Facebook is using 2FA phone numbers to target ads

Cal Jeffrey

Posts: 4,152   +1,416
Staff member
WTF?! Gizmodo reported on Wednesday that it appears Facebook is using "shadow information" to target advertising to its users. Today Facebook confirmed that it does indeed use 2FA numbers to target ads to users. Don't worry though, you can opt out by not using 2FA.

A couple of days ago Gizmodo participated in an experiment with a security researcher to see if it could target an ad to him using his phone number, and it worked. Alan Mislove had a theory that Facebook was using “shadow information” to target ads. Shadow information would be any data that is supposed to be held private between you and Facebook, like your two-factor authentication (2FA) phone number.

This is not to say that Facebook is giving the phone numbers out, but instead, it receives lists from advertisers and matches them up to contact information it already has on file to target the ads. Mislove’s theory was that the company was not only using contact info in profiles, but also private security information, and the experiment seemed to prove it.

"We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts."

Indeed, TechCrunch confirmed on Friday that Facebook does, in fact, target ads to users' 2FA numbers. A Facebook spokesperson indirectly admitted that the social media platform does this. When asked if they used 2FA numbers for targeted advertising, the representative said the following:

“We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”

The spokesperson also indicated that the only way to opt out of this type of targeting is not to use 2FA on Facebook.

It is one thing to advertise using information willingly entered into public profiles for advertising. It is something users agree to when signing up for the service. However, targeting ads to numbers provided solely for security purposes seems a bit low even for Facebook’s standards.

It is highly unlikely that this practice will continue now that it has been exposed. The backlash from the security community and users is bound to be loud. So I won’t be surprised when Facebook announces that they have changed this practice.

Permalink to story.

 
And that's why you're out of your mind to give ANYONE your ph#, real name or address online. When your most private data is being sold to anyone and everyone you are exposing yourself to every sort of cybercrime. And WHEN your identity is stolen or the like, don't bother crying to Facebook about it - you provided that info willingly.
 
Sadly, majority of people don't care even if they know this therefore this behavior will continue.
 
Facebook hits a new low...
Personally, I would be surprised if this is the worst that we will yet hear from fakebook. The main problem in the equation is that people still use fakebook and that fakebook does not give a :poop: as long as they can monetize usage of their platform. IMO, this is way beyond simple greed.
 
Back