If you use Facebook, your phone number may not be as private as you think.
A way in which Facebook privacy can be abused has come to light that will shock many users, but that the social network itself seems to consider a deliberate feature.
If you enter someone’s phone number into the search box on Facebook, the site can perform a reverse look-up and tell you who the phone number belongs to.
You can see in the screenshot how I entered the mobile phone number of someone I am not Facebook friends with, and instantly was offered their name, photograph and a link to their profile.
When I spoke to the Facebook user in question, she was shocked and surprised that I had been able to find her profile simply by entering her mobile phone number.
She confirmed that her privacy settings were correctly locked down to such an extent that her phone number should only be accessible to her.
In her opinion, a privacy setting that says “Only me” attached to her phone number meant it shouldn’t be shared with any of her Facebook friends – and certainly should not accessible by me, as I’m not even one of her online friends.
And yet, if I entered her phone number into Facebook it would instantly tell me that she owned the number.
Is this a problem? Well, yes. I think it is.
Imagine, for instance, if a company knew the telephone numbers of people calling it – they would now be able to determine your name too, and possibly use it for more aggressive marketing.
Or picture meeting someone at a party and giving them your phone number – and not realising that you were also potentially sharing your full name and other contact information.
You can probably dream up other privacy concerns of your own about this Facebook “feature”.
It should be your choice as to whether your phone number is connected with your Facebook profile, and whether someone can use one to find the other.
Even if you altered your privacy settings to ensure that your phone number is only visible to you, other people can still use it to look you up.
How to make your phone number more private on Facebook
The solution is to enter another section of Facebook’s privacy settings called “How you connect”.
You will find the default Facebook chooses for “Who can look you up using the email address or phone number you provided?” is “Everybody”.
Once again, Facebook chose the least private default for your information.
To have tighter control over your phone number, and limit those who can perform a reverse look-up against your number, you will need to change that setting to “Friend of friends” or “Friends only”.
Of course, this will also mean that the same privacy settings apply to the email address you use on Facebook.
Facebook wants your mobile phone number
Facebook is becoming more and more aggressive in its pursuit of users’ phone numbers.
Remember, Facebook has been wanting your mobile phone number for some time and hasn’t been above using scare tactics to get you to hand it over.
Many users are forced to enter a mobile number for authentication when they create an account, or to be used as a security check if suspicious activity is detected.
My advice is always to be careful what phone numbers you share with websites.
There may be a case for keeping an old phone in a drawer, with a pay-as-you-go SIM. That throwaway number can be used for websites that demand a phone contact, but you don’t feel they really need it. Keep your real, regular phone number closer to your chest – and only share it with websites which you believe have a genuine requirement for it.
If you are on Facebook, and want to learn more about security and privacy issues on the social network, join the Naked Security Facebook page where our 190,000 strong community regularly discuss the latest threats.Follow @gcluley
Phone number on a napkin image from Shutterstock.