise up ?

      Nick Clegg...

    3. nematoad Silver badge
      Go

      Re: At what point do the employees wise up ?

      "...the sociopaths and the desperate and the unethical..."

      Well done, you have just described the highest levels in the Facebook organisation!

    4. JohnFen Silver badge

      Re: At what point do the employees wise up ?

      "Do FB staff avoid admitting that's who they work for ? Are people turning down a FB job offer because of peer and family pressure ?"

      We'll be there when having Facebook in your work history makes it more difficult to find work elsewhere. That's a trend that I'm already seeing that start of.

  19. hoola

    Here we are again

    Yet again this corrupt company has done something totally unacceptable. Just what does it need to issue a "Take Down" or stop the trading.

    If this were a bank the license would be revoked, or even a traditional bricks and mortar company they would probably be bankrupted.

    Just because this is tech, anything goes and any enforcement from government agencies takes years and is largely impotent. This is a fast moving, rule bending, and bluntly downright dishonest bunch of crooks that need locking up. It appears that just admitting "we have done this" makes it all right.

    Zuck and the top execs need to be in court.

    Fines need to really hurt

    The company needs breaking up

    1. Anonymous Coward
      Anonymous Coward

      Re: Here we are again

      I suspect that the first thing a data correlation outfit does is digging up dirt on its opponents. If the opponent is honest, a smear campaign is easily amplified through their means of manipulating what people see and the search results they get.

      It gets kinda hard enforcing laws against companies that can blackmail you outright, IMHO these outfits have become the mafia of the digital world. "Nice website you have there, would be a shame if it no longer showed up in our search results or newsfeed" - just an example.

    2. Chris G Silver badge

      Re: Here we are again

      Why would any government agencies want to enforce anything that would bring down what s probably one of their first ports of call when they want to start investigating somebody.

      The data that Faecebook holds is a wet dream for most goverments and I'm sure they wil have access o anything they want .

      For a price.

  20. This post has been deleted by its author

  21. Anonymous Coward
    Anonymous Coward

    Facebook 2FA asks for smartphone number even if using a non-smartphone second factor

    Even if you are using a TOTP app or a U2F device Facebook still insist on a mobile phone number.

    They are not the only website to do this. From memory LinkedIn and Microsoft does the same.

    1. Anonymous Coward
      Anonymous Coward

      Re: Facebook 2FA asks for smartphone number even if using a non-smartphone second factor

      Google has been trying it too. You know, the outfit that wants you to install a black box in your browser if you do NOT want to be tracked?

  22. Anonymous Coward
    Anonymous Coward

    Where's Nick Clegg when you need him?

  23. royprime

    I've a facebook account that I probably check once a month or so for updates from old friends, but apart from that don't bother with. I've never put any address details or phone details in, so every time I do bother to look it always reminds me to "add a phone number etc". Fat chance Zuck, if they close it without having any details on me I don't exactly lose anything.

    1. Doctor Syntax Silver badge

      "I've never put any address details or phone details in"

      I don't think you need to.

  24. Harry Stottle

    The Age of Surveillance Capitalism

    The latest media hyped response to this syndrome is Shoshana Zuboff's "Age of Surveillance Capitalism (etc)"

    Downloaded the Intercept video podcast yesterday and listened to it last night (watching isn't necessary). Its a dual presentation with her and Naomi (Shock Doctrine) Klein.

    Obviously I was sympathetic to their overall message but it was hardly news to any Reg readers, especially those of us who have been punting the "Privacy=Security" message since the tail end of the last century. And they're a bit short of technical grasp, which is forgiveable. It's not their field.

    However, they were making a particular argument which I can only label as classic conspiracy theory and which even I, who recognise and preach the dangers of GooMazonSoftBook et al, found a bit of a stretch. And I don't know whether its the phase of the moon or this story which has pushed me over the edge, but this morning their analysis feels a whole lot more plausible.

    Short version: They all started out with good intentions. Google, in particular, professed hatred of advertising and proclaimed it as a threat to the net. They also recognised the horrendous potential for intimate surveillance and set their pitch against that, most famously with their (now retired) "Do No Evil" mission statement.

    Then came 9-11

    And all plans to improve privacy protection (from legislators and businesses alike) were rolled into reverse. This (conspiracy alert) was orchestrated by the TLAs; who realised that private companies could get away with things they could not because (believe it or not) the TLAs were more accountable and couldn't ignore the constitution. Private companies could.

    So, viritually overnight, the nascent talk of privacy protection became talk of the need to invade your privacy for your own - and the nation's - protection.

    All the politicians had to do, to complete the coup, was to legislate mandatory reporting on demand, of any private data, the TLAs wanted, by those private companies; who were also granted huge leeway to get on with scraping all the private data they could eat. Add on the mythical oversight by the judicial rubber stamping process and you've squared the circle. You've introduced the Stasi-Panopticon 2.0 into what citizens laughingly think of as liberal democracies and nobody but us weirdos has even noticed or, if they have, don't realise they are now reverted to Serfdom with its new name - "users".

    The book has already made a big splash. Be interesting to see if it can "wake" the "users" out of their soma inspired complacency.

    1. Harry Stottle

      Re: The Age of Surveillance Capitalism

      wry note for the tinfoil hat brigade.

      After writing that obviously enthusiastic support for Zuboff's analysis, I decided to throw caution to the winds and buy her book. (kindle version if you care). Accidentally found myself on Amazon.com (instead of .co.uk where my account resides) Was confronted with the unsurprising news that it is already the "#1 best seller" but this was accompanied by the somewhat less expected news that "This title is currently not avaiable for purchase" - which makes its #1 best seller status something of a miracle.

      There's almost certainly a non conspiratorial reason for the current block on its sale. I'm sure even the TLAs don't have the clout to suspend a title on Amazon (not, at least, without the judicial theatre of a court injunction) but it did add some flavour to the moment.

      Happily, the UK site let me buy it.

      1. Doctor Syntax Silver badge

        Re: The Age of Surveillance Capitalism

        "This title is currently not avaiable for purchase"

        As per a considerable percentage of "hits" from Amazon searches.

  25. gnarlymarley

    windows virus

    Wow, now the windows fake lying virus people can connect to you on facebook, all just because they called you. There is a reason why facebook, google, yahoo, and anyone else that tries these tactics will never have my phone number.

  26. Fred Flintstone Gold badge

    For Facebook, this is mere camouflage

    (I'm repeating a comment I made earlier, just putting it in its own thread).

    Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.

    Facebook owns WhatsApp, which is pure poison for your contacts: the first thing it does is give your entire address book to numbers to Facebook (it won't even work if you don't allow it to do that) WITHOUT needing to ask their permission.

    Facebook asking for your number is thus just insidious camouflage: they most likely already have it. They just don't want you to realise that. I really don't buy it that they have not cross-linked those databases already, after all, there's money in it.

  27. Stoneshop Silver badge
    Pirate

    Don't hold your breath.

    Indeed. Holding Zuckerberg's breath is the much better option. Half an hour minimum.

  28. Elfoad Regfoad

    So whats the solution?

    I want 2FA or even places I don't really need 2FA, some ask for phone numbers. I don't want to give our my number, but they simply won't let me create accounts. Even places that say they do landline auth (eg Ebay), it doesn't actually work. So what are my options?

    I can get multiple numbers, an ensure only 1 profile (email account etc) get ever tied to that account.

    The problem is then I will need multiple phone numbers, which I am sure cops/government will assume as I am up to no good. Also how many phones do I need?

    In any case I will have to maintain a x number of phone, if one of them times out and I lose the number, when I come back to recover an account in say 5 years I won't have the phone number!

    1. Doctor Syntax Silver badge

      Re: So whats the solution?

      "So what are my options?"

      Refuse to do business with most of them. You don't need to set up an account if you walk into a shop to buy something. Why should you need to set up an account to make a one-off or occasional purchase online? Just set up accounts when it makes sense.

  29. JohnFen Silver badge

    Facebook or not

    Facebook is a vile company who will continue to abuse everyone until the day they go out of business. No surprise there.

    "Users have the option to remove their phone number from their account, though that would preclude using it for account recovery."

    Which they should absolutely do. Not just with Facebook, but with all 2FA. Nobody should be using a cell phone as part of 2FA, whether it's Facebook's system or anybody else's.

  30. Anonymous Coward
    Anonymous Coward

    Isn't it illegal in the UK for a business to gather personal information for a specific purpose and then use it for a completely different purpose?

  31. GrapeBunch Bronze badge

    Dys-FoBia

    Here in Canada, I have not been required to give a phone # to maintain a fb account. Of course, I wouldn't. I'd rather abandon the account. Canada might be different, because for historical reasons not everybody has a mobile.

    There are (at least) two identificatory (not a word, according to the spellchecker) universes: phone numbers and e-mail addresses. FB tricking you to give a phone # allows them to unite those two universes. It is pure gold for whatever nefarious purpose they have in mind. I would not worry so much about what they have done with a phone number. Rather I would worry about what they can and will do with it. Yeah, of course the home address and the passport number and the social insurance number are also identificatory universes. I'm sure they'll get to those! In a unificatory way, for themselves.

    LinkedIn ransacked my gmail contacts. Don't recall ever giving them permission.

  32. Anonymous Coward
    Anonymous Coward

    Don't believe a word they say

    Talk about a completely untrustworthy company. I no longer believe a word of what they say because they constantly abuse our trust. They think they can just keep saying "sorry" time after time after time and it's all ok.

    It's time some heads rolled at facebook.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019