For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that.pic.twitter.com/zpYhuwADMS
Show this thread
-
Using a phone number to sign up for services has been the single greatest coup for the social media and advertising industries. One unique ID that is used to link your identity across every platform on the internet. That is why every startup wants your phone number.
Show this thread
My personal Instagram account isn't linked to my Facebook. But I am the admin of a page on Facebook which now *requires* 2FA and mobile phone numbers (as of 2018).
Here's Instagram ~days~ after giving my phone number to Facebook (for 2FA only) 
pic.twitter.com/ul9wXWMaoH
-
-
Every public WiFi network that asks for a phone number to access it? Shared with advertisers. WhatsApp, Facebook, Instagram? Shared. Phone networks themselves: until last month, sharing your exact location by phone number.https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile …
Show this thread -
It's shocking that this one number is used for usernames, authentication (2FA), advertising tracking, geolocation and more. And it's the same piece of info you have to give to a random plumber to come and fix the boiler.
Show this thread -
Facebook is now looking to sync all your info between services. Why? Data regulation. Delete a Facebook or WhatsApp account after this integration and they'll keep your data, claiming it's used or needed for Instagram. The trend line couldn't be clearer. https://www.nytimes.com/2019/01/25/technology/facebook-instagram-whatsapp-messenger.html …pic.twitter.com/Q6vibJo3x9
Show this thread -
Facebook now defaults phone number search to "everyone". Unless you change this setting, anyone with your phone number can look up and confirm your Facebook profile. Here's where to change it (and no you can't turn it off altogether if using for 2FA) https://www.facebook.com/settings?tab=privacy …pic.twitter.com/PUItHuFZmI
Show this thread -
TL;DR: Login-with-Phone-Number is the new Login-with-Facebook. Easy to track, shared between services, it's the key to invisible mesh of your data. Don't do it.
Show this thread -
Apple should offer unlimited additional phone numbers that work as inbound SMS lines only. Each time a service requires a phone number, iOS could generate a new number. If Apple is serious about user privacy, this is the next frontier. The current one, really.
Show this thread -
When opening Facebook Messenger for the first time, the default action to create a new account is no longer email or username; it’s phone number. The holy grail. The unique ID.pic.twitter.com/f7wPEN9c80
Show this thread -
After logging into Messenger, a prompt appears to share contacts. Continuously feeding Facebook info about all your friends, regardless of whether they would grant this level of access.pic.twitter.com/EVJe3LycwS
Show this thread -
When logging back into WhatsApp it wants the lot: contacts, photos, media and filespic.twitter.com/bAitM2aQjC
Show this thread -
*Not* giving your phone number to FB is a borderline pointless: they have it anyway. If any of your friends accepts to Messenger or WhatsApp accessing their contacts, Facebook knows your number, no matter what you dopic.twitter.com/0t0omI747I
Show this thread -
Oh, and it turns out that Facebook Messenger app no longer lets you log out https://www.facebook.com/help/messenger-app/719351428125983 …pic.twitter.com/xhek48UnuL
Show this thread -
Getting a few Qs about Facebook saying in 2018 it would disable 'lookup by phone number'. I'm no expert on Facebook privacy settings (is anyone!?) but one thing is clear: either the 2018 statement is misleading or the current settings page is misleading https://newsroom.fb.com/news/2018/04/restricting-data-access/ …pic.twitter.com/ZdZsJKo0Aq
Show this thread -
As of March 2019 the settings screen on Facebook reads: Who can look you up using the phone number you provided? This applies to people who can't see your phone number on your profile. (+ the default for me, and many others, was "everyone", despite only providing phone for 2FA)pic.twitter.com/b8BU5TtGP9
Show this thread -
"Don't use phone number for 2FA, use an app" 1. Yes, totally 2. App-based 2FA is too difficult for majority of FB users 3. In my particular instance, FB made a phone number (with verification code sent) mandatory, due to being admin of a large page. This won't apply to everyone.
Show this thread -
Here’s what appears to be happening. When it comes to personal details like phone #, Facebook distinguishes between the terms “look up” and “search”. Using phone # in *search* was disabled in 2018, but not the ability to “look up” up profile https://edition.cnn.com/2019/03/04/tech/facebook-phone-number-look-up/index.html …pic.twitter.com/2smr11HwSM
Show this thread -
Here's what the search/look-up difference appears to mean: What you can’t do now:
enter any phone number to “search” for matching profile/s
What you can still do now: 
Create an address book full of numbers, sync it to Facebook, and “look up” matching profilesShow this thread -
For anyone who provided a phone number for 2FA (and didn't delve into settings to find that "look up" was enabled for "everyone") that theoretically means a bad actor could dump a phone number list into an address book, sync to FB, and find the real names/pictures of all matches
Show this thread -
FB: this isn't new, people have been able to do this for ages https://www.theguardian.com/technology/2019/mar/04/facebook-faces-backlash-over-users-safety-phone-numbers …pic.twitter.com/Ce8PSldqeE
Show this thread -
No matter which prompt appeared on screen, Facebook always considered (and still considers) phone numbers that are added for security to be fair game for other features. Including looking up profiles. You provide your number? We'll use it.pic.twitter.com/op41E4kq8f
Show this thread -
"you idiot why would you give FB your phone number" This won't apply to everyone, but in my specific instance, FB *required* it due to being admin of a large page. After continually ignoring it, a final notice informed me the page would be deleted if no phone number was providedpic.twitter.com/ekCAAeT1H2
Show this thread -
Here's the end goal IMO. I don't even object to it being a goal. But give users a choice to merge or link accounts, and respect their boundaries when it come to personal data. Not doing that makes it difficult for a rational person to trust that *any* info can be kept private.pic.twitter.com/Tw1oUxRjwE
Show this thread -
I hadn't seen this from former Facebook chief security officer
@alexstamos until now. Ugh. (via@lisavaas https://nakedsecurity.sophos.com/2019/03/05/facebook-criticised-for-misuse-of-phone-numbers-provided-for-security/ … )https://twitter.com/alexstamos/status/1101964417544085504 …Show this thread -
Putting "Privacy-focussed" in the headline is a great strategy, but none of the things mentioned stop Facebook knowing who you are, your location, mobile number, who you're connected to, linking this to other data sets, or following you around the web https://m.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/ …pic.twitter.com/UeRRpxWzz2
Show this thread -
I swear I'm not *trying* to dunk on FB at every opportunity, but they sure don't make it easy when accumulating so much data while hoping we get distracted by the public-facing feature set
Show this thread -
Anyone paying attention can easily see FB wants to change the narrative (privacy! encrypt! users!), keep up with user trends (move to stories, group chat, etc), while making no changes to how it grows its huge data set on everyonehttps://twitter.com/zeynep/status/1103754334423183363?s=21 …
So, wow, Mark Zuckerberg published a plan to entrench Facebook, fend off regulatory action, lower costs, shrink scandal exposure, acknowledge realities— and he called it a "privacy-focused vision" while ignoring all the big privacy issues!
My NYT oped. https://www.nytimes.com/2019/03/07/opinion/zuckerberg-privacy-facebook.html … pic.twitter.com/ta8cQNuP8QShow this threadShow this thread -
Facebook owns up: oh you once linked FB to your Instagram account? There’s no way to ever remove that link. Even if you tap “unlink” https://www.wired.com/story/instagram-unlink-account-wont-unlink-facebook/ …pic.twitter.com/0GKZBUcOlW
Show this thread -
Expect to see this reasoning wheeled out every time Facebook wilfully shares your info between Instagram, WhatsApp and FB...even if you never even linked accounts. Too bad if you wanted your Insta or WhatsApp to be private from FB profilepic.twitter.com/eVLEVBZUA1
Show this thread -
One more way for FB to fingerprint your device, if you’re using an Android phone. Wonder if it does this when not logged in?https://twitter.com/wongmjane/status/1167463054709334017 …
Show this thread -
I’m sure FB appreciates having access to one of the most popular phones out there, with no way to uninstall (even better for them if data collection to fingerprint devices works on these phones without logging in)https://twitter.com/jasonhowell/status/1167060661429342208 …
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.