Rogue Facebook apps can now access your home address and mobile phone number

Filed Under: Data loss, Facebook, Mobile, Privacy, Rogue applications, Social networks, Spam

In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Request for permission to access home address and phone number

I realise that Facebook users will only have their personal information accessed if they "allow" the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this.

Facebook is already plagued by rogue applications that post spam links to users' walls, and point users to survey scams that earn them commission - and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.

Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

The ability to access users' home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users' profiles.

You have to ask yourself - is Facebook putting the safety of its 500+ million users as a top priority with this move?

Wouldn't it be better if only app developers who had been approved by Facebook were allowed to gather this information? Or - should the information be necessary for the application - wouldn't it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?

It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends.

My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now. While you're at it, go through our step-by-step guide for how to make your Facebook profile more private.

If you're a Facebook user, you should also consider joining the Sophos Facebook page where we regularly discuss how you can use Facebook more safely, and warn of the latest scams and internet attacks.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Update: Judging by reactions on Facebook and Twitter, I'm not alone in finding this new ability for Facebook apps concerning. Here's an example of how one user has responded:

Update: Facebook has temporarily rescinded this new option to further improve its clarity to users.

, , , , , ,

You might like

110 Responses to Rogue Facebook apps can now access your home address and mobile phone number

  1. John Sweeney · 1726 days ago

    This will turn into a big issue with Facebook as it will put not only regular users at risk but celebrities, military, politicians & kids just to name a few.

    Also who is to say current developers cant turn around and ask for the same information to be made available to them. With almost 600 million users this can turn into a gold mine for the developers and to 3rd party companies and I have a feeling for Facebook as well who has shifted fully from being a social site to a data collection site.

    I really feel that this bad decision Facebook has made will be reversed but only if the public and government officials really press them. If they dont feel any pressure then they will do what they want. Do you really think Facebook would be able to get away with this if they were a public company, I think not. Now you see why they are resisting that.

    All the major news agencies will be picking up on it and there will be a big show on The Facebook & Zynga Podcast Monday at 6PM Est on Blogtalk so this may help them change their mind.

    • Dave Nattriss · 1726 days ago

      What's the problem with current developers *asking* for this information? The user can still say no!

      All sites offering user accounts are data collection sites, not just Facebook.

      What exactly are Facebook 'getting away' with? They are now allowing users to authorise apps to access their phone number and physical address. They are also allowing users to refuse apps from having that information. Freedom of choice.

      • question: does an existing app someone is using need to get further security approval from a user to take advantage of this new information? ie. do they default to not have access to this info if the user was already using the app before this announcement

        hint: the answer better be yes.

        • Dave Nattriss · 1724 days ago

          Yes, they have to ask the user for the new extended permission (to access their contact data) whether the user is new or existing.

          Hence why this whole story is just scaremongering.

          • allgood2 · 1724 days ago

            The story isn't scaremongering. The points are:

            One) that the new interface for people to agree to provide this information, looks exactly like the old interface and people click without knowing what they are agreeing to…

            Two) its all or nothing. There is no option for installing the application without providing the 3rd party the data, the way the current dialog is setup. You either accept or don't install…

            Three) it's not just the collection of data, that people are complaining about, its the trust. If I give my personal information to Google, Amazon, Apple, or even Starbucks—I expect that information to stay with that vendor or for there to be adequate and relevant notice if that information is to be shared elsewhere.

            For me that means, at the time of use, at the time of purchase or at the time of install. I also prefer options like at PayPal or Amazon, where they inform me that the third party wants the additional data and I can decide then whether or not to give it to them. Repercussions for not providing it can be listed as well, for an informed decision.

            • Dave Nattriss · 1722 days ago

              1) Eh? 'Exactly' 'like'? Contradiction there. Either it's the same or it isn't. And we know that it's isn't. People know exactly what they are agreeing to if they simply read what is shown to them before they click.

              2) So how does that make this not scaremongering?

              3) What's the problem? The information *does* stay with Facebook unless you authorise otherwise.

              If you're signing up for an app, be it on Facebook or wherever, you will have decided to install it before going to install it, so you should be aware of what it will do. If not, why are you signing up for it?!

    • Christine Vega · 1722 days ago

      This is really scary! How the hell is this even legal?!?!

  2. maatmouse · 1726 days ago

    This is only an issue if you put your home address and phone number on the facebook profile.Just keep it off. And don't put where you live on facebook either. Or your relationships with anyone. Your information is private: don't advertise it.

    • Good point. Even better use one of those numbers that women give out when they want to blow off male advances without the hassle.

      • Dave Nattriss · 1725 days ago

        What's the point of that?! Your friends will then have the wrong number for you showing up in the Facebook-linked phones and on the site itself.

        • Courtney · 1725 days ago

          Dave: Any of my friends who get my phone number off of Facebook (as opposed to asking me for it?) are quite welcome to call the wrong number.

          • Dave Nattriss · 1724 days ago

            What does that mean, sorry?

            If you make your phone number available to your friends using Facebook, then surely you are doing that because you want them to find it there (as opposed to bothering you for it whenever they might need it)?

            If you don't make your phone number available to your friends using Facebook, you have nothing to worry about!

    • jasonhillpdx · 1725 days ago

      Actually, this is only an issue if you use FB apps. Stop using apps and your info won't be available to the.

      • Dave Nattriss · 1724 days ago

        Or just be careful about the apps you use, just like you would be careful about where you shop, where you eat, where you drink, where you hang out, who you talk to, where you go on holiday etc. etc. etc.

    • foobar · 1724 days ago

      While you're at it, don't put what country you are from, or what you ever actually do, or who you even are either. Just to be on the safe side, just open a Facebook profile and leave it blank forever.

  3. zuzu · 1726 days ago

    hell yeah! I am setting my phone number to audiotex!

  4. One of the crucial elements of Privacy is the ability to make an informed decision. Concerning the information being requested I think it is Facebook's responsibility to OVERTLY (bold red type) REMIND users that they take no measures up front to screen the legitimacy or trustworthiness of third party apps EVERY TIME THE INFORMATION IS REQUESTED.

    • Dave Nattriss · 1726 days ago

      You can click on the name of the application to find out more information about it - hyperlinking is the way of the web.

  5. johan · 1726 days ago

    Or even more private: Don't install the apps, but allow your friends to see your contact info.

    • Dave Nattriss · 1724 days ago

      Sure, though you'll miss out on the good apps (there are some!). Best policy is just to be sure of everything you do/click/add/install/allow/authorise.

  6. androidposts · 1726 days ago

    Don't get it the problems.

    You're making an informed decision, just like the Android permission system. Some apps will need your address / name, and you can always decide "hey, this app shouldn't need this" and not install. Say for example, you want to install a shopping app. It needs to know where you live in order to ship things. you could enter it 5-10 times / every time it needs it, or you can let it access your info.

    It's right there whenever users install apps. I keep mine to a minimum. It's actually devices / sites that do *NOT* offer a permission based system I worry about. God knows what the site / device is doing (especially your smartphone); they can get your contact info / sms text / etc., without you knowing.

    But that's what most people want, and they don't care about their own privacy.

    Not my problem.

    • Glenn · 1725 days ago

      "Not my problem."

      It should be. Yes, YOU know better than to allow an app to access your information, but can you say the same for every one of your Friends? Especially those who have YOUR information and have uploaded it to THEIR page in the form of an address book or otherwise?

      If they have, your information is out there, whether you have given specific permission or not. Your Friends can screw you, whether intentionally or unintentionally! IS your problem!

      • Dave Nattriss · 1724 days ago

        Eh? Facebook doesn't allow your friends to share/upload your physical address or phone number(s) on their page/profile/account. Do you actually know what you're talking about?

  7. Theta · 1726 days ago

    Seriously going to be removing myself from facebook if they continue on this path.

    • Dave Nattriss · 1726 days ago

      What path? Allowing users to control their data in the most granular way? I'm very happy that they're on that path.

    • Andrew · 1725 days ago

      Diaspora, despite a lame name, looks promising as an alternative to Facebook, although it's not ready yet.

      • Dave Nattriss · 1724 days ago

        The data will be distributed on Diaspora, as opposed to centrally held, but it will have just the same privacy permission/authorisation issues as Facebook. Users will still need to authorise the user of the data to third parties, and can still gloss over the 'small print' should they choose to.

    • Anon · 1725 days ago

      if it was in the public domain at some point odds are ur data is already 'out there' - cached, backed up or recorded as a snapshot - it is almost impossible to remove information these days the only question is how much is it really worth to retrieve it.

      Personally I find photo tagging worrying.... in a few more years we will be able to rapidly and cost effectively compare facial features in a database to cctv feeds allowing identification for in store marketing or worse....

    • Arctic Nerd · 1724 days ago

      Why does anyone really need Facebook? Depends on who you are, where you are and why you're using it. But...If it is a danger, then you shouldn't use it. Right? I'll bet less than 1% of users even know what privacy means until it is too late. They just don't think about it and if they read something bad about it they don't think anything will happen to them. Like teenage boys are invincible.

      Despite the fact Facebook may be useful to me, I just don't want to risk taking any kind of chance. My privacy is already compromised by living for more than 50 years in a society where information was not shared at all. Now my bank and credit card companies know more about me than I do. The credit card cos know where I am, where I'm likely to be (if I buy plane tickets), what I like to buy and what time I often do shopping. With all the information I've had to give to associations, insurance cos, auto clubs, etc, I really have no privacy at all. Even websites I visited years ago have been bought by places like Facebook.

      So you can't count yourself out. But you can get out before more happens. But I won't be going back to only using cash anytime soon.

  8. beep · 1726 days ago

    If you value your privacy, GET OUT OF FACEBOOK, now!!!! You will also find that you have a whole lot of time suddenly freed up in your life!

  9. sdfs · 1726 days ago

    They've been following the same path for years now, Theta.

  10. Sara · 1726 days ago

    I am curious, If you have your address and phone number set as "only me" can those apps still access them? A lot of us have our cell numbers on FB to get alerts or we use Facebook Mobile. Also if these are set to "friends only" do the apps have access? Does it have to be set to Everybody to have access???

    • Dave Nattriss · 1726 days ago

      Apps can only access the data you allow them to access. Period.

      • but apps decide which is essential and which isn't do they not? If some app says it needs that data you don't have the choice to hide just that data, you can't use the app at all. Of course this is still a choice, but its not just complete control for the user.

        • Glenn · 1725 days ago

          Mark - How can you control your Friends, who have your information posted, in one form or another, on THEIR page? It doesn't matter whether YOU allow the apps access or not if one or more of your friends allow it and it is gleaned from THEIR page. Your "choice" won't matter in that case!

          It's an ill-conceived policy decision, no matter how you look at it.

          • Dave Nattriss · 1724 days ago

            Glenn, you clearly don't understand how Facebook's API works, nor the model of sharing data with apps that your friends use.

            As you can see if you go to (then click the link in 'Apps and websites' in the bottom left, then the second 'Edit settings' button next to 'Information accessible through your friends'. There you can control exactly what parts of your Facebook profile can be used by friends in applications that they use.

            Note how phone numbers and physical addresses are NOT in that list at all, because they are not available to be shared in this way.

            Please get your facts straight before you try to judge what has happened.

        • Dave Nattriss · 1724 days ago

          Actually, it's possible to allow an app access to the extended permissions, then go into your application privacy settings and revoke each type of permission individually. Not quite perfect, but a workaround:

          Well-written Facebook apps will only ask for the essential permissions (that you need to use the app) at first, and then only ask for extended ones as and when you want to do something that requires them.

          If an app requires a permission from you that you're not willing to give because you don't feel it is necessary for the app to function, it's easy enough to contact the app developers to let them know that they should update their code so as to not require it.

  11. Dave Nattriss · 1726 days ago

    'I realise that Facebook users will only have their personal information accessed if they "allow" the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this.'

    Such as? How is it possible to get a user to authorise a Facebook app without them actually clicking the button?

  12. URA douche · 1725 days ago

    If you post any "real" information about yourself on facebook (or any other website for that matter) including D.O.B, address, phone number etc then you are clearly a moron and the gene pool would be better off without you.

    If people don't already have this kind of information about you why would you add them as a friend on facebook?

    Oh, BTW. I have $500,000 in an offshore account that I need to bring into the country. Let me use your bank account and I'll give you 10% ;) Hit me up at

    • Dave Nattriss · 1725 days ago

      I happily share my personal information on my Facebook profile, but of course only let my trusted friends have access to it. They wouldn't necessarily already have it because the extent to which they know me will vary, and in any case, this way they can get access to it whenever they might it. I don't currently use any apps that need access to it, though I might if I wanted to use an app and I trusted the people running it, just like I trust Amazon with my address etc.

      You're a moron for trying to suggest that giving your real information to any online service is a mistake. Grow up.

    • Glenn · 1725 days ago

      OK, I'll 'fess up...I'm a douche!

      How many of your friends are douches?

      Of those, how many do you know well enough that they have your address and phone number?

      Out of those douches, how many do you figure have this information posted ON their page in one form or another...say, in an uploaded address book?

      And out of those douches, how many of those would allow an app unfettered access to all the information on their pages, INCLUDING your personal information?

      Finally....WHO'S THE DOUCHE?

      • Dave Nattriss · 1724 days ago

        How many of my friends have my address and/or phone number stored somewhere? Is that what you're asking?! All of them, I would hope! Or if not, hopefully they know that they can access the details via my Facebook profile at any time.

        However, there is no way for my friends to allow apps to access my phone number(s) or address through Facebook. There simply is not.

        Who's the douche? You, Glenn, based on what you are saying.

  13. Betvert · 1725 days ago

    This is classic Facebook - doing what they think is good for their bottom line without any consideration as to how it impacts users. I am looking forward to new social networks that focus on privacy such as MyCube and Path.

    • Dave Nattriss · 1725 days ago

      Eh? It will impact users by giving them an alert asking if they wish to share the data with an app or not. They can say no. What's the problem?!

  14. Trol Olol · 1725 days ago

    I like this, good job facebook
    they should also put a picture of your house
    and you license plate for next update
    so "scammers" can make more money
    and rape you.. after you fill the surveys..

  15. Mrs. W · 1725 days ago

    Surprised you didn't mention social engineering. It would be stupid simple to pose as someone's bank, credit card company, etc.

    "I just wanted to verify the details we have on record. . ."

    Make it stop. . .

    • Dave Nattriss · 1725 days ago

      That scam will work whatever the medium. If people fall for it, that's not Facebook's fault. At least with Facebook they can quickly shut off scammers' access to the service, and you can block them very quickly too.

  16. Dorothy · 1725 days ago

    Glad neither is available on my facebook.

  17. Tony · 1725 days ago

    with no economic model whatsoever, the sites only real value is selling your information and the info there is more personal that just names and number. Those in the know are saying that is why Facebook is so great, consumer profiling while no has ever pulled out their credit card while using the site, the site is highly valued.

    • Dave Nattriss · 1724 days ago

      No economic model?! Um, it makes over a billion dollars a year from targeted anonymised advertising.

      Have you ever actually used it?!

  18. Dave Nattriss · 1725 days ago

    "I realise that Facebook users will only have their personal information accessed if they 'allow' the app to do so"

    I'm not sure if you do, Graham, or else you wouldn't have written this blog post at all. Users either allow the app or they don't. How exactly can users be 'attacked'/tricked into doing this?!

    • Just read any of my many other posts about Facebook rogue applications and you'll see how folks can be socially engineered into this.

      • Dave Nattriss · 1725 days ago

        They still have to click the button to authorise the app though, right?

        • Chris D · 1725 days ago

          But just how many of /your/ friends have blindly clicked "authorise" because they want to run the latest and greatest app? Many of my (not particularly technical) friends have done so because they simply don't know any better. ("It's just one of those things you have to do on FB". Sigh.)

          • Dave Nattriss · 1724 days ago

            Who cares? That's their responsibility, not mine. They cannot share my phone number(s) or address with third party apps. It is of no concern of mine who they share their own data with.

            • Bruce · 1506 days ago

              They can if you put that info in your profile. I see many shady Android apps asking permission to access your contacts, which in my opinion is BS and I won't install them.

              In fact, they don't need your personal info pulled automatically from a FB profile - what if I entered it into my phone's contacts manually?

              Like FB, these phones and apps have become voluntary bugging devices, and I fear one stupid friend could unknowingly give away your own personal information simply because they've written it down electronically!

    • Glenn · 1725 days ago

      You might not be able to be tricked into this, but can you say the same about all your Friends, who might have your information in their address books or on their pages, which they uploaded to Facebook?

      Didn't think so! Neither can I!

      • Dave Nattriss · 1725 days ago

        But Facebook doesn't allow apps to get your phone numbers and addresses via your friends at all.

  19. anon · 1725 days ago

    Maybe the most private thing to do is not use Facebook.

    • Dave Nattriss · 1724 days ago

      Yes, and never leave your house, talk to friends or engage with society at all. The life of hermit is so underrated...

  20. John · 1725 days ago

    Good post. If you don't want sensitive info out there, good to take it out of Facebook. I just deleted my phone number from the site.

    • Dave Nattriss · 1724 days ago

      Nice work. Now your friends will have to bother you whenever they need it instead of just being able to find it on your profile.

    • Twinkle · 1722 days ago

      Well said John. I am actually thinking of removing my email address .

      • Dave Nattriss · 1718 days ago

        Except that you need an e-mail address to have a Facebook account...

  21. Lauren · 1725 days ago

    Will this include apps that have been installed prior to the change? I would assume you'd have to accept this over again if it were, but you never know...

    • That's what I'm wondering as well. If I'm understanding Facebook's FAQ ( correctly, you'd have to reauthorize the app if it needed any additional permissions, but given Facebook's security failings in the past, one can't be too certain...

    • Dave Nattriss · 1725 days ago

      Yes, you would do. Facebook has always had this policy with third party apps.

  22. Glenn · 1725 days ago

    There is one problem with this decision that you can't control. I have heard that those who "opt in" to these apps and have their address books uploaded to FaceBook (with YOUR address and phone number) will compromise this information with no recourse for you to restrict it or to opt out.

    This should concern EVERYONE, because as security conscious as you might be, EVERYONE has a friend or two that are not as well educated, and some couldn't care less. Your information will be out there in spite of any precautions you take.

    If FaceBook won't safeguard its user's privacy and security; if it will allow everyone and sundry access to its user's private information without limits, ESPECIALLY information that others have negligently posted; then perhaps it's time for this battleship to sink. It's unfortunate, but there it is! I, for one, refuse to be one of the rats, clinging to the last rigging remaining above-water, and I think the sentiment is shared.

    TAKE NOTE, FACEBOOK MANAGEMENT! You're starting to sink, and we WILL NOT be dragged down with you!

    • Dave Nattriss · 1725 days ago

      TAKE NOTE, GLENN! You have misunderstood the permissions. See the screenshot at the top of the page - users can only share their own contact information with third party apps (if they choose to), not their friends'.

  23. Website owners needed to put their names, addresses and phone numbers in a public whois database for many years.

    • Dave Nattriss · 1725 days ago

      Regular residents of most countries in the world have put their names, address and phone numbers in telephone directories for many years!

  24. Leo · 1725 days ago

    Hmmmm wonder how long before the mandatory legit email address is sold as well.... if it hasn't already......

    • Dave Nattriss · 1724 days ago

      The option to share your registered e-mail address on Facebook with apps has been available for quite some time now. But as always with extended permissions on Facebook, it is an opt-in choice.

  25. Really Sophos? Way to be an alarmist.

    You do know the API can pull a hell of a lot more than home address and cell phone number, right?

    1) Why would you want to build an API that limits the data you have access to? Facebook has put standards together for what developers can do with that data.

    2) Why would you put bogus info in your profile (such as the Twitter comment you posted) where that might make it harder or impossible for someone (a friend, for example) to legitimately use?

    I don't see the point, and I don't see the problem. I bet you are also the type of person who says the government should control access to violent media, not parents. Because that is basically what you are condemning here.

    If people are not smart enough to ACTUALLY READ the access they are giving Facebook apps, they have no room to cry about it - Facebook makes it pretty clear when you access an App for the first time, or after the author has changed permission requirements.

    • Sadly everyday we see thousands of Facebook users tricked by social engineering tricks into approving rogue apps. Just check out the rest of the Naked Security to see plenty of evidence of that.

      The fact is that users don't read the small print (just as 99.9% of us don't read the legalese when installing software). This latest addition just increases the amount of data that developers can grab off Facebook users - but makes no attempt to highlight the risks more obviously to the user. That's a real shame.

      It would better methinks if Facebook vetted its developers and the apps they published properly.

      In their blog post Facebook don't say anything about why their 500 million users will consider this a valuable new Facebook feature. And I don't see any announcement that Facebook is going to become more safety conscious about how it chooses apps and developers.

      I think the suggestion to change your mobile number to that of Facebook Customer Service is tongue-in-cheek. After all, Facebooks' own ToS say that you cannot provide false information. With this in mind, removing your information from the site seems the obvious step if you want to ensure it remains protected. Others will go further, no doubt, and consider leaving the site entirely.

      • Yea it might be tongue-in-cheek, but I guarantee many people have already changed their number over to the Customer Service number, not realizing that Facebook uses your cell phone number as a way to use their site on your mobile.

        While I do argue that is is not small print, I do agree most people will just grant access willy nilly. But I still do not see how people can be taken by any of these scams. I just don't get it. You must click a button, that for lack of a better phrase says "Take me to the cleaners." This is not a passive threat.

        • It's the same most modern Windows malware works.

          You download a program (maybe you believe it to be a codec to view a sexy video of Angelina Jolie). Windows pops up a "Are you really sure? Stuff you download from the net can be dangerous y'know". The user continues regardless.

          Social engineering defeats such measures. That's why Facebook should find a better way. I propose they start by only allowing authorised apps (ones they have vetted, from developers they trust) from accessing such sensitive information rather than a free-for-all.

  26. Jenn Mattern · 1725 days ago

    "Facebook has put standards together for what developers can do with that data."

    Standards, rules, policies, etc. mean absolutely nothing when the company has shown over the years that they are incapable of adequately enforcing them.

    I agree that users need to take more responsibility. And frankly, I'd say anyone who cares about privacy at all is a fool if they use Facebook (apps or not) given their track record. But that doesn't absolve Facebook of any responsibility. They claim to care about user privacy and yet take step after step to decrease that privacy. This is far from new.

    It was just over a year ago that they brought the contact details issue up themselves. When the ACLU was on them about privacy concerns with third party apps their response was that at least they didn't give those developers "sensitive" info like contact details. So to flip-flop when they basically claimed keeping that info from devs was about respecting the privacy of users proves that concern is utter BS.

    So yes, people need to take responsibility and know what's out there and where their information is going to go. At the same time, Facebook needs to step up and match their behavior with their corporate speak when it comes to user privacy issues.

  27. Lateef · 1725 days ago

    To many people the internet is nothing more than a complicated computing environment where they only know how to use Facebook, send e-mails, and click on "congratulations" pop-ups at wack-a-mole speed. These internet users see that their friends and family are connected to them online and assume that it's there own private network -- Facebook's privacy settings can be pretty good when used properly - but they're still too confusing for the general public. Either way, no matter how good Facebook's privacy controls can be - it is still a business entity at the end of the day - and the bottom line is that you are of no use to the company (Facebook) if you can't help them reach their business objectives in some way. In fact, nothing is "private" on the web unless you own the server that your data is getting stored on ... and even still - you're at risk of having your data accessed by cunning techies.

    This is a pretty cool article introducing the long-term risks of large-scale social networking websites:

  28. Jesse · 1725 days ago

    Are we able to get all of the information of app developers?

    • Dave Nattriss · 1725 days ago

      Sure, if they give you permission (just like you have to give them permission).

  29. Nick · 1725 days ago

    Set your mobile # and address to:

    1601 S. California Ave
    Palo Alto CA 94304


    • Dave Nattriss · 1725 days ago

      Nice one. Then your friends will not be able to get hold of you when they call or write to you using the details on your profile.


  30. jeanne · 1725 days ago

    I'm one of many who don't choose to use Facebook as an address book. my actual friends get my number and address from me, not from FB

    • Dave Nattriss · 1725 days ago

      Are you saying that people you are connected to on Facebook are not your 'actual friends'? Why do you give them access to your Facebook data at all if they're not your actual friends?!

      • david56543 · 1725 days ago

        they ARE actual friends... your friends will have your number anyway not need to get it from FB

        • Dave Nattriss · 1724 days ago

          Who says they will? People change their numbers. People lose their phones/address books.

  31. scott · 1725 days ago

    If this badness happens to someone, they almost have it coming for posting all that personal info online, that said these apps could grab this information on their own if they wanted to by spidering the many online telephone directories anyways.

    That doesn't mean I think Facebook is in the right, I think Facebook's mission statement should be "Do Evil" as that is really what they seem to be doing.

    • Dave Nattriss · 1725 days ago

      Allowing users to pass their contact information on to third party apps, should they want to, is not evil! It's useful, and OPTIONAL.

      • rosy · 1724 days ago

        wow Dave do you work for Facebook? You barely let people comment on here before chiming in with your obnoxious responses.

        Just because you feel so passionate about FB doesn't mean everyone has to. Get a life!

        • Dave Nattriss · 1722 days ago

          Wow 'rosy', are you even a real person?

          I don't understand what you are talking about. I'm not stopping anyone comment (nor would I have a way to do so if I wanted to)?! And I never said anyone had to be passionate about Facebook - I just have a problem with people being unfair or negative without just reason.

          You accuse me of being obnoxious and then tell me to get a life?! Pot, kettle.

          • Jonny B · 1722 days ago

            Illiterate troll = fail troll.
            I don't see Rosy saying you stop anyone commenting, she merely ridicules your sheeplike & obsessive Facebook 'fanboi' attitude. Most hilarious, for me, are your comments along the lines of:
            no Facebook = No friends & hermit existence.

            I guess myself, Rosy & the other 6 billion+ people who don't use Facebook are just sad & lonely hermits living in some delusional world. A world where our experience of things like sunlight & fresh air are, sadly, illusionary. Shame that, because I really enjoyed the imaginary fajitas & beers I had with my imaginary friends last night. *rolls eyes*

            "They trust me... dumb f***s"

  32. roblogs · 1725 days ago

    Better yet, dump facebook for Google Buzz!

  33. Karim Alameddine · 1724 days ago

    We know all this. So what. When you go on air, whether FB, Twitter etc..... everybody can dig your profile from Google search too. As for me what I have nothing to hide.....

    Kari Alameddine

  34. SUZE · 1724 days ago

    I figured many years ago that Facebook would eventually leak and peoples private matters would be very vulnerable. I would never consider getting on Facebook as it's just what it states of how naked people really are on this web site.

    Ask yourself this question: is it really worth it with all of the non privacy and all? They have non listed phone numbers for a reason out there, so why would you give it to a website?

    If you want to be popular and do understand the risks involved then so be it. Just remember that if you don't watch out for your privacy now, then what is the real meaning of having privacy?

    I am never going to be a facebook, or twitter person as i don't trust the site and never will no matter how much the face book site wants us to believe. take care and beware of the site as it's is always on the news as being trouble to the public and all.

    • Dave Nattriss · 1722 days ago

      Suze, Facebook is an Internet application. You would make your number available privately to your friends via the service because you want your friends to have your number so they can call you. It's quite simple.

  35. Josh Taylor · 1724 days ago

    here's a real advice: delete your account and never use it again.

    Send this advice to your friends and tell them to do the same.

  36. Josh taylor · 1724 days ago

    here's a real advice: delete your account and never use it again.

    In fact, cut your internet. There's a big world outside that needs to be explored. Go out and find some real friends.

  37. miriam p · 1724 days ago

    I'm still stuck on "if your friend had uploaded his address book to facebook" how exactly does one do that, and why would one want to? it would never occur to me to share my address book with all my facebook friends.

    And I never put my address or phone number on there - people can ask or they can email me, which is a better way to reach me anyway.

    • Dave Nattriss · 1722 days ago

      You can't upload address books (as in, lists of people's physical addresses) to Facebook. You *can* let Facebook access your e-mail service contacts list (sometimes called an address book) to help you find your contacts on Facebook, but that's about it.

      How is it better for your friends to ask or e-mail you, which then have to manually deal with, than for them to just be able to bring up your Facebook profile to get the information without disturbing you?

  38. Robert · 1724 days ago

    Have you ever consider how many people at Facebook that do have uncontrolled access to your private information? It is a known fact in IT that more data leaks come from inside the company than from outside. My facebook has only very general information about me and an email address that I can drop at will. Beware!!

    • Dave Nattriss · 1722 days ago

      Have you ever considered the system Facebook have in place to control this kind of security? Maybe you should find out about it first.

  39. Drat · 1724 days ago

    Don't they have phone books with this information in them in the USA?

  40. sumorbis · 1724 days ago

    People who use social network site such as Facebook and the like really ought to be a lot more careful what they reveal - still it's even worse when developers/corporations start taking info that you have NOT put out publicly - as I found out recently.

  41. Twinkle · 1722 days ago

    Considering the significant security / privacy concerns caused by just one organisation, could this be the death knell for that organisation? I personally hope it is.

  42. Andre · 1722 days ago

    I am trying to understand why anyone would want to use Facebook given the constant security problems and having Facebook itself either give your personal info to third parties or changing your security settings on you to less secure anytime they do an update. Also given that the founder of Facebook really doesn't believe in privacy, ( his own words), why would you trust him? I have chosen to not trust Facebook and won't have anything to do with them.

  43. Derrick Borrer · 1718 days ago

    It's funny, that as parents we would not let our kids stand on a street corner handing out leaflets with all their personal details i.e. mobile no's age etc, etc, also pics of themselves, yet we seem to be quite happy to let them post all this info on the internet for all and sundry to see, knowing full well that there are all sorts of perverts etc out there.

  44. drew · 1692 days ago

    WRONG! If you want facebook updates to your mobile, you have to enter the mobile number. You don' t post it to your profile..and now facebook has used this info and it is NOW POSTED TO YOUR PROFILE PIC WITHOUT YOUR CONSENT AS OF TODAY and I find NO way to remove it...and of course that data is now mass mined...HOLY CRAP!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley