Sophos Cloud Optix
I’m sitting here in a hotel working on a Request For Proposal for full disk encryption while listening to a movie in the background. (It helps me think.) I take a peek at the Facebook feeds and, lo and behold, my wife is blasting out some fresh Facebook privacy angst!
Keep in mind, she’s not a security pro and can barely spell HTML. To see her concerns about what you are about to read will surely evoke some emotion:
WTF FACEBOOK! ALL THE PHONE NUMBERS IN YOUR CELL PHONE are now on Facebook. No joke -Go to the top right of the screen, click on Account, then click on Edit Friends, go left on the screen and click on Contacts. All phone numbers from your cell phone (FB friends or NOT) are published. There is an option on the right to disable. Feel free to repost this on your status, so your friends can remove their numbers and thus prevent abuse if they do not want them published.
Her Facebook post contains the steps you need to take to reveal the mobile numbers of your friends along with anyone you are friends with that you really don’t know.
In the event you feel that this is not a privacy risk, let’s put this into perspective based on how I use Facebook.
I have just under 1,400 Facebook friends. Most of them are a result of playing, dare I admit, Mafia Wars. Even though I stopped playing over a year ago, I still have lots of Facebook friends as a result.
I clicked on ‘Account’ -> ‘Edit friends’ -> ‘Contacts’ – and there they were: the mobile numbers of 213 friends. I estimated that about fifteen are people I know well, and a good number more are former or current colleagues.
I compiled a list of graphics pointing to some of my Facebook friends whose mobile numbers are now visible to me, even though they almost certainly never intended to share them. I smudged their mobile numbers to respect their privacy.
Here’s what I think could have happened.
Some time ago, Facebook started posting messages on users’ accounts saying that their account protection status was “very low”, and they should increase their protection.
Naked Security criticized Facebook at the time for using what we thought were scare tactics to encourage users to give Facebook alternative email addresses and mobile phone numbers.
Facebook’s thinking was that if users lost control of the email account they normally use to log into the social network with, there would be an alternative contact point which could be used to regain access.
That’s fair enough if you’re comfortable with sharing that additional information with Facebook – we just didn’t like their wording which gives users the impression that there’s something seriously wrong with how they have defended their Facebook account.
But what if you did follow Facebook’s recommendation and gave them your mobile phone number to enhance your account’s security?
Once you’ve confirmed the mobile phone is in your possession, Facebook craftily includes a setting (already enabled) sharing your mobile phone number with your Facebook friends.
In other words, regardless of how you had previously set up the privacy settings for your mobile number – it’s now been over-ridden..
.. and your Facebook friends can now see your mobile number in their Facebook phonebook.
In fairness to Facebook, it was you the user who agreed to this in the first place. Although you might not have liked them enabling this option by default after supposedly enhancing your account’s security, you did allow it to happen.
My advice is to consider doing the following:
Remove other people’s mobile phone numbers that you may have imported, using the steps given by Facebook. You’ll still see the phone numbers of Facebook friends who have chosen to share their contact details.
Some of your Facebook friends may be listed in your phone book because you synched your Facebook account with your iPhone or Android smartphone using the Facebook app.
Be sure to tell your smartphone not to sync with Facebook in future if you’re not comfortable with this and, at the same time, you should disable Facebook’s ability to email your non-Facebook contacts with a reminder to join Facebook every two weeks.
Finally, check the privacy settings on your own account to prevent others from seeing your phone number.
And what about the next cool Facebook feature? Should users simply get used to this sort of thing?
No! Facebook, if being here for the long-haul is your plan, upsetting users like Jenny is not the way forward.
Most of your users are much like Jenny. She treasures her privacy; so should you.
Asking your users to opt in when new features and services become available is a much better approach to keep them happy and using your services than forcing them to opt out.
If you’re on Facebook, and want to keep informed about the latest security threats, I would recommend joining the Sophos page on Facebook where we have a community of more than 100,000 people.
Update: Thanks to readers for their comments below! I’ve updated the article above to reflect the advice regarding synching of contacts, and additional steps for resolving the issue.
Furthermore, check out Facebook’s own statement on the scare.
So, a user's own number would only appear like that in someone else's list if they had configured the Facebook app on their own phone to sync their contacts with Facebook?
FYI. . .I did not give my cell phone # to FB and still have friends mobile #'s listed. I tried twice last night to go through the steps and remove the #'s and they are still there.
The "steps to remove" are to remove numbers that would have synced up from your phone to FB. You have no control over what other people post or make available.
I had made are new account with the same number and I have no access to my old account
No. As long as you gave Facebook your phone number, it will show up on all of your "friends" contact lists. Yes, even those "friends" you don't know, have never met, and can't trust not to use or sell your phone number for sales purposes.
I never gave facebook my number. It's still appearing there… And they're not in any hurry to remove it (already tried 3 times).
A good example of something odd going on is my new FB friend, Kyle Palmer. We met briefly, became FB friends and NEVER exchanged mobile phone numbers. Yet, his mobile number is available to me. He may have added it and restricted his privacy setting to 'friends' only.
I haven't checked with Kyle, but I think he would want to know who is given access to his mobile number.
Surely if this has been done through the Facebook iPhone app without the phone owners knowledge or consent then it is a breach of privacy laws in most jurisdictions. I for one would happily sign up to any class action against Facebook for illegally accessing, copying, transferring, storing and publishing my private contact list.
If any lawyers contact sophos regarding a class action please let me know.
I have tested it and I don´t understand the problem. If you accept to sincronize your mobile contacts with FB, it´s normal that they appear in your profile (FB use for friends recomendation), but it doesn´t mean that they are public published, I tried and I couldnt see my friends mobile contacts.
What am I not cacthing?
Manuel,
You are correct about accepting to sync you mobile contacts from your smartphone to FB. A point that we forgot to include in the article is when I installed the FB app on my iPhone, I did not authorize FB to sync my smartphone contacts with my FB friends.
You caught it fine. This article is sensationalizing an easy target, Facebook Security. PS. I HAAAAAAATE Facebook, but let's be fair here.
You describe how/why the numbers of your FB friends may have become visible to you (and this was always going to happen with FB carrying out that aggressive push to aid their harvesting of numbers), but, unless I missed it, you don't offer any ideas/explanation as to how you see (in your FB account) the number of the person who is _not_ a FB friend? Surely that part is the most important?
JonnyB,
You are correct. I'd like to get an answer on that one as well. Amol Patankar is not a friend of mine, we don't have mutual friends (generally residue from Mafia Wars) and I don't recall if we were past Mafia Wars friends because MW friends can turn over quickly.
So the question remains, how did he get on my list?
Does anyone have any insight into that? I read Sean Sullivan's post below and I'm pretty sure I never had Amol's information in my iPhone's contacts because I have no idea who he is.
This may be a red herring, but is there any possibility that the email address you use for this FB account could ever have ended up in Amol's address book?
I say this because, although I don't 'use' FB, I do keep a few 'test' accounts (to help others who come to me when something goes wrong/changes) and used the same email as one of these accounts for an online gaming Skype account (it is a throwaway address).
When Skype/FB did their (dis)integration I suddenly found a load of friend requests appearing from people who had simply clicked to allow FB to check their Skype contacts. Being a test account, with no personal information on it, this was no biggy for me, but the implications (of two seperate applications linking you to others by 'private' email address) for those who do have personal information displayed was quite obvious to me.
I wonder if there is any way you are similarly getting 'linked' to Amol via him having your email address, somehow?
On a more general note, I find the idea of FB harvesting numbers via a third party appalling. They should never be allowed to collect that kind of personal information without the active consent of the owner of the information – the same goes for the ability to tag people who do not use FB, in photos.
They also sync contacts from your iPhone etc. If you open up the iPhone app. Click on 'Friends' and then click on the icon in the top right one of the options that comes up is 'Sync Contacts'
Make sure to disable this too, so that you're not uploading your contacts and their mobile details to facebook, without their knowledge. or consent
Thanks jbstans for your tip. My contacts do not sync with FB and never have.
Even use FB mobile and use the Contact Sync feature? Yes? Then that's how your friend's details got there. These details aren't public: it's just a backup of what's on your mobile.
Incorrect, I don't have most of the numbers listed.
It's a combo of those who gave FB their numbers and those that come from syncing your phone.
You are making a lot of sense MNJ, but how did Amol get in there? See my above responses for more information.
But if you are using an Android it is backed up in your email account. Why does FB need to back it up as well as harvest other people who are not even in your contact list or friends..?Sounds like more then a service to me for the user. I was not aware when requesting that my contacts on facebook appear on my phone that my contacts on my phone would also appear on my facebook, whether or not its made public someone could hack my account or I could walk away from a computer and it be hacked not realizing the personal information of others that would be made available to someone who wants it bad enough!
I don't see the point in deleting the numbers. If friends don't want to share them they just need to change THEIR privacy settings.
Happy that friends can see my number, more secure that all those bloody posts saying "Lost my mobile let me know your number below".
I think you are half right on this
My mobile number is somehow on other peoples lists, however I never added it to facebook, and never went through the above procedure
The other option is this :-
What people seem to be doing is importing their smartphone contact list through a facebook app. Hence if my number, which I don't want on facebook, is in any friends phone, then bingo, it can be imported.
Privacy gone, all sorts of phone numbers are now stored in facebook as more people import their contacts from their mobiles, currently, only that person can see those related numbers, but all facebook has to do is try and link everything together, or start displaying numbers along side other information.
TempleDene, I'm sure in the FB databases there is a single instance of anyone's mobile number which is referenced back to a Friends table or column making it available to everyone in that table or column.
Once a third party sync's their mobile contacts and there is contact who already has FB account then the association is made. But should it? Because everyone that is a Farmville friend can have access to that formerly unknown mobile number.
David,
Here's something you might have overlooked. If you've ever used Facebook's “Add Personal Contacts as Friends” feature (https://www.facebook.com/find-friends/
), YOUR copy of their phone numbers from your contact database will be uploaded and available to YOUR profile.
Your non-Facebook “friend” Amol, do you have his number in a contact database? If yes, that could be why you see his number from your profile.
Learn more (and remove your contact database data) here:
https://www.facebook.com/invite_history.php https://www.facebook.com/contact_importer/remove_…
Also, the above comments regarding phone syncing is another way in which your phone's contact can become available to your Facebook profile.
Regards,
Sean
Hi Sean,
All good points but I never sync's my mobile contacts with the FB app. I don't know Amol in FB or in real life.
Any other thoughts on why I was able to see his information?
Hmm. This lowers my opinion of Sophos. Here's a more rational response: http://technolog.msnbc.msn.com/_news/2011/08/10/7…
Just in case, I double-checked my privacy settings for my contact information. Sure enough, my custom settings were intacts — visible to my friends EXCEPT my "Games" friends, who don't get to see anything. Facebook did not overwrite my settings.
I can't believe mighty Sophos doesn't know how to customize privacy settings so that their Mafia War friends don't see anything that is not public anyways.
My privacy settings are intact and no one is able to see my mobile number. It's important to keep in mind that most FB users don't know how to change their privacy settings. The net result is that folks on FB can see too much information about each other when it's unintended.
I have a Mafia Wars list and they are excluded from everything. So, I subscribe to the same logic as you. Nice work!
I think you guys just are not using a smartphone fb app to understand what Sophos is talking about. I at first dismissed it as a privacy setting people were confused about. But its much more then that.
And please explain Sir/Ma'am, why, when I DO know how to use the privacy settings and HAVE them set correctly, FB continues to share my Cell # information? Keep in mind, please, that I have NEVER used it to upload or download anything, ever. Either from FB or elsewhere.
It appears there are TWO privacy settings and, despite repeatedly, correctly, adjusting the second setting, FB chooses to ignore my preference and continues to share the number…
I believe that you may be correct in that, SOME do not understand how to set their privacy settings. But some of us do, and are still being circumvented. I hope you are correct and do not face the irritation of finding out you were incorrect…
…khrys…
It's synched the phone numbers from my iPhone to my FB account. And to be honest I don't see any problem with that. For only you can see those numbers.
A few weeks ago my iPhone crashed and I lost all numbers. I still haven't got them all back….until now. Now I've found that my phone numbers were synched to FB I can retrieve them.
And also if you are away somewhere and your phone gets stolen, can you remember all the important phone numbers? Now you just need to log in to facebook to find them.
Only you and any FB app you allow! Hmmm, I wonder what those apps are doing with your friends phone numbers.
Spurs fan, I'm glad that you were able to find your lost contacts. I prefer to have better control over my contacts and I'm sure my contacts appreciate that.
Spurs fan, you do realise iTunes syncs all your contacts far more securely than FB does…Are you also aware that your friends data can be accessed from any third party you authorise using the facebook API?
Are you serious BigAl? Many websites are using the FB API nowadays.
It is not phone numbers from YOUR mobile. It is numbers that your Facebook friends have added to their profiles. I don't have most of these numbers on my mobile.
It's both.
I agree with MNJ. In my case, since I never sync'd my mobile contacts with FB, it's coming from my FB friends profiles.
He’s right, if you are using a phone FB app its both, plus some other stuff going on. I have people in my contact list on FB who are not in my phone or on my friend list. However, some of them I recall used to be on my friend list but are not currently.
Actually, it is more than just your contacts numbers, because my dogs groomer and checking account balance number was there too, as well as friends and family that are not even affiliated with facebook whatsoever!!!!!!
"There is an option on the right to disable."
Um, no. That does not disable it. It removes them from your friend list!
I have a friend who stated someone used their phone to check facebook and it synced all her numbers into that person's profile. That may be something people should be aware of.
Excellent point Jen!
I've never synced my phone with FB, I don't have the ability as I don't have the net on my phone. Others have sent me a chat message through FB using their phone, and thats how my number (i'm assuming) ended up on FB. I have since changed my number on FB to a bogus number, because those who know me will have my number, and thats it!
As an aside, some of us aren't in a position to opt out of giving Facebook our mobile numbers – I needed access to Facebook's developer tools, and it was either that or give them my credit card details.
I am pretty miffed at sophos with thier facebook scaremongering in this case, I think it may due to your love/hate relationship with facebook that you are scraping the barrel with this warning. Peoples numbers have ben there for a long time and its nothing new and they are only visible to who evers profile is they are logged in with. Even in your post you admit that you got the facebook security thing wrong and thought it was scaremongering when infact they were just providing us with an alternative way to reclaim a hacked account.
Isn't it a bout time that you stop picking at every single thing that facebook does
Also I added my number and shared it when I set up my account.
Hmm.
I don't think we did "admit" that we were wrong when we described "Facebook account status protection status: very low" as scare-mongering.
I still believe that it was, as I first described at http://nakedsecurity.sophos.com/2010/12/28/facebo… last year.
I'm well aware that Facebook was trying to get alternative email addresses and phone numbers for those situations where users lost control of their account, but the "fake anti-virus"-style warning of "low protection" was deliberately attempting to scare users into taking an action that might not be wise.
And what do we find now? Users who thought they hadn't shared their mobile phone number with their Facebook friends, have shared their phone numbers with their friends.
That's not to say that Facebook users themselves aren't to blame in part. After all, they were the ones who gave the information to Facebook.
You're right to say that the issue isn't new. However, in the last few days we have been inundated with emails from Facebook users who have been concerned about the warning that has been spread around.
I think our article goes some way to explaining what's going on and – if you so choose – how to remedy it.
Ultimately it's the choice of the users how they respond.
No, Facebook didn't publish your phone numbers – but now, what was YOUR information in YOUR possession is now on a Facebook database, out of your control on how it's used. What marketing person in the world wouldn't love to have a list of verified live phone numbers? How secure is that database that Facebook maintains? Numbers that I had that were private, in case of emergency, etc., are all now part of that database, whether I wanted them there or not. That's the true underlying issue – they have data that many of us would not have freely given them if all parties concerned had been properly informed .
I really don’t understand the problem. I chose to allow my cell number to be visible to my Facebook friends. I looked at my friends list, and only some of them have their cell phone listed. I have cell numbers in my phone contact list that are not visible on Facebook. My assumption is that those of us who have chosen to allow friends to see our cell numbers–our phones are visible to our friends and nobody else. Those who didn’t–the phones are not visible. I see nothing that would suggest other peoples cell numbers were somehow imported from my phone. Am I missing something?
#FBPrivacy It may be that many people are accessing the pages to disable or correct these settings slowing the system, but i cannot get it to accept my cancellation of the reminder to join FB every two weeks. Option is selected in the drop down menu but the page simply hangs. I also cannot seem to bring up the listing of my Contacts on my Edit Friends page to see what is or is not listed under phone #s.
According to FB, these contacts are not visible to the public and was mostly due to user's syncing their contacts with their mobile phones at some point in the past.
I just double-checked–I have a large contact list on my phone with many cell numbers. Many of those contacts are also Facebook friends. Only a few of my Facebook friends’s cell numbers that are listed in my phone contact list are visible to me on Facebook. For those Facebook friends whose cell numbers are visible to me, I am guessing they set their privacy settings to allow friends to see cell numbers. If I can’t see my friends’s cell numbers on FB even though I have the numbers in my phone contacts, I am guessing other people can’t see them either.
This is old news. The visibility of mobile numbers started in December, 2010 with the "enhanced security". Granted, providing a mobile number is a way of recovering your account. However, with any social media situation, it is wise to use with caution.
Documented here in December: http://securitygarden.blogspot.com/2010/12/facebo…
I find it ironic that you criticize FB for using "scare tactics" to get phone numbers, yet you use the same scare tactics as the post by pointing out you have over 1400 people. You can view your OWN phone book, but that isn't "published" to any of your 1400 friends. If you can bring up somebody ELSE's list then yeah, that would be a newsworthy security issue, but you can't accomplish this because the phone list is private per user.
I find it more concerning that somebody with a title of Senior Security Engineer has granted access to his FB profile to hundreds of people for a game he hasn't played in a year. Isn't that a little lax in security? It definitely raises doubt in how responsible or knowledgeable Sophos is.
For all other readers, FB posted their own response to this yesterday (interesting how the author didn't mention that). Among other things, they pointed out this has existed a long time (which I can verify, I first noticed the FB phone book around 2 years ago), and that it is indeed private and the only thing released to your friends is your own phone number if you have it set to visible in your privacy settings.
Actually, FB gets your number when you sync with your mobile app. You have to tell your app to NOT sync the numbers. You do that by going into your app, clicking “sync contacts”, and then telling it to NOT sync. FB also provides a link to remove previously synced information. I found the link by searching the FAQ on FB.
I never synched my ohone to facebook and don't use mobile web. The only time I gave them my number was to get my custom user ID and never gave them permission to share the information
That is just a database call of everyone who 1: has a facebook page 2: has a phone number on the page 3: is friends with you. Has nothing to do with pulling info from your phone’s mobile app. It’s been there for about 1.5 years. Spot check it if you want, You’ll be friends on facebook with everyone on that list, and obscure numbers in your phone won’t appear there.
Actually that's not true. While they've recently changed it to inform you they're uploading your contacts that wasn't always the case. When I first got my Android phone I added my fb account and let it sync, thinking it was going to update the contacts in my phone that were also friends. While I did get photos for fb friends (though I also got many mismatches of photos being assigned to the wrong person), unknown to me it sucked every single contact out of my phone & uploaded them to FB. Looking at my FB Phone book today I saw numbers for people/businesses I have no FB relationship with, as well as the phone numbers of people I don't know, and aren't in my phone, but somehow FB thinks it found a match.
Not true. When I found out about this, I checked, and ALL the numbers in my phone directory were in the FB list, including people who don't even HAVE FB accounts. This is a gross invasion of privacy, and now people who I and my friends do not even know have access to that information stored on their server(s).
I don't recall giving them my number for security purposes, nor have I bothered with their most recent "YOUR ACCOUNT SECURITY MAY BE COMPROMISED! GIVE US MORE INFO" notification; and yet, despite taking it off before, my mobile number was displayed on my profile. This is bullshit.
The other thing with facebook having your cell number is if you have skype connected to facebook, you can call your facebook friends via skype (as long as you have a subscription or credits to call phones)
So many of you are wrong. Yes, I published my phone number to FB. No, I never gave it access to pull my doctor's names and numbers, my family's names and numbers, and my business associates names and numbers who have never been on FB at all. All FB had to do was alert us that these types of numbers would be pulled, but they didn't. I would never have given them permission to access them because I value the privacy of my contacts. This is totally invasive on FB's part. FB accounts are hacked daily so regardless of who could see this list, once pulled, it then became part of this huge web we all are part of. The only way I could get the numbers off of FB was to delete my mobile app on my Droid. That is ridiculous. FB should have seen this coming, and despite their glee over putting their FB Messenger program into our lives, they could have taken steps to avoid this mess.
anyone using the android app knows and can go verify for themselves that it will never tell you that your data on your phone will be uploaded to facebook. it only says it will bring data from facebook to your phone. this uploading without my knowledge coupled with the fact that facebook stores everything you post, whether you delete it or even cancel your account, frustrates me endlessly.
I never had the sync option enabled on my phone, yet, ALL of my contacts were uploaded to Facebook; even contacts that do not have FB accounts. To give you light on how serious this issue is, I have just over 100 friends on FB but ALL 423 of my contacts from my mobile phone were uploaded to FB, without my consent or knowledge. I double-checked my phone and the "sync" option is STILL disabled!
Is everyone done freaking out about this non-issue now? So your cell phone phone book is online for your private viewing only. The horror.
FACEBOOK HAS NO BUSINESS SYNC-ING ALL PHONE CONTACTS. ESPECIALLY WHEN ONE CLICK SAYS “SYNC ONLY FACEBOOK CONTACTS” BUT THEN THEY STEAL YOUR WHOLE FRIKIN LIST, INCLUDING “PRIVATE NUMBERS”
“”DARN YOU FACEBOOK TECHIES!!! STOP MESSING AROUND WITH DUNG THAT AIN’T FREAKING BROKEN!!!””””
The real issue is – Everybody needs stop friending people that aren't really their friends. It has become a status symbol to have as many friends a possible, when they really aren't friends. Ignore the suggestions from FB. Stop being sucked in. Stop being sheep.
Many have already said it. I despise Facebook and am making a documentary about it's privacy beeches, but this isn't one of them.
For the love of god. I have had my phone number on my profile for years, even my farmville friends can see it. And you know what? Nothing exploded. I could find your number on the internet if I tried hard enough, WITHOUT using facebook. Everyone acts like they're the queen of freaking england. "Oh no, if people have my number I'll never have privacy!!" No one wants to call you. Really. I get maybe one spam text every two months. I can deal. Put your number on a no call list and get over yourself, and stop freaking forwarding these stupid chain-mail status posts. I'm getting really tired of seeing "Bleargh!!1!!! Facebook is evil!!" 20 times on my home page. And you know what? Facebook is optional. Don't like it? Get off.
"Facebook is optional. Don't like it? Get off."
What about those whose information is now held in FB servers (often resulting in lame spam attempting to persuade them to sign up), but have never even been near to FB?
My point and, from what I read & know, the point of many others is that "FB is optional" should be the choice of the person to whom the information belongs & not the option of FB and/or a 3rd party.
Sure, if their harvesting of information was entirely passive, then the blame would lay entirely with the 3rd parties who actively gave them the information, but FB actively & aggressively IMO seek to harvest this kind of information in a manner which is decidedly 'sneaky'.
I respect your right to publish your number however & wherever you see fit. Is it, then, so wrong to expect FB (et al) to respect my right _not_ to publish my number?
It is not about self importance, but about the rights of individuals to choose what _they_ do with _their_ information.
Oh, and good luck finding my number 😉
Ah, but I set up that a long time ago, along with helping some of my friends to do the same. No, this isn't the one where if your friend put their mobile on facebook, it shows. That was another scare sometime back.
No, this one takes your contacts from your phone and puts them in your "friends" directory, whether your friends actually wanted it there or not (or whether they were on facebook or not). No big deal, privacy-wise, because I don't believe it's visible to anyone but you. However, it is a big deal when facebook takes your friend's emails from your contacts list then emails them, hassling them to join, which is what happened in my case.
The phone numbers that are there now, after I did the fix, are the ones that want to be there, who have listed their numbers on facebook, publicly. Before I got a smart phone just this last May, it was the same way. It was sometime after that facebook accessed my contacts from my phone. Really, I'm not sure why. If I'm on fb, I'm either on my phone or my computer, and have access. I don't use facebook email, unless I'm really fucking lazy, or the facebook friend does not have another email. I never email a non-fb account from facebook. A redundant contact list on facebook is not useful.
My problem is that there was no authorization by me to do this. There should be some sort of authorization from the phone user before facebook actually accesses information from the phone. I, at no point, knowingly gave permission for facebook to access my contacts list from my phone, nor did I give permission for them to email people and hassle them to join fb, which amounts to spamming them. Nice.
I get that it was probably something hidden in some license agreement somewhere, you know the ones, every time your phone updates itself, the ones that read like a credit card agreement, where most lawyers can't even get through. Nice, facebook, really nice.
Okay, can't find my first comment, but let me try to clarify, just in case it pops up…
I never saw any of those things that you say facebook went through a while back. Never heard a word from facebook. I never clicked or not clicked, I was never given an option. It just simply accessed the contacts on my phone. I also just got a smartphone in May, so maybe fb decided it didn't need to ask people by that time? Who knows.
I really don't know why, except to create a contacts list for me. I'm not even sure that anyone else can see the numbers. Seeing people's numbers is not really my problem.
My problem is that no permission was asked by facebook to access any information on my phone. I don't even care if it puts my number out there (although, I never gave them my mobile, either), but I do care if they spam my non-fb friends, hassling them to join. Dear Lord, making friends is hard enough! I don't need fb to piss of the ones I have.
I also care that they seem to have magically gained access to my phone, without either the phone asking for verification, or facebook asking for permission. I'm not in a huge habit of keeping extremely sensitive data on my phone, but I still would like the courtesy of being asked before it is accessed.
While you're there, turn off Enhanced Advertising in the same area as well data sharing under "Groups, Companies & Applications". Those are auto-enabled as well.
Okay, I think I have it all sorted out. Please reply with comments if I need to make changes.
http://i53.tinypic.com/34zx66b.jpg
OK , there reason I am writing on this blog and today is that i just found out my private info has been post in FB. I am not really a fan of FB myself and I didn't really create an account there , I was the user of another chat program and accidentally I clicked on something which took me to FB page and created me an account there automatically. I never understand how it happened. Lately I realized there are another account under my name in FB that I am %100 sure I never created that account but it belongs to me.But here the story gets even more interesting. My Bf's ex wife got my phone number and start texting me and pestering me I was wondering how the hell she got my phone number because there was no damn way she can find my phone number .surprisingly i Found out that my cell phone number is there in my FB info and the only thing comes to my mind is when my daughter used my cell phone to log on FB they automatically added my cell phone number to my information.I also found out 800million users that FB claims doesn't really exist those are accounts that are not active , and fb find them and creat fb account for them, as you know all of us have a few email account here and there that we don't use them anymore but if you put those accounts on FB search you will find out surprisingly that you have account there in fb under your inactive email accounts.
Is there any way they can reach to your information through online shopping? Because your billing address and info such as your phone numbers are required for your online order then some of these online stores want you to click on like button in case you like their production and it takes you again to FB,,,what a smart Idea to have 800 million users . Most of people in net have no clue how to use internet properly ( i am the one of em) so I am not surprised if I click here and there and make trouble for myself so they better make it easier for stupid one like me..instead of looking for more tricky way to add to their user and make money from us.
Isn't there some place we can lodge a complaint. Some government agency or Media that will take action against FB. The photo identity security is nearly impossible. Security measures locked me out as well and I can't identify pictures. I'm not giving them a phone number either. We don't supply our phone numbers on Facebook, NOBODY SHOULD be required to do that, a simple email address and response is enough for every other site on the net.
We refuse to give some social website making millions of dollars from us members and advertisers a phone number to verify us? Rediculous.
Facebook should remove all Games from Facebook if they want us to stick to the original intent of connecting with friends and relatives.
Plenty of us signed up, and found the Games to play. Those who have no real friends connected. Facebook allows the Game Developers a place to call home and earn money off us. And since the Games that Facebook allow to reside on Facebook, and those games demand certain amount of friends to advance levels. And charge money for special things in the games. They have the nerve to Lock us out because we can't identify pictures? Our friends are strangers. Know nothing about them. Yet we have to memorize photo albums and all the new pics added daily to friends on FB? Rediculous.
How many of you have invested dollars into your enjoyment and are now locked out for your good investments? I cringe at the thought.
Selfish Pits they are.
good article. on the other hand, these replies read like disinformation. i wonder if the casual reader who is just beginning to get a sense of the loss of power of their own private information, is being persuaded by these orwellian replies..
ho hum. facebook has your cell phone #. everything is okay in the world says the nay-saying cow, hiding behind his keyboard, doing damage control for in-q-tel.
This info does no one any good. Once again, FB has changed the set up and now, I can't find what you are referring to.
This seems like a good site. On the other hand, I 'liked' an article i read here (i thought i was 'liking' the whole site, to allow ease in returning) and next thing the link, headline and beginning of the article appeared on my timeline, without me being asked permission.
THAT'S surely a bit more 'sharing' then what usually happens if I like something…..so can you please make YOUR site not so pro-actively invasive please? I'm used to having to reccomend a link, or import it, before it appears for all to see on my profile (except in the LIKES area)
Thanks!
We just use the standard Facebook "Like" facility. You can Like articles or Like our Facebook page at https://www.facebook.com/SophosSecurity
Sounds like you clicked on the article-liking button. I'm sorry if you didn't mean to do that, but we're not doing anything different than millions of other websites out there. No shenanigans on our part!
It's not a big deal. People do not care of your mobiles…
Ahhh… Does anyone remember the days when you had to sign a "model release" if your photos were published ANYWHERE? This was for adults protection as well as kids. Miss those days…
the privacy issues that exist on the net today go way beyond what facebook is doing with your information. Everyone is looking at everybody and i see sketchy people at starbucks all the time probably breaking into internet codes and stealing peoples stuff probably who knows.
Hi, I was just trying to search for some old school friends while using Facebook through my mobile . So there are these options of people you may know ,friend requests and then “contacts”. I clicked on the contacts option and a page opened showing 192 contacts. I probably have 10-15 of those contacts in my phone book and rest all I never called even once. Though not entirely unknown people , most of them were not people I communicate with. Does that mean they have my number saved in their phones? Please let me know asap.this is kind of creepy :/
Nice man
The solution to this problem is to add many many many fake numbers to your contact list. Overwhelm the system with contact numbers that have nothing to do with you. By using many fake numbers the value of the information is significantly reduced and the cost to get and maintain is increased.
You may need to be careful. If you just “make up” realistic numbers they might belong to someone else. Using other people’s numbers isn’t terribly polite and in some cases, feels like it would be illegal.
I saw on another site about this subject that facebook ‘does not sell your number’. Really? Then why do I now get a lot of unwanted calls from scammers trying to get personal info from me, credit card numbers, etc.? Don’t trust facebook with your personal info..
Incredible story there. What occcurred after? Good
luck!