Privacy Fail: How Facebook Steals Your Friends Phone Numbers

Posted · 97 Comments

In early January, Facebook updated their iPhone app to include a Contact Sync feature. In a nutshell, “Facebook Contact Sync” allows you to synchronise your friends’ latest Facebook profile pictures with the matching contact entry in your mobile phone’s address book. Due to “Terms of Service Issues” however, Facebook does not sync your friends email addresses or phone numbers (listed on their Facebook profile) TO your phone.

Ironically, what Facebook WILL DO, with neither your knowledge or consent, is import ALL the names and phone numbers FROM your phone’s address book and upload them to your Facebook Phonebook app (Click HERE to see your Facebook Phonebook) on, thus storing your private contact numbers on Facebook‘s servers. Once your phone is synced , Facebook will attempt to match the newly uploaded phone numbers to users that have listed the same phone number on their Facebook profile, wether you are friends with them or not. If Facebook cannot make a match, it will create a new contact entry in your Facebook Phonebook using the contact details imported from your phone, and add a link to invite them to join Facebook. And guess what? There is no way to delete the names and numbers Facebook imports from your phone’s address book.

Boom. You just got jacked by Facebook.

So what is so worrisome about Facebook uploading your mobile phone’s address book to their servers? Several things:

1) Facebook doesn’t warn users that they are uploading their phone’s adress book to Facebook. In fact, because Facebook doesn’t sync contact numbers or email addresses TO your phone, most users wrongly assume that Facebook Contact Sync only syncs user pictures. In reality though, they are pumping your address book, without your consent.

2) Phone numbers are private and valuable. Most people who have entrusted you with their phone numbers assume you will keep them private and safe. If you were to ask your friends, family or co-workers if they are ok with you uploading their private phone numbers to be cross-referenced with other Facebook users, how many of them do you think would be ok with it?

3) Facebook doesn’t exactly have a perfect track record when it comes to protecting your privacy. And whilst it’s unlikely that your data will fall into the wrong hands or be used for evil, it’s still a possibility. If you can look past that and entrust Facebook with your own information, that’s fine. But can you really make that call (pun painfully intended) for every single person in your mobile phone’s address book? Would you like it if someone else was making that call about your own private information?

4) Facebook‘s privacy policy isn’t a two way street. While they won’t let you sync phone numbers and email addresses from Facebook TO you mobile phone, they are quite happy to to sync ALL your phone numbers on your mobile phone TO Facebook and not let you delete it. How is that not a Terms of Service issue?

5) Whilst checking my Facebook Phonebook, I noticed that there were a number of people that I did not know and was not friends with. Facebook had matched them to phone numbers imported from my phone. Turns out some of these unknown users had fraudulently listed the phone numbers of hotels or businesses, that I had saved on my phone, as their own. Other users simply had phone numbers that matched some of my contacts due to both them and I not including an international dialling code before the phone number in question.

Here is another scenario: Random guy, meets random girl in random club. Girl gives boy phone number. Boy is blasted. Boy doesn’t enter phone number correctly and confuses the last two digits. In a twist of fate, the phone number he enters is YOUR phone number (Your phone number and random girl’s phone number are the same, except for the last two digits). Boy syncs phone to Facebook. Facebook matches your newly uploaded phone number to your Facebook profile. Now random boy has your name, Facebook profile and phone number. Unlikely scenario, perhaps, but still possible. When a wrong number is dialed, someone usually picks up, right? Well why couldn’t that person be you?  The point is your phone number is being cross referenced in a system-wide Facebook phone directory, and you never opted in.

6) Facebook is notoriously littered with hundreds of malicious “Facebook Apps“, phishing scams and hacked accounts. Their sole purpose is to pump your account for your private data and that of your connected friends. Facebook is not the type of environment most users are comfortable storing phone numbers on, nor should it be. As much as I have defended Facebook in the past, the amount of hacked accounts I see on a regular basis on Facebook forces me to think otherwise.

The Bottom Line:

I’m not suggesting uploading your address book online is tabboo. A large portion of my address book lives in Gmail, so I’m no stranger to the concept. In fact, I’m a fan. The difference is, with Gmail I did so willingly. It wasn’t done so for me or without my consent. Furthermore,  I chose WHICH contacts I wanted to backup online. There are some contacts and phone numbers who’s privacy I simply refuse to risk on the Web. Facebook has taken and continues to take liberties on behalf of their users. Their perception of privacy and their users perception of privacy is often very different. I don’t think this is maliciousness on Facebook‘s part, but it does show me that Facebook is painfully out of touch with the needs and beliefs of their CORE users, who are still wary of the openness that a Web 2.0 lifestyle entails. It’s their right. Facebook needs to either respect that or openly provide a disclaimer that they do not.

(NOTE: The above post outlines my experience with Facebook Contact Sync and my iPhone. If you are a Blackberry, Palm Pre, Android or other platform user, please leave me a comment bellow outlining your own experience and/or feeling on this subject matter. Much Thanks!)

97 Responses to "Privacy Fail: How Facebook Steals Your Friends Phone Numbers"
  1. Hello all.
    I have the same problem with my Iphone contacts going public on FB.
    Ive made sure the Sync option is disabled on my phone, and asked FB to delete all my contacts from the site (even got a mail from FB saying: “As you requested, your imported contacts have been removed…”). But still all my friend can see all of my contacts!

    Does anyone know how to disable that and make sure my contacts are deleted from my friends list?


  2. Ken says:

    this is a crock of doo doo. what you are looking at [your phonebook]  is a list of numbers for YOUR friends. its in YOUR accounts area -and  thus NOT VISIBLE to anyone else but YOU .. or a hacker. [always possible - and not FB's fault per se]. 

    FB sync from a fone gives a full screen alert that you must agree to – that tells you EXACTLY what it’s doing and asks you to agree or NOT.   try it … it wont post anything either way without you agreeing. If your number is in your profile and you’ve not set your security preferences to hide it then it will be displayed as per these settings. If you don’t want information available DONT PUT IT IN YOUR PROFILE! it’s easy!
    I’m no big fan of Zuckerberg and Co but they give you a sensational social networking tool for FREE. It’s idiocy IMHO to suggest that FB are going to do seriously dodgy things with private data. They need us to like them. Imagine if they were exposed like the News of the World lot???  how many ppl would lose their jobs – and Zuckerberg and Co would lose billions off their asset.  If you’re concerned about security – it’s easy : don’t put anything online that you don’t want shared. The internet is a vast UNSECURED network. This isn’t Facebook’s fault. They’ve even enabled SSL unlike most other SN portals. (look it up if you don’t know where its enabled) Their biggest mistake is perhaps to make FB quite customisable [which creates complexity which is clearly confusing most of you here]. 

    • Heather says:

      OK Ken so my can MY sister see MY friends who are not on FB? why are MY contacts VISIBLE to HER? she called out a list of people I know who she doesn’t know with their numbers.  Oh and I didn’t get any screen alert I don’t have an IPhone.  I’m not too sure whether FB know that they have published other peoples contacts on other peoples contacts list? I would be mortified if someone called up my granny because they found her number on their contacts list and so would she!

  3. Ishtehburgermeister says:

    Very well spoken sir. Now, this calls for a lawsuit! Or an angry mob, or a conspiracy forum, depending on which I decide sounds more fun overall. I’m gonna send this page to people I know, probably. Have a good one.

  4. Vanilla says:

    HI, I registered a facebook account and the next day when i went to logg in to look around It was asking me for my phone number so it could verify my account as they had locked me out. I didnt want too but i gave them my phone number as i was reading on line and was under the impression that this was their new security measures. ANYWAY….. i finally get back into my account and i see one of my friends profile photo under ” you might know this person” tab or something like that….on the right hand side.NOW i have not told anyone that i am on facebook, I have no friends added to my facebook account…so no one could have been linked… on earth did facebook know that this was MY friend? the only way was via my phone number that I had given facebook to verify my account. They must have scanned the numbers and matched it with her facebook account or something……. NOW i think this is an invasion of privacy!

  5. Sana says:

    call me boys anytime
    fuck me harder

  6. Cosmic-antidust says:

    Hi, I think I was about to sync my phone calendar via a hosted server, but then wondered – what actually is sync-ing doing?  Am I permitting so much?  Thanks

  7. Themike86 says:

    My Android based phone pulls phone numbers from Facebook… within thirty seconds of setting up Facebook on my phone, my phone’s address book was full of numbers and pictures for all my Facebook friends who have numbers listed. The same thing that’s supposedly a ToS violation. What the…?
    For what it’s worth, I don’t see the problem with that particular transfer – it’s just populating my address book with data I could get by clicking onto their profile anyway – including from my phone – so what’s it matter? It’s actually incredibly convenient. Why Facebook now apparently forbids this while allowing it to happen the other way, which is a VERY different matter, is beyond me.

  8. Das says:

    There are thousands of escort listings in you local area. There are lots of latina, incall and outcall escorts. Most are independent agencies.

    girls phone numbers
    backpage escorts

  9. Dogy1 says:

    07563946102 call me

Leave a Reply

%d bloggers like this: