Privacy Fail: How Facebook Steals Your Friends Phone Numbers

By On · 97 Comments

In early January, Facebook updated their iPhone app to include a Contact Sync feature. In a nutshell, “Facebook Contact Sync” allows you to synchronise your friends’ latest Facebook profile pictures with the matching contact entry in your mobile phone’s address book. Due to “Terms of Service Issues” however, Facebook does not sync your friends email addresses or phone numbers (listed on their Facebook profile) TO your phone.

Ironically, what Facebook WILL DO, with neither your knowledge or consent, is import ALL the names and phone numbers FROM your phone’s address book and upload them to your Facebook Phonebook app (Click HERE to see your Facebook Phonebook) on Facebook.com, thus storing your private contact numbers on Facebook‘s servers. Once your phone is synced , Facebook will attempt to match the newly uploaded phone numbers to users that have listed the same phone number on their Facebook profile, wether you are friends with them or not. If Facebook cannot make a match, it will create a new contact entry in your Facebook Phonebook using the contact details imported from your phone, and add a link to invite them to join Facebook. And guess what? There is no way to delete the names and numbers Facebook imports from your phone’s address book.

Boom. You just got jacked by Facebook.

So what is so worrisome about Facebook uploading your mobile phone’s address book to their servers? Several things:

1) Facebook doesn’t warn users that they are uploading their phone’s adress book to Facebook. In fact, because Facebook doesn’t sync contact numbers or email addresses TO your phone, most users wrongly assume that Facebook Contact Sync only syncs user pictures. In reality though, they are pumping your address book, without your consent.

2) Phone numbers are private and valuable. Most people who have entrusted you with their phone numbers assume you will keep them private and safe. If you were to ask your friends, family or co-workers if they are ok with you uploading their private phone numbers to be cross-referenced with other Facebook users, how many of them do you think would be ok with it?

3) Facebook doesn’t exactly have a perfect track record when it comes to protecting your privacy. And whilst it’s unlikely that your data will fall into the wrong hands or be used for evil, it’s still a possibility. If you can look past that and entrust Facebook with your own information, that’s fine. But can you really make that call (pun painfully intended) for every single person in your mobile phone’s address book? Would you like it if someone else was making that call about your own private information?

4) Facebook‘s privacy policy isn’t a two way street. While they won’t let you sync phone numbers and email addresses from Facebook TO you mobile phone, they are quite happy to to sync ALL your phone numbers on your mobile phone TO Facebook and not let you delete it. How is that not a Terms of Service issue?

5) Whilst checking my Facebook Phonebook, I noticed that there were a number of people that I did not know and was not friends with. Facebook had matched them to phone numbers imported from my phone. Turns out some of these unknown users had fraudulently listed the phone numbers of hotels or businesses, that I had saved on my phone, as their own. Other users simply had phone numbers that matched some of my contacts due to both them and I not including an international dialling code before the phone number in question.

Here is another scenario: Random guy, meets random girl in random club. Girl gives boy phone number. Boy is blasted. Boy doesn’t enter phone number correctly and confuses the last two digits. In a twist of fate, the phone number he enters is YOUR phone number (Your phone number and random girl’s phone number are the same, except for the last two digits). Boy syncs phone to Facebook. Facebook matches your newly uploaded phone number to your Facebook profile. Now random boy has your name, Facebook profile and phone number. Unlikely scenario, perhaps, but still possible. When a wrong number is dialed, someone usually picks up, right? Well why couldn’t that person be you?  The point is your phone number is being cross referenced in a system-wide Facebook phone directory, and you never opted in.

6) Facebook is notoriously littered with hundreds of malicious “Facebook Apps“, phishing scams and hacked accounts. Their sole purpose is to pump your account for your private data and that of your connected friends. Facebook is not the type of environment most users are comfortable storing phone numbers on, nor should it be. As much as I have defended Facebook in the past, the amount of hacked accounts I see on a regular basis on Facebook forces me to think otherwise.

The Bottom Line:

I’m not suggesting uploading your address book online is tabboo. A large portion of my address book lives in Gmail, so I’m no stranger to the concept. In fact, I’m a fan. The difference is, with Gmail I did so willingly. It wasn’t done so for me or without my consent. Furthermore,  I chose WHICH contacts I wanted to backup online. There are some contacts and phone numbers who’s privacy I simply refuse to risk on the Web. Facebook has taken and continues to take liberties on behalf of their users. Their perception of privacy and their users perception of privacy is often very different. I don’t think this is maliciousness on Facebook‘s part, but it does show me that Facebook is painfully out of touch with the needs and beliefs of their CORE users, who are still wary of the openness that a Web 2.0 lifestyle entails. It’s their right. Facebook needs to either respect that or openly provide a disclaimer that they do not.

(NOTE: The above post outlines my experience with Facebook Contact Sync and my iPhone. If you are a Blackberry, Palm Pre, Android or other platform user, please leave me a comment bellow outlining your own experience and/or feeling on this subject matter. Much Thanks!)

Tagged with:  
Older Comments

  • Pingback: The Alan Watt Talks/Shows | Keighley's News And Views

  • Vivek_mal90

    hai

  • Pingback: Is your private phone number on Facebook? Probably. And so are your friends’

  • Sloopwill

    this is very serious… please read… I have just gotten prof that facebook sells your phone number..
    read:

    I am in the middle of bankruptcy due to being unemployed for nine mths… like who isnt…

    To avoid harrassment my attorney suggested i get a new phone and number with a friend’s plan.

    The friend, bought a new droid four weeks ago, registered to THEIR verizon account. My NAME was not associated with this phone number in any way.

    I have been using the phone for three weeks – and silly me decided to turn on the facebook phone app so i could send pics from my phone to my facebook account. I noticed that suddenly all the phone numbers of facebook friends were now loaded on my address book… I never wanted them. so i ignored it not thinking there is a reverse flow of info from my number to theirs.

    Now I HAVE never set up voice mail on the phone and when i first started using it people receiving calls from me would just get a number… not my name.

    Two days ago I got a strange call from a number i did not recognize. I did not answer it.

    I had barely given the new number out to family let alone friends.

    I reversed the phone and did not recognize the location even though it was a local within 40 miles number.

    I had my son (20) call the number to inquire who it was…. When the person answered he said… “I would like to know who this is please you keep calling my phone.

    The caller said… “oh I was looking for ******* is she around..” using my facebook name… not my real one.

    He told them to stop calling it was a new number for him….

    I could not figure this out until i recognized that NOW… when i use that phone and call someone instead of just having a number come up on caller ID…. everyone i call gets my name

    exactly as it appears in facebook!

    It took less than two weeks for facebook to take my name and put it on a list and sell it off.

    I have never listed any phone number on my facebook account.

    I have never played a game or accessed an app… each time they ask for my phone number for this or for “security” i simply ignore it and dont use the app.

    I have set my security on facebook for the highest it can go…. only friends can contact me.. only friends can see my posts… etc.. I dont subsribe to any apps or services.

    So how did this person find me? on a new number not even registered to my name?

    facebook took it from my new droid and sold it!

    please alert people

  • Sloopwill

    This is not true…. facebook DOES sell your number read a recent blog i just posted…

  • Thaonexavier

    this is some seriously scary shit that shouldn’t be happening anyway

  • http://www.facebook.com/people/Steven-Fox/739899076 Steven Fox

    While this is an issue with Facebook, its equally an issue with iPhone. Windows phone apps require explicit permission to access sensitive information (location/contacts). Yet it manages to provide deeper facebook integration in general.

  • Giggins

    I hear this all the time… “Facebook (or Google, etc.) has changed this feature and now you have control over your private info…” What makes you think these companies will maintain a stance of strong privacy protection when they’ve so often demostrated a cavalier, even hostile approach to privacy issues in the past? So they’ve fixed this for now. What’s next? What are they CURRENTLY doing with our information that we will discover next month? We live in a world where private information is increasingly availble, and much of it we cannot control. But why would anyone intentionally upload not only their own, but other people’s private information to a social network known for its privacy disasters?

  • Lostchord

    Teepo, you make some very good points about openness and sharing being the primary drivers for participating in a social network such as Facebook. Unfortunately, FB is taking info from your contact list, related to people who are not using facebook, storing it and selling it. YOU may give FB permission to share your own info, but it’s eggregious for FB to take my phone number from your contact list since I haven’t given permission.

  • Michaely67

    Not so…. why would FB bother to store it if they dont plan to use it? In fact they use it to match up people who may know each other, and as their privacy policy is subject to change, you have no idea whether your privacy expectations and settings today will be in effect next month. The comment that they don’t share it without your consent is naive.

  • Pingback: Is your private phone number on Facebook? Probably. And so are your friends’ | Cyber Drive

  • Heather

    My daughters phone number is coming up on my friends phonebook contacts even though she isn’t on Facebook and is only 10.  It has taken her number from my phone and uploaded it to some of my friends and I can’t take it off! i’m absolutely furious about this as her number is just for close family only.

  • Bumbaugh K

    I’m a palm pre user and facebook jacked my numbers also. Have you found a way to un-do this yet?

  • Padge

    For Android there is no was to disable this from happening through the Facebook application.  Way to go developers!!! 

    What you can do though is this, go into Facebook under Account and Edit Friends.  On the right-hand side ….Click “Contacts” (here is where you will see your phone contacts listed)Click the link “this page” under “Phonebook Contacts” to the rightClick “Invites and Imported Contacts Page” link in the 1st sentenceChoose in the drop-down field “No, do not remind every 2 weeks.”Check the “I understand the consequences.”Finally click the “Remove All Imported Contacts” button.From this point go to your contacts and remove any or all phone numbers you feel should not be there.Hope this helps some.

  • Padge

    Not sure why my post ran altogether above.  I’m going to try and add page breaks this time to see if it helps.  if it doesn’t, my apologies.For Android there is no was to disable this from happening through the Facebook application.  Way to go developers!!! What you can do though is this, go into Facebook under Account and Edit Friends.  On the right-hand sideClick “Contacts” (here is where you will see your phone contacts listed)Click the link “this page” under “Phonebook Contacts” to the rightClick “Invites and Imported Contacts Page” link in the 1st sentenceChoose in the drop-down field “No, do not remind every 2 weeks.”Check the “I understand the consequences”Finally click the “Remove All Imported Contacts” buttonFrom this point go to your contacts and remove any or all phone numbers you feel should not be thereHope this helps some.

  • http://twitter.com/zerode zerode

    Thanks so much for pointing this out. It’s quite outrageous – though I guess par for the course when it comes to Facebook.

  • BikeFreak

    I think FB accessed it via your smartphone. It accessed mine when I was using my blackberry.

  • Mark

    You stated the problem but you didn’t give an answer how to get rid of it.  I have a Blackberry and I want to eliminate this.  HOW?

  • Mark

    You gave us a one time answer, but does this prevent your contacts from continually being synched by facebook?  I have a Blackberry and need to know how to de-synch it.

  • Halfling Scout

    I dont have a smart phone nor  have i ever synced my phone with FB: how could I? Yet I have a Phone Contact List on FB?

  • Srmaddox

    This is stupid. 

    (1) Just as in gmail, IF you choose to upload your contacts to Facebook, you ARE making the decision to upload other people’s phone numbers to Facebook…so, you’re making the decision about THEIR number anyways.

    (2) When installing the Facebook app (or enabling any mobile features), you are explicitly warned of what data Facebook will have access to. So you do get to choose, even if you might have to avoid using the Facebook app to avoid FB ever having your numbers.

    (3) Once they DO have your contact list, you can opt out.

    So, ultimately, all Facebook did was allow you to chose to upload data you already know for your own personal use on Facebook’s website. Out of all the privacy issues i’ve seen Facebook go through, and all the mistakes they’ve made, this is by far the stupidest one to complain about. Are you going to go around and complain that people can make google aware of your friends’ phone numbers? 

    Maybe Facebook’s interface has always sucked – but if you ARE that worried about Facebook having your phone numbers, you should probably READ the part that says “Facebook will have access to your contact list” when you install the app. 

    Fact is, if you missed that little notice when you installed the app, the only reason you KNEW they had access was because of the new feature. An unscrupulous programmer could have just put that permission in and datamined everyone’s contacts and never actually used it to implement a useful feature, and few people would have ever even asked why FB needed their contact list. 

  • Deyo06

    My iPhone sync in the Facebook app wasn’t even enabled and it still picked up numbers for my contacts. How is that even possible?

  • YOUNGGENUS

    Facebook as been doing this for a while now ive posted this on my fb wall over and over few took attention to it 
    Frankly Fb is wrong and until someone takes them to court they are not gonna remove the app.
    Hackers Anonymous is planning an attack  shortly so be WARNED

  • Robert Tyson

    I havea BB torch and have just installed the latest version of FB. I was not asked to sync contacts at all and ws not asked to upload aything but when I checkedall my contacts were uploded i have complained to FB about this but doubt I will get a response I have removed the contacts but they shoud have asked first!

  • Felicity

    Thank you Padge, I have been messing with the settings in my BB for hours trying to get my contact numbers out of FB

     and solved the problem in seconds with your advise :-)

  • Yaneverknow8

    this is a ridiculous comment. You must work for facebook.  I personally never chose to upload my address book to facebook, and never installed the app, it was done at the carrier store. I have a BlackBerry and there is no visible sync feature.  IPhone apparently has one, BB does not.  I have  never seen anything that reads ‘facebook will have access to your contact list’. Are you kidding?  This is so not a useful feature..why would I need all my contacts who are not facebook friends to be listed on facebook? Silly, I can’t even believe I’m commenting…
     

  • Lesley

    you are wrong. Just the opposite. Privacy is important to most people

  • Pingback: Facebook mobile contact info | Tier3 Hosting and Consulting

  • Smhanne

    I deleted the FB app and go to FB via my browser directly.  That has STOPPED all syncing from my very personal PRIVATE DATA up to their (FB) databank.

  • http://www.facebook.com/billykov Billy Kovalsky

    Hello all.
    I have the same problem with my Iphone contacts going public on FB.
    Ive made sure the Sync option is disabled on my phone, and asked FB to delete all my contacts from the site (even got a mail from FB saying: “As you requested, your imported contacts have been removed…”). But still all my friend can see all of my contacts!

    Does anyone know how to disable that and make sure my contacts are deleted from my friends list?

    Thanks.
    Billy.

  • Laur

    Same with me.  I’ve deleted the FB app from my iPhone, and still the contact information is on FB.  I just selected the “remove” choice at the FB site.

  • Ken

    this is a crock of doo doo. what you are looking at [your phonebook]  is a list of numbers for YOUR friends. its in YOUR accounts area -and  thus NOT VISIBLE to anyone else but YOU .. or a hacker. [always possible - and not FB's fault per se]. 

    FB sync from a fone gives a full screen alert that you must agree to – that tells you EXACTLY what it’s doing and asks you to agree or NOT.  http://bit.ly/pdQ3s6   try it … it wont post anything either way without you agreeing. If your number is in your profile and you’ve not set your security preferences to hide it then it will be displayed as per these settings. If you don’t want information available DONT PUT IT IN YOUR PROFILE! it’s easy!
    I’m no big fan of Zuckerberg and Co but they give you a sensational social networking tool for FREE. It’s idiocy IMHO to suggest that FB are going to do seriously dodgy things with private data. They need us to like them. Imagine if they were exposed like the News of the World lot???  how many ppl would lose their jobs – and Zuckerberg and Co would lose billions off their asset.  If you’re concerned about security – it’s easy : don’t put anything online that you don’t want shared. The internet is a vast UNSECURED network. This isn’t Facebook’s fault. They’ve even enabled SSL unlike most other SN portals. (look it up if you don’t know where its enabled) Their biggest mistake is perhaps to make FB quite customisable [which creates complexity which is clearly confusing most of you here]. 

  • Heather

    OK Ken so my can MY sister see MY friends who are not on FB? why are MY contacts VISIBLE to HER? she called out a list of people I know who she doesn’t know with their numbers.  Oh and I didn’t get any screen alert I don’t have an IPhone.  I’m not too sure whether FB know that they have published other peoples contacts on other peoples contacts list? I would be mortified if someone called up my granny because they found her number on their contacts list and so would she!

  • Pingback: Facebook May Have Your Name adn Number (Even If You’re Not On Facebook) – Facebook Watch | FB Watch

  • Ishtehburgermeister

    Very well spoken sir. Now, this calls for a lawsuit! Or an angry mob, or a conspiracy forum, depending on which I decide sounds more fun overall. I’m gonna send this page to people I know, probably. Have a good one.

  • Vanilla

    HI, I registered a facebook account and the next day when i went to logg in to look around It was asking me for my phone number so it could verify my account as they had locked me out. I didnt want too but i gave them my phone number as i was reading on line and was under the impression that this was their new security measures. ANYWAY….. i finally get back into my account and i see one of my friends profile photo under ” you might know this person” tab or something like that….on the right hand side.NOW i have not told anyone that i am on facebook, I have no friends added to my facebook account…so no one could have been linked…..how on earth did facebook know that this was MY friend? the only way was via my phone number that I had given facebook to verify my account. They must have scanned the numbers and matched it with her facebook account or something……. NOW i think this is an invasion of privacy!

  • Vanilla

    Sorry i meant to say her profile pic was under the ” PEOPLE I MAY KNOW” SECTION

  • Sana

    9007838847
    sana
    call me boys anytime
    fuck me harder

  • Cosmic-antidust

    Hi, I think I was about to sync my phone calendar via a hosted server, but then wondered – what actually is sync-ing doing?  Am I permitting so much?  Thanks

  • valerie

    Your gross

  • Themike86

    My Android based phone pulls phone numbers from Facebook… within thirty seconds of setting up Facebook on my phone, my phone’s address book was full of numbers and pictures for all my Facebook friends who have numbers listed. The same thing that’s supposedly a ToS violation. What the…?
    For what it’s worth, I don’t see the problem with that particular transfer – it’s just populating my address book with data I could get by clicking onto their profile anyway – including from my phone – so what’s it matter? It’s actually incredibly convenient. Why Facebook now apparently forbids this while allowing it to happen the other way, which is a VERY different matter, is beyond me.

  • Das

    Hi
    There are thousands of escort listings in you local area. There are lots of latina, incall and outcall escorts. Most are independent agencies.

    girls phone numbers
    backpage escorts

  • Dogy1

    07563946102 call me

  • Pingback: Path CEO: ‘We Thought We Were Doing This Right’ | Amazon Web Marketing

  • Pingback: Path CEO: ‘We Thought We Were Doing This Right’ | t3knoDorKs

  • Shahakbar45

    Please call me this number 9769093472

  • http://twitter.com/kalesha07 kaleshavali

    ware r u from

Older Comments