Facebook Uses 2FA Phone Numbers for Targeted Ads

AlphaAtlas

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
Following a story on Gizmodo claiming that Facebook was using information users never willingly gave up, Facebook confirmed that it uses 2FA phone numbers to send targeted ads to users. Facebook users noticed they were getting spammed on their 2FA phone numbers a couple of months ago, but the company called it a "bug" back then. Apparently, that bug is now a feature. As of May this year, you don't have to use your phone number for 2FA, and Facebook says that's exactly how users can opt out of the service.

Here's the statement, attributed to a Facebook spokesperson: "We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time." A spokesman also told us that users can opt out of this ad-based repurposing of their security digits by not using phone number based 2FA. (Albeit, the company only added the ability to do non-mobile phone based 2FA back in May, so anyone before then was all outta luck.)
 
thenapalm said:
Why the fuck do people still use Facebook? At what point does it become a personal liability or just too invasive? Are they too addicted to quit?
Click to expand...

The problem is they have become the mythical 'single sign on service'. Load up the Epic Games Client, the absolute top option is to sign up with a facebook account, then google's 'single sign on service, and then below that and separated, is the email option.

Its being pushed at us from all angles. You also forget that Facebook is diversified. They own Whatsapp, Instagram, Oculus and a host of other tools.
 
I prefer opting out of 2FA all together.

Ord highöy annoyibg to deal with, and really doesn't help much beyond just having a strong password.

If anything I'd rather have companies set up private key/public key authentication instead.
 
thenapalm said:
Why the fuck do people still use Facebook? At what point does it become a personal liability or just too invasive? Are they too addicted to quit?
Click to expand...

Because some people can't resist the urge to step on top of the soapbox and start blabbing nonsense. Other people like stalking other people online, and\or people watching those people soapboxing. So you're either crazy and love facebook, or you're completely normal and love facebook because you get to people watch in private, or you're a nerd like most of us here - people who get chubs over hardware and would rather not interact with the human race :)
 
  • Like
Reactions: N4CR
like this
thenapalm said:
Why the fuck do people still use Facebook? At what point does it become a personal liability or just too invasive? Are they too addicted to quit?
Click to expand...

Without it, how would they wage passive-aggressive feuds with their frenemies and family?

:D
 
Facebook has helped me sell stuff and keeps me connected to family. Otherwise I'd drop the garbage if I could. Oh and I think it's helped me get laid.
 
oneshort said:
This is exactly why I refused to give them my number in the first place.
Click to expand...

Me too. I'm sure they have it anyways though since at least one of my stupid friends has bound to have installed the app on their phone and let it scrape their contacts.
 
thenapalm said:
Why the fuck do people still use Facebook? At what point does it become a personal liability or just too invasive? Are they too addicted to quit?
Click to expand...

Unfortunately, by now facebook has become such a behemoth at data acquisition (also from non-users) that I suspect that it does not really need its "social media" activities, not even for advertising. Does it help them gathering info and showing ads? Yes. Essential for those purposes? No.
 
Wait, so they were sending ads to the phone# provided?

That's beyond over-reaching. Better security should never have a major downside.
 
Thank God I never set up with 2FA with them. And when I saw that the Facebook app took up like 700 MB on my iPhone, I finally just uninstalled the app.
 
...and this is why FB should be regulated into the dirt. Because they do illicit, underhanded, scheming things such as this.
 
Spidey329 said:
Wait, so they were sending ads to the phone# provided?

That's beyond over-reaching. Better security should never have a major downside.
Click to expand...

Performing ad targeting based upon phone number given- like this -

1. You setup your phone number for 2FA or it is scraped from a friend's address book.
2. Company wants to target prior customers and has data about them, including phone number. Company uploads to Facebook for an ad campaign to target their prior customers.
3. You see ads from companies you have bought from before or related to prior purchases.
4. …
5. Facebook profits.
 
Zarathustra[H] said:
I prefer opting out of 2FA all together.

Ord highöy annoyibg to deal with, and really doesn't help much beyond just having a strong password.

If anything I'd rather have companies set up private key/public key authentication instead.
Click to expand...

Oh look, fellow European ;p

On topic...
I don't mind Facebook being included as a big thing in my life. Even if it sells my customer data so I get targeted ads.
I would rather get targeted ads than a bunch of junk I don't care about.
Do I trust Facebook? Yes and no.
Am I bothered enough to ditch it? No.
Facebook ads are basically the only ads I see. In reality I have opted out of all ads. I don't mind seeing some stuff that is relevant to me.
And I must admit that "log in with Facebook" button is very convenient ;)
If there has to be a necessary evil in my life (and I feel there has to be) I'll let Facebook be that evil.
 
I have an aunt that posts cooking advice and occasionally pics of family.

I wish people would just go back to email.
 
Nebell said:
Oh look, fellow European ;p

On topic...
Click to expand...

Heh, yeah, I always hit the damned language change button on the google keyboard on my phone by accident, and that causes all the letters to move around, and results in weird typos that I don't always catch.

I'm back in the U.S. now since 1999, but I grew up in, and lived for 16 years in Sweden. Used to speak Swedish and German fluently. These days my Swedish is a little rusty, and my German is almost gone, which is sad.


Nebell said:
I don't mind Facebook being included as a big thing in my life. Even if it sells my customer data so I get targeted ads.
I would rather get targeted ads than a bunch of junk I don't care about.
Do I trust Facebook? Yes and no.
Am I bothered enough to ditch it? No.
Facebook ads are basically the only ads I see. In reality I have opted out of all ads. I don't mind seeing some stuff that is relevant to me.
And I must admit that "log in with Facebook" button is very convenient ;)
If there has to be a necessary evil in my life (and I feel there has to be) I'll let Facebook be that evil.
Click to expand...


I'm a little bit more concerned than you there. I'm not sure I trust Facebook to do the right thing. On paper, I have no problem with data being used for targeted ads. If I have to suffer through ads, its better that they are targeted to my interests. That said, I feel there are many pitfalls of data collection. Whenever data is collected it has value, and when something has value it becomes a target for misuse, either by those inside the company, or by outside actors trying to steal it.

We already know that Facebook plays fast and loose with who they share data with, just look at the Cambridge Analytica scandal so already there the trust factor is diminished.


That said, Facebook serves as the only way I can keep up with many old friends and more distant relatives. So many people don't even email anymore. I have often been tempted to just do away with my Facebook account, but the contacts I would lose touch with prevent me. That and the sad truth is its probably too late. My data is already collected, and it is unlikely they will delete it.

Same thing with Google. The recent revelation that they have actual people both inside Google and in third parties actually reading peoples emails was very troubling to me. At this point though, the alternatives to gmail are limited, and mot of them are no more trustworthy than google is. I even looked into setting up my own mail server, but that - it turns out - they have made very difficult. ISP's block key port, and even if you can get around that, if you have a dynamic IP,chances is your server gets blacklisted and none of your emails are accepted by other servers. And even if you do, if you are emailing other people who use gmail, Google gets your data anyway.


It's at the point now where it is hopeless. The individual can do very little to avoid this kind of tracking even if they want to and are dedicated enough to put the work in to do so.

This is why I believe we need more regulation. the EU privacy regulations were OK, but I believe we need something far ore than that. It should be a crime to keep a database on anyone for any reason other, than maybe medical records, and for billing purposes.


I have given it some thought previously and suggested something like this:

1.) No organization shall collect, store, monetize or use user data without the explicit consent of the user, and when the users consent is given it must be for a specific purpose, and only for this specific purpose, no blanket permissions.

2.) Data may only be used for the exact purpose which it was collected or shared, even if posted publicly. This includes any and all data harvesting or mining.

3.) It must be made illegal to withhold or alter services if a user decides not to provide consent.

4.) If you offer a service for free that collects data on its users, you must also offer said service for free to those who elect not to consent to shared data. Same if you offer a paid service, this service must be offered at the same price regardless of whether users opt in or not.

5.) All data sharing options must default to decline sharing.

6.) Some services require user data in order to function. In this case the data may be collected, but may not be used for any other purpose than directly providing the service unless the user explicitly opts in, as in #1

7.) You may ask your users to support you, by voluntarily agreeing to share their data, but if they decline you may not spam them with requests. If they decline, you must wait one year before asking again.

8.) All previous user data collected, not in compliance with the above must be permanently erased.

9.) Context based advertising based entirely on what is currently on screen, and does not store any user data is not prohibited by these rules.

10.) The rules above apply to all organizations operating on U.S. soil or with any presence in the U.S. regardless of the nationality of the users, AND to organizations operating anywhere in the word with users located in the U.S.

11.) Minimum fines of $1,000 per database record per day to be assessed for any non-compliance

12.) If the offending organization cannot be fined (due to bankruptcy or location outside of jurisdiction) any subsidiary or parent organization inside U.S. jurisdiction will be assessed in their place.

13.) Exemption: Credit agencies are exempted from these regulations, however, credit agency data may only be used to check credit history in support of a loan application, and then only after an end user has requested a line of credit. The data may not be shared or used for marketing purposes. The credit agency data may not be monetized in any other way except by charging a fee to a financial institution looking to assess the risk of a loan provided to a person.

14.) Exemption: Background checks. Similarly Background checks are exempted from these rules, but may only be used to establish the civil infraction and criminal backgrounds of any person, and only by prospective employers (private persons or companies) Background check data may not be monetized in any other way except a fee to the requesting company or person.

I understand this would be very harmful to the social media industry. I don't harbor any ill will against the industry, but privacy is important enough that it must be saved at ANY cost.
 
Zarathustra[H] said:
Heh, yeah, I always hit the damned language change button on the google keyboard on my phone by accident, and that causes all the letters to move around, and results in weird typos that I don't always catch.

I'm back in the U.S. now since 1999, but I grew up in, and lived for 16 years in Sweden. Used to speak Swedish and German fluently. These days my Swedish is a little rusty, and my German is almost gone, which is sad.





I'm a little bit more concerned than you there. I'm not sure I trust Facebook to do the right thing. On paper, I have no problem with data being used for targeted ads. If I have to suffer through ads, its better that they are targeted to my interests. That said, I feel there are many pitfalls of data collection. Whenever data is collected it has value, and when something has value it becomes a target for misuse, either by those inside the company, or by outside actors trying to steal it.

We already know that Facebook plays fast and loose with who they share data with, just look at the Cambridge Analytica scandal so already there the trust factor is diminished.


That said, Facebook serves as the only way I can keep up with many old friends and more distant relatives. So many people don't even email anymore. I have often been tempted to just do away with my Facebook account, but the contacts I would lose touch with prevent me. That and the sad truth is its probably too late. My data is already collected, and it is unlikely they will delete it.

Same thing with Google. The recent revelation that they have actual people both inside Google and in third parties actually reading peoples emails was very troubling to me. At this point though, the alternatives to gmail are limited, and mot of them are no more trustworthy than google is. I even looked into setting up my own mail server, but that - it turns out - they have made very difficult. ISP's block key port, and even if you can get around that, if you have a dynamic IP,chances is your server gets blacklisted and none of your emails are accepted by other servers. And even if you do, if you are emailing other people who use gmail, Google gets your data anyway.


It's at the point now where it is hopeless. The individual can do very little to avoid this kind of tracking even if they want to and are dedicated enough to put the work in to do so.

This is why I believe we need more regulation. the EU privacy regulations were OK, but I believe we need something far ore than that. It should be a crime to keep a database on anyone for any reason other, than maybe medical records, and for billing purposes.


I have given it some thought previously and suggested something like this:

1.) No organization shall collect, store, monetize or use user data without the explicit consent of the user, and when the users consent is given it must be for a specific purpose, and only for this specific purpose, no blanket permissions.

2.) Data may only be used for the exact purpose which it was collected or shared, even if posted publicly. This includes any and all data harvesting or mining.

3.) It must be made illegal to withhold or alter services if a user decides not to provide consent.

4.) If you offer a service for free that collects data on its users, you must also offer said service for free to those who elect not to consent to shared data. Same if you offer a paid service, this service must be offered at the same price regardless of whether users opt in or not.

5.) All data sharing options must default to decline sharing.

6.) Some services require user data in order to function. In this case the data may be collected, but may not be used for any other purpose than directly providing the service unless the user explicitly opts in, as in #1

7.) You may ask your users to support you, by voluntarily agreeing to share their data, but if they decline you may not spam them with requests. If they decline, you must wait one year before asking again.

8.) All previous user data collected, not in compliance with the above must be permanently erased.

9.) Context based advertising based entirely on what is currently on screen, and does not store any user data is not prohibited by these rules.

10.) The rules above apply to all organizations operating on U.S. soil or with any presence in the U.S. regardless of the nationality of the users, AND to organizations operating anywhere in the word with users located in the U.S.

11.) Minimum fines of $1,000 per database record per day to be assessed for any non-compliance

12.) If the offending organization cannot be fined (due to bankruptcy or location outside of jurisdiction) any subsidiary or parent organization inside U.S. jurisdiction will be assessed in their place.

13.) Exemption: Credit agencies are exempted from these regulations, however, credit agency data may only be used to check credit history in support of a loan application, and then only after an end user has requested a line of credit. The data may not be shared or used for marketing purposes. The credit agency data may not be monetized in any other way except by charging a fee to a financial institution looking to assess the risk of a loan provided to a person.

14.) Exemption: Background checks. Similarly Background checks are exempted from these rules, but may only be used to establish the civil infraction and criminal backgrounds of any person, and only by prospective employers (private persons or companies) Background check data may not be monetized in any other way except a fee to the requesting company or person.

I understand this would be very harmful to the social media industry. I don't harbor any ill will against the industry, but privacy is important enough that it must be saved at ANY cost.
Click to expand...
Not a bad idea.
 
You must log in or register to reply here.
Back
Top