, 37 tweets, 13 min read
My Authors
Read all threads
For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that.
Facebook 2FA numbers are also shared with Instagram which prompts you 'is this your phone number?' once you add to FB.
The original FB phone number prompt never mentioned "and more". It was shown for MONTHS before a link was added in September 2018 clarifying "actually we'll use this wherever we damn well please"
WhatsApp also shares phone numbers with Facebook
Facebook shares phone numbers with advertisers
Using a phone number to sign up for services has been the single greatest coup for the social media and advertising industries. One unique ID that is used to link your identity across every platform on the internet.

That is why every startup wants your phone number.
My personal Instagram account isn't linked to my Facebook. But I am the admin of a page on Facebook which now *requires* 2FA and mobile phone numbers (as of 2018).

Here's Instagram ~days~ after giving my phone number to Facebook (for 2FA only) 👇
Every public WiFi network that asks for a phone number to access it? Shared with advertisers. WhatsApp, Facebook, Instagram? Shared. Phone networks themselves: until last month, sharing your exact location by phone number.

It's shocking that this one number is used for usernames, authentication (2FA), advertising tracking, geolocation and more. And it's the same piece of info you have to give to a random plumber to come and fix the boiler.
Facebook is now looking to sync all your info between services. Why?

Data regulation.

Delete a Facebook or WhatsApp account after this integration and they'll keep your data, claiming it's used or needed for Instagram. The trend line couldn't be clearer. nytimes.com/2019/01/25/tec…
Facebook now defaults phone number search to "everyone". Unless you change this setting, anyone with your phone number can look up and confirm your Facebook profile. Here's where to change it (and no you can't turn it off altogether if using for 2FA) facebook.com/settings?tab=p…
TL;DR: Login-with-Phone-Number is the new Login-with-Facebook. Easy to track, shared between services, it's the key to invisible mesh of your data. Don't do it.
Apple should offer unlimited additional phone numbers that work as inbound SMS lines only.

Each time a service requires a phone number, iOS could generate a new number. If Apple is serious about user privacy, this is the next frontier. The current one, really.
When opening Facebook Messenger for the first time, the default action to create a new account is no longer email or username; it’s phone number. The holy grail. The unique ID.
After logging into Messenger, a prompt appears to share contacts. Continuously feeding Facebook info about all your friends, regardless of whether they would grant this level of access.
When logging back into WhatsApp it wants the lot: contacts, photos, media and files
*Not* giving your phone number to FB is a borderline pointless: they have it anyway. If any of your friends accepts to Messenger or WhatsApp accessing their contacts, Facebook knows your number, no matter what you do
Oh, and it turns out that Facebook Messenger app no longer lets you log out facebook.com/help/messenger…
Getting a few Qs about Facebook saying in 2018 it would disable 'lookup by phone number'. I'm no expert on Facebook privacy settings (is anyone!?) but one thing is clear: either the 2018 statement is misleading or the current settings page is misleading newsroom.fb.com/news/2018/04/r…
As of March 2019 the settings screen on Facebook reads:

Who can look you up using the phone number you provided?
This applies to people who can't see your phone number on your profile.

(+ the default for me, and many others, was "everyone", despite only providing phone for 2FA)
"Don't use phone number for 2FA, use an app"

1. Yes, totally
2. App-based 2FA is too difficult for majority of FB users
3. In my particular instance, FB made a phone number (with verification code sent) mandatory, due to being admin of a large page. This won't apply to everyone.
Here’s what appears to be happening. When it comes to personal details like phone #, Facebook distinguishes between the terms “look up” and “search”. Using phone # in *search* was disabled in 2018, but not the ability to “look up” up profile edition.cnn.com/2019/03/04/tec…
Here's what the search/look-up difference appears to mean:

What you can’t do now: 🔍❌ enter any phone number to “search” for matching profile/s

What you can still do now: 🔄🔍✅ Create an address book full of numbers, sync it to Facebook, and “look up” matching profiles
For anyone who provided a phone number for 2FA (and didn't delve into settings to find that "look up" was enabled for "everyone") that theoretically means a bad actor could dump a phone number list into an address book, sync to FB, and find the real names/pictures of all matches
FB: this isn't new, people have been able to do this for ages theguardian.com/technology/201…
No matter which prompt appeared on screen, Facebook always considered (and still considers) phone numbers that are added for security to be fair game for other features. Including looking up profiles. You provide your number? We'll use it.
"you idiot why would you give FB your phone number"

This won't apply to everyone, but in my specific instance, FB *required* it due to being admin of a large page. After continually ignoring it, a final notice informed me the page would be deleted if no phone number was provided
Here's the end goal IMO.

I don't even object to it being a goal. But give users a choice to merge or link accounts, and respect their boundaries when it come to personal data. Not doing that makes it difficult for a rational person to trust that *any* info can be kept private.
I hadn't seen this from former Facebook chief security officer @alexstamos until now. Ugh. (via @lisavaas nakedsecurity.sophos.com/2019/03/05/fac… )

Putting "Privacy-focussed" in the headline is a great strategy, but none of the things mentioned stop Facebook knowing who you are, your location, mobile number, who you're connected to, linking this to other data sets, or following you around the web m.facebook.com/notes/mark-zuc…
I swear I'm not *trying* to dunk on FB at every opportunity, but they sure don't make it easy when accumulating so much data while hoping we get distracted by the public-facing feature set
Anyone paying attention can easily see FB wants to change the narrative (privacy! encrypt! users!), keep up with user trends (move to stories, group chat, etc), while making no changes to how it grows its huge data set on everyone
Facebook owns up: oh you once linked FB to your Instagram account? There’s no way to ever remove that link. Even if you tap “unlink” wired.com/story/instagra…
Expect to see this reasoning wheeled out every time Facebook wilfully shares your info between Instagram, WhatsApp and FB...even if you never even linked accounts. Too bad if you wanted your Insta or WhatsApp to be private from FB profile
One more way for FB to fingerprint your device, if you’re using an Android phone. Wonder if it does this when not logged in?
I’m sure FB appreciates having access to one of the most popular phones out there, with no way to uninstall (even better for them if data collection to fingerprint devices works on these phones without logging in)
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Jeremy Burge

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!