Facebook Lets You Harvest Account Phone Numbers

Frequent contributor Bennett Haselton writes with some strong cautions on a Facebook "feature" that lets you search for random phone numbers and find the accounts of users who have registered that number on their Facebook profile. This has privacy implications that are more serious than searching by email address. Especially in light of the expanding emphasis that Facebook is putting both on search qua search and on serving as a VoIP intermediary (not to mention the stream of robocalls that the FCC is unable to stop), this might make you think twice about where your phone number ends up. Read on for Bennett's description of the problem and some possible solutions.

A few weeks ago a friend of mine said she was getting harassing text messages from a particular phone number, which she didn't recognize and which didn't appear in any of her own records. On a whim, I suggested entering the number into the Facebook search box, whereupon we found the guy's profile (even though he had no friends in common with the account we were logged in under), realized who he was, and ratted the thirty-something out to his Mom.

Then I thought: Is it really a good idea, for this to be possible? I tried entering consecutive phone numbers (starting with a random valid number, and varying the last 2 digits from 00 to 99) into Facebook's search box, and 13 of them came up with valid matches. None of those matches had any friends in common with the account we were searching from; as far as I can tell, anybody could enter any phone number into Facebook's search box and find the account associated with it, if there is one.

I think this has non-trivial privacy implications. (I repeatedly contacted Facebook explaining why I think this is a problem, but they haven't responded.) I'm not talking about the ability to find the account associated with a particular phone number — I think relatively few people have a legitimate need to send text messages from a truly anonymous phone number, and if they do, it's their own fault if they're dumb enough to put that number on their Facebook profile. And it wouldn't be a practical way to unmask the phone number associated with a particular account, either — even if you knew the person's area code, and narrowed down the list of possible exchange numbers following the area code, you'd still have to try tens of thousands of possibilities.

Rather, the problem is that you could use this technique to build up a database of phone numbers and associated accounts without targeting any specific phone number or account. Not only would you know the names associated with each of the numbers, you could associate the phone number with anything else that was discoverable from the person's Facebook profile &mdash which usually includes their location, their interests, and the names of their other friends. (By default, all such information is visible on your Facebook profile — even to users who aren't your Facebook friends and have no friends in common with you — but your contact information is supposed to be hidden from other users unless you've confirmed them as friends.)

An attacker could do this with email addresses too, of course, if they had a long list of email addresses known to be valid, by searching to see which ones were associated with Facebook accounts. Or they could supplement it with a list of automatically generated email addresses like john001@hotmail.com, john002@hotmail.com, similar to what spammers use in a dictionary harvest attack, and hope that some of those would map to valid accounts as well. The difference is that because the space of possible email addresses is effectively infinite, and because many people use email addresses on Facebook that aren't on any publicly circulating databases, an email search would probably not hit more than a small portion of Facebook accounts that were searchable by email address. On the other hand, since the space of possible phone numbers is finite, with enough patience you could uncover every Facebook account that had an associated phone number. As my short experiment above showed (13 out of 100 random numbers mapping to accounts), you could start building up a list of valid hits pretty quickly.

Similarly, it's already trivially possible for an attacker to build up a long list of other users' Facebook accounts - start with one person's account, go through their friends list, then visit the profile of each of those users and index their friends list, etc., like a search engine recursively spidering the Web. However, you'd be left with a large list of Facebook accounts but no way to contact them — you wouldn't have their email addresses or phone numbers, and if you send a message to a non-friend on Facebook, it goes into a subfolder of their Inbox marked "Other", which most users never check. The phone number dictionary attack described above, is the only loophole I can think of that lets you harvest a large list of Facebook users and a means to contact them in a way that they will actually see.

What could somebody do with such a database? Well, even if you only had a small list of a few thousand people, you could try spamming or scamming the numbers via text message. SMS scams are nothing new, of course, but they would probably be more effective if supplemented with the details you could get from a person's Facebook profile. (For straight-up spam, you can target it based on the interests listed in a person's profile. For scams, remember that you can use names taken from a person's friends list: "Hi, this is Jessica Smith. I have to pay off a parking ticket online or my car will get towed; can I borrow your credit card number and then I'll pay you tomorrow?")

Or if you spidered so many accounts that you built up a database which included a significant portion of all Facebook users with phone numbers on their profile, you could even launch your own publicly searchable website, splattered with grey-market pop-up advertisements: "Look up any Facebook user's phone number! If they've got their number on their Facebook profile, we have it here!" (While this would certainly raise awareness of the problem, I think it's more likely that the data harvester would decide they could make more money trading the data on the black market.)

I haven't seen this issue raised anywhere else, but lest you accuse me of "giving the bad guys ideas", I do think it's sufficiently obvious that some people on the dark side have probably discovered it, or would have, even if I hadn't brought it up. And even if any of these outcomes is unlikely, it would only have to be done once, to put the users' data permanently in the hands of the attackers, with Facebook unable to put the cat back into the bag. (Although they could at least rectify the problem for new users going forward.)

Balanced against this, what is the upside of being able to search for someone's profile on Facebook using their phone number? In my Facebook-using days, I never did it, since it was always easier to find someone using their email address, or by searching for their name, or by finding them in the friends list of one of our mutual friends. But even in a case where all you had was the person's phone number, is it too much to text them and ask for their first and last name, or their email address, so you can add them on Facebook?

Although Facebook did not respond to my inquiries, it's true that the existing behavior doesn't technically look like a violation of their Privacy Policy ("To make it easier for your friends to find you, we allow anyone with your contact information (such as email address or telephone number) to find you through the Facebook search bar..."). And I verified with a new test account that by default, in your privacy settings, under "How You Connect", the setting "Who can look you up using the email address or phone number you provided?" is set to "Everyone." The problem is that this setting casually lumps the two together, and users — as well as Facebook itself — might not realize that the implications of being findable by your phone number, are different from being findable by your email address.

Facebook should probably just go ahead and block searches by phone number — or, at least, make you fill out a CAPTCHA every time you do a phone number search, to make it harder to harvest them in bulk. There's no way to know if scammers are trying this already, but at least we can prevent it going forward. That would require a small edit to Facebook's privacy policy, but luckily for them, they can now do that without even calling a vote.

- - - - - - - - - - - - - - - - - - - - - - - - - - Do you have a feature idea for Slashdot? Contact us at feedback@slashdot.org, and give us a heads-up!

SMS Spam

[krakass]

Amazingly I got spam, I'm assuming because of this, just 5 minutes ago. Saying my profile picture is cute and they want to chat on yahoo messenger. Except for that fact that my picture is the retarded kid from the Stargate movie.

Re:SMS Spam

[Frosty+Piss]

Except for that fact that my picture is the retarded kid from the Stargate movie.

Listen, you insensitive clod, "retarded" kids need sex, too.

Re:SMS Spam

They need it, but they shouldn't have it.

#DontPayItForward

Re:SMS Spam

They need it, but they shouldn't have it.

It's a "Humand Rights Issue", and you are aware that not only do they make things called condoms? But you can also have your "retarded" kids spayed and neutered according to Bob Barker.

Re:SMS Spam

[davester666]

It's OK. He did not say that the picture was not of himself [as both could be true].

Hell, the use of 'retarded' makes it likely to be true.

funny how everyone 'wants' your phone #

[TheGratefulNet]

last time I went for a haircut, the first thing they asked me was my name. fine, they can call me when the next haircutter is open.

then they wanted my phone #. really? for a date, maybe? ;) (some of they are definitely cute).

no, they want to collect data and sell it. how absurd.

of course I declined. if you don't need it, you don't get it. and they most certainly don't need it.

reminds me of a rental app I was once asked to fill in. it had the usual ss#, date of birth, full name - but they also asked mothers maiden name. now, I realize that with some work, you can get that from public records, but you have to work for it and its still partially a password of sorts that banks use to verify your ID when you call on the phone (or lost your password for online). a housing rental that wanted pretty much all the info that the bank would ask me to verify my id. yeah, sure, I'll just give you that (not!). when I called the realtor on this, he simply said 'good luck in your search'. basically, he knew he was asking more than he had a right to and simply avoided admitting it.

watch what you give out, people. think about every bit of info and if they don't need it, don't give it to them.

Re:funny how everyone 'wants' your phone #

[bferrell]

I'd think actually the number collection is so that the next time you go in, they can put your phone number in and ID you... "Do you have a discount card? Do you have it with you?? No, can I get your phone number? There you are!"

Most small shops don't (yet) have the smarts/connections to sell customer data. But the potential IS there, yes.

Re:funny how everyone 'wants' your phone #

I heard a story about a guy who collected the numbers from all telemarketers and used those numbers online whenever prompted for a phone number. Wish I could remember where I saw it.

Re:funny how everyone 'wants' your phone #

[geekymachoman]

They don't want only your phone number, they want everything personal about you. And step by step, they're getting it.

Facebook offered like 2 euros or something in facebook credits if you entered your phone number. Youtube is forcing a channel name change to your real name or something like that, and when you decline they ask you why.. and in "reasons" offered, you can't choose "because of privacy" or whatever. They are pretending that giving your phone number/real name is a normal thing to do. And eventually they gonna brainwash people into thinking it is a normal thing to do, so everybody will do it without thinking twice.

When you see the current trend, you can extrapolate what the future will look like. Don't need to be bloody Einstein for it.

Re:funny how everyone 'wants' your phone #

[Jason+Levine]

its still partially a password of sorts that banks use to verify your ID when you call on the phone

Not always. My identity was stolen once. The thieves opened a credit card in my name using my address, SSN, and DOB. They got my mother's maiden name wrong. (Wasn't even close.) It didn't raise a single red flag to stop the transaction. Neither did them changing the address immediately and asking for rush delivery of the card or trying to get a $5,000 cash advance before the card even was activated.

So banks might *say* they're using Mother's Maiden Name to verify identity, but not all banks (*cough*Capital One*cough*) do.

Re:funny how everyone 'wants' your phone #

[alen]

for rentals they need it for a credit check

and i have rented a summer house one time for a week where they performed a complete background check on you including a criminal record search

Re:funny how everyone 'wants' your phone #

I know a few people who do that. The best is 2 friends of mine, one of whom got the head of Romney's campaign in my state and the other who got the head of Obama's campaign in my state. They then proceeded to give each campaign the other's number by saying something like "Oh, we broke up he is at this number instead." I always imagined that each of the campaigns got sick of the other's robocalls and they learned to reduce their own but I think everyone knows better than that. Especially since I went from getting 15 calls a day to zero for the whole following week once election day came and went.

Re:funny how everyone 'wants' your phone #

[Applekid]

Not only that, since it will be the new normal, you will be strange for not wanting to give up that data.

Re:funny how everyone 'wants' your phone #

my cable company wants more information from me when I call in than my bank does. sort of sad really

Re:funny how everyone 'wants' your phone #

Or they want to be able to call you when your stylist has to cancel the appointment. Don't be so paranoid.

Re:funny how everyone 'wants' your phone #

[I+Mean,+What]

GameStop does this. They don't even bother asking if I have one of their rewards cards to swipe to identify me. Having my phone number on file with GameStop has two advantages for me. When I had preordered games in one state and moved to another, they were able to transfer the preorder from my old location by using my phone number as a unique identifier. They also use my phone number to text me when games I've preordered have arrived. I love video games, but not enough to mentally keep track of their release dates.

On the flip side, I would be extremely pissed off to find out they sold my number to a robocaller. When Facebook started asking for my phone number I said fuck off. They couldn't hear me because I said it to the screen and clicked the No Thanks button or w/e. But I said it again when I had my FB account perma-deleted. Fuck Facebook. Fuck them running til they limp. GameStop is a legit business (insert chuckles here), Facebook is some douchebag Harvard dropout mercenary data miner with no respect for anyone. Zuck You, Fuckerberg.

Re:funny how everyone 'wants' your phone #

[Anderu67]

Why is Mother's Maiden Name still a "valid" identity check? What about single mothers? What about people with spanish names (mother does not change name and kids get both tacked on)? Etc etc...

Re:funny how everyone 'wants' your phone #

[istartedi]

They want a number. There's nothing that says it has to be yours. 867-5309. Jenny, is that you?

Re:funny how everyone 'wants' your phone #

[Spamalope]

I told Facebook to FO when they asked for my number too.

Facebook took my number from a friend's mobile phone's contact list and added it to my profile two weeks later. I never gave it to them. They can die in a fire.

Re:funny how everyone 'wants' your phone #

[History's+Coming+To]

It's similar to the idea of a spamerang - whenever you receive spam you add the sending address to a big, open, online list. The idea being that eventually the vast majority of spam is sent to other spammers. Yes, I realise there's 101 problems with this (hence spam is still around) but anything that converts a feeling of mild impotent rage into a feeling of vengeful satisfaction is a good thing in my book.

Re:funny how everyone 'wants' your phone #

[Registered+Coward+v2]

last time I went for a haircut, the first thing they asked me was my name. fine, they can call me when the next haircutter is open.

then they wanted my phone #. really? for a date, maybe? ;) (some of they are definitely cute).

reminds me of a rental app I was once asked to fill in. it had the usual ss#, date of birth, full name - but they also asked mothers maiden name. now, I realize that with some work, you can get that from public records, but you have to work for it and its still partially a password of sorts that banks use to verify your ID when you call on the phone (or lost your password for online). a housing rental that wanted pretty much all the info that the bank would ask me to verify my id. yeah, sure, I'll just give you that (not!). when I called the realtor on this, he simply said 'good luck in your search'. basically, he knew he was asking more than he had a right to and simply avoided admitting it.

watch what you give out, people. think about every bit of info and if they don't need it, don't give it to them.

Why do people assume you have to give everyone real info? They have no way of knowing what your mother's maidan name and simply picking something you can remember such as some random street name you like. Unless you pick something truly bizzare, like West 52nd or Avenue of the Americas, Lindy or Ruby should be fine. Oddly enough, the only person I know who has had an issue is because her maiden name only has a few consonants (thanks to the immigration guy at Ellis Island when her grandfather emigrated) and gets questioned when she gives her name. I've done that, along with giving a long defunct corporate phone number and never had an issue; in fact 555-1212 with a random area code works fine for affinity cards.

Re:funny how everyone 'wants' your phone #

[Safety+Cap]

I told Facebook to FO when they asked for my number too.

The better way to deal with such data-harvesting schemes is to fill it with plausible but junk data.

That serves two purposes:

1. You don't stand out as a "problem"
2. Finding and correcting said junk data becomes an impossible task if enough people do it.

So in the case of Facebook asking for your phone number, use the correct (or neighboring) area code and make up the other digits. Don't use 555-xxxx or Jenny's number as those are too easy to spot.

Of course, if you use two-factor authentication (which is a good idea to thwart the majority of crooks who happen to be unskilled/stupid), you'll have to provide your real number, or a working proxy.

Re:funny how everyone 'wants' your phone #

[History's+Coming+To]

YouTube keep pestering me to enter my real name too (I suspect as part of integration into G+), but they've always offered "I don't want to, or can't, use my real name". If they force the issue they'll get a deleted account instead of my name, however.

Re:funny how everyone 'wants' your phone #

[QuietLagoon]

I'd think actually the number collection is so that the next time you go in, they can put your phone number in and ID you... "Do you have a discount card? Do you have it with you?? No, can I get your phone number? There you are!"

Most small shops don't (yet) have the smarts/connections to sell customer data. But the potential IS there, yes.

If they are big enough to have a customer card, then they have the smarts/connections to sell customer data. Indeed, the customer card service is probably run for them by a data collection company.

.

Re:funny how everyone 'wants' your phone #

reminds me of a rental app I was once asked to fill in. it had the usual ss#, date of birth, full name - but they also asked mothers maiden name.

So just lie. They don't have the ability to verify it easily, and they don't need that information.

I find it's much easier to lie when someone wants all sorts of information about me that they don't need to have. Plus you get the satisfaction of messing up their marketing database.

I remember once a company kept asking for my annual income, but had no legitimate reason to know that. I eventually made up a large number ($150,000) to shut them up.

A few weeks later I started to get promotions from a local bank, including a large free gift for opening an account. I opened the account, got the free gift, then closed the account a month later.

Re:funny how everyone 'wants' your phone #

then they wanted my phone #. really?

When I go to get a haircut, I text them to tell them I'm coming. I go get a coffee and hang out in the area. When they are almost ready for me, they text me to come in.

Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! This applies to phone numbers as well.

Re:funny how everyone 'wants' your phone #

[MMC+Monster]

Phone number is how SuperCuts (the hair cutting chain in my part of the woods) identifies people. They ask for my number and first name (I guess to differentiate me from my son). With that, they know my preference in cut and stuff like that.

Not a particularly bad idea, since you need some sort of semi-unique identification if you want to have persistent records.

Re:funny how everyone 'wants' your phone #

[Cwix]

No actually they are using it as a key (along with your name) in their database. They make notes on how you like your hair cut, so the next time you show up any of they stylists can have an idea of how you like it.

They need a better key.

Re:funny how everyone 'wants' your phone #

[icebike]

GameStop does this.

That's totally different because you are asking for a service in the distant future, and maybe renting games from them.

But sitting in a barber shop? Ridiculous. What next? Burger King? The soda machine at the end of the hall, The barista babe at the Latte shop? Well, ok, maybe her.

Re:funny how everyone 'wants' your phone #

[icebike]

I told Facebook to FO when they asked for my number too.

Facebook took my number from a friend's mobile phone's contact list and added it to my profile two weeks later. I never gave it to them. They can die in a fire.

Exactly.

Even those of us who have NO Facebook account at all can still be found on Facebook because so many people sync their phone contacts with Facebook, and unlike Google's address book, Facebook leaks theirs.

Re:funny how everyone 'wants' your phone #

Maiden name is the name at birth. That doesn't change in any of your examples.

Re:funny how everyone 'wants' your phone #

FAIL:

Finding and correcting said junk data becomes an impossible task if enough people do it.

What percentage of social media users enter junk data?

Re:funny how everyone 'wants' your phone #

[Charliemopps]

I refuse any request they make for data. Radioshack, for example, wont stop until you say No. I saw a guy in front of me give them his name, address, phone number, zipcode, I was astonished. Then I get up there and they ask for my name, I say no... they looked confused... then asked for my phone number... I said no... then he started to tell me he couldn't even check me out without a phone number! I told him "I guess I'm not shopping here then" at which point the manager of the store practically jumped the counter and told the checkout clerk to just use the stores number. Common sense prevails for once.

What's really funny about this whole thing is that they looked at me like I were crazy. As if I were doing something strange by not wanting to give complete strangers all of my personal info just to buy a 35 cent bulb for my flashlight. The scary part isn't that they ask for this info, or that people give it. The scary part is that they look at you like you're crazy when you refuse to give it. Society this this level of intrusion into your personal life is not only normal, but expected, and you're out of whack if you don't want to supply it.

Re:funny how everyone 'wants' your phone #

And you can be found through electoral roll data, phone book data, customer databases, and countless other databases. Horse. Bolted. New World.

Re:funny how everyone 'wants' your phone #

[murphtall]

My haircutter uses my phone number as an account number and there's notes in there so if she isn't in the cutter who is in can access the notes and give me a haircut without needing too much input from me. I guess I could have made up a random phone number. In 2 years I haven't gotten one spam. It's a major crappy national chain too. If they were selling it shouldn't I get random calls?

Re:funny how everyone 'wants' your phone #

[Colonel+Korn]

FAIL:

Finding and correcting said junk data becomes an impossible task if enough people do it.

What percentage of social media users enter junk data?

75%? 85%?

Re:funny how everyone 'wants' your phone #

[NatasRevol]

Like what, your SSN?
Yet another card to keep?
Or something that you and your kids already have memorized?

Re:funny how everyone 'wants' your phone #

[tboulan]

I've been getting a lot more requests from merchants for a phone number. But I've also noticed that when I politely say "no thank you", the clerks are happy to hear that. Not having to type your phone number in makes their life just a little easier.

Re:funny how everyone 'wants' your phone #

next time pay more than eight bucks and skip the budget strip mall chain... go to a real, ol' ladies hair salon or old-school barber whatever your preference. the former will ask for your name and number for your appointment that will get written in a book, the latter's most recent venture into technology will be the 1977 acquisition of an am/fm radio.

Re:funny how everyone 'wants' your phone #

[idontgno]

The sending address? The spoofed sending address which is either (A) one of the other spam victims, or (B) a joe-job designed to slander and inconvenience someone the spammer has conceived a grudge against?

I guess hilarity will ensue when you receive a spam you sent yourself, according to the sending address you naively trust.

Re:funny how everyone 'wants' your phone #

You really have no idea how normal people live, do you?

Re:funny how everyone 'wants' your phone #

[Culture20]

Not only that, since it will be the new normal, you will be strange for not wanting to give up that data.

We nerds have been strange before. We can hack* it.
*tough it out

Re:funny how everyone 'wants' your phone #

I've started noticing that anyone who values their privacy is being targeted for ridicule for being a "privacy nut" -- be forewarned that ridicule is the next phase for transforming data collection into a social norm.

Re:funny how everyone 'wants' your phone #

[leenks]

You do realise that most spam is sent from legitimate email addresses, right? Ie they use an address from the list they are sending spam to as the sender.

Schemes like this just fuel spam, not reduce it.

Re:funny how everyone 'wants' your phone #

[Sechr+Nibw]

That's true, but if your mom was a single mom, you most likely got her last name as your own, so it wouldn't be unique. Likewise, if your last name is Dad'sLastName-Mom'sLastName (or vice versa, or whatever), then your mom's maiden name is still a piece of your last name, so still not completely unique. This makes either case a bad identity verification tool.

Re:funny how everyone 'wants' your phone #

Don't hold your breath neck-beard. No female wants your number.

Re:funny how everyone 'wants' your phone #

[kilfarsnar]

Facebook took my number from a friend's mobile phone's contact list and added it to my profile two weeks later. I never gave it to them. They can die in a fire.

Yeah, see, that's why I don't Facebook. Right there.

Re:funny how everyone 'wants' your phone #

[History's+Coming+To]

(Also in reply to idontgno) - yes, that's one of the 101 things that are wrong with it, as I pointed out. 100 to go...

Re:funny how everyone 'wants' your phone #

[cdrudge]

Radioshack, for example, wont stop until you say No. I saw a guy in front of me give them his name, address, phone number, zipcode, I was astonished.

RadioShack for years asked for that information to add you to their mailing list for circulars. Just saying no thanks always quickly moved the transaction on. I haven't been asked that at a RadioShack for years though. The only time I hear someone giving that information is if they are activating a phone or some other type of contract-based purchase.

Re:funny how everyone 'wants' your phone #

I had thought the barber shop did this in order to track barber/customer pairings and/or preferred cut. i.e. you came in 2 months ago and got haircut X from Jimmy. They can then say "Do you want to wait for Jimmy again?" and Jimmy can ask "Do you want the same thing you got last time?" For someone like me who gets a buzz each time, that doesn't make much of a difference, but someone who gets a more elaborate trim might appreciate it.

Re:funny how everyone 'wants' your phone #

Another feature of this is that it helps track how often people come in, so if they can get an address from the phone number, they could target those who are just about due or overdue for a haircut for a flier (not sure on whether that's more or less effective than un-targeted ads, but would be an option).

Re:funny how everyone 'wants' your phone #

[icebike]

Beauty shops might work that way, but barbers (at least since the 60 were over) can just look at you and take it back to what it was, unless you let it go so long they can't even guess.

Re:funny how everyone 'wants' your phone #

You can get a free SIM card and a five buck phone and use that exclusively for two factor (just leave it in a drawer at home) where you don't want to give your real number out. I don't care too much about two factor stuff, ultimately I value getting my emails abroad over Google having my phone number.

Re:funny how everyone 'wants' your phone #

[beckett]

I'd think actually the number collection is so that the next time you go in, they can put your phone number in and ID you... "Do you have a discount card? Do you have it with you?? No, can I get your phone number? There you are!"

Most small shops don't (yet) have the smarts/connections to sell customer data. But the potential IS there, yes.

That may be one reason, but it isn't the only reason. the fact is, an extensive phone list linked to a specific demographic (e.g. hair care, female, city district) is worth money to the right person.

if they are giving you a 10% discount or raffling for a car in the mall, remember the information they're asking for is worth more to them than the discount out the till or the new car. Ask someone who works as a dataminer if they have any frequent flyer cards, supermarket loyalty cards, or petrol cards in their wallets.

These shops don't even have to be willing to sell the information: in 2005, a firefighter from Tukwilla, WA was charged with attempted arson, based on a police investigation that revolved around his Safeway Club Card purchase history

Re:funny how everyone 'wants' your phone #

[Raenex]

yes, that's one of the 101 things that are wrong with it, as I pointed out.

In other words, you are part of the problem, but you still endorse this as "but anything that converts a feeling of mild impotent rage into a feeling of vengeful satisfaction is a good thing in my book"?

Or maybe you'd like to rescind your endorsement?

Re:funny how everyone 'wants' your phone #

[greg1104]

I like (650) 543-4800. That is of course Facebook's customer service number.

Re:funny how everyone 'wants' your phone #

[Macgrrl]

Since Christmas, the number of SPAMs I receive that appear to have come from one of my own addresses has out of no where skyrocketed. And because it comes form one of my valid addresses, it slips through the spam filter and gets auto filed in my 'sent from me' folder.

Re:funny how everyone 'wants' your phone #

[mjwx]

Why do people assume you have to give everyone real info?

We dont assume they have to. We assume they're dumb enough to.

My bank is eliminating the "secret question" method of authentication because its exploited far too much by fraudsters. Things "Mothers maiden name", "Town you were born in" and "name of first pet" is acquired using a half arsed phishing expedition. They are going with One Time Passcodes sent by SMS but there a re a small minority of users complaining to high hell about "having" to use SMS.

Point in short, people are dumb and lazy. They wont even use a password if you dont force them. Assuming they will answer "what is your mothers maiden name" correctly is a good assumption, finding this info is trivial in the age of Facebook and LinkedIn.

Re:funny how everyone 'wants' your phone #

[History's+Coming+To]

I'll certainly say people shouldn't actually do it, but I stand by the "vengeful satisfaction from impotent rage" being a bonus.

Re:funny how everyone 'wants' your phone #

[DarkOx]

I have not bothered to look but I would hazard there are some COTS possibly even open source loyalty card solutions out there.

There are a number of small single locations restaurants around here I have loyalty cards with. These things are printed on perforated card sheets available at any office store, their name, logo, address and YOUR name on the front a simple bar code on the back; they read with a standard Symbol hand scanner on a usually self made looking stand at the register (which is actually a PC with cash drawer USB attachment).

Sure it might be all part of some cloud service but it could just as easily be some collection of python/ruby/vb/vbscript with a local instance of mysql/sqlite/access/SQLExpress behind it.

 

Re:funny how everyone 'wants' your phone #

[DarkOx]

use spf records, if an spf exists and the domain on the mail was not relayed by one of the listed mail servers, you can dump it. This should solve the sent from me problem.

Re:funny how everyone 'wants' your phone #

[DarkOx]

Single mothers still have a maiden name, it just also happens to be their current name.

Re:funny how everyone 'wants' your phone #

[Raenex]

So you stand by a bonus premised on targeting innocent victims for revenge?

Re:funny how everyone 'wants' your phone #

So in the case of Facebook asking for your phone number, use the correct (or neighboring) area code and make up the other digits.

My local pizza pizza is my go to fake number.

Re:funny how everyone 'wants' your phone #

They are of course, violating *2* people's privacy at once (for each number). The Facebook user's, and their friend's.

Not that Zuckerberg or FB in general could give a shit.

Re:funny how everyone 'wants' your phone #

It's pretty dumb.

http://www.cockeyed.com/citizen/creditcard/application.shtml

Re:funny how everyone 'wants' your phone #

They used to pass out these 1000+ page books that had my name and # written in plain text (no encryption!). They gave them to everyone in everyone in my city. They even put my address, zip, code. In some cases if I was married and what my profession was.

We are pretending that this information is 'a secret'. It is not. For a couple hundred bucks I can get tons of information on anyone.

Re:funny how everyone 'wants' your phone #

[tattood]

What percentage of social media users enter junk data?

75%? 85%?

You are referring to /. or technical, or paranoid people in that number. Most non-tech people probably will happily enter their real phone number, hometown, high school, college, and anything else FB asks for so that all of their "friends" can find them easier.

Re:funny how everyone 'wants' your phone #

[StuartHankins]

Your particular place isn't selling it, good for them and good for you. Why in the world you need a haircut database is beyond me. Do you really have such complicated hair needs that you can't explain it in two sentences? Or are the hair cutters in your area so inexperienced that they can't look at your head when you walk in and narrow it down to a couple of options based on a projected prior style?

Nonsense. They're almost always selling your data. No one has needed databases for haircuts for thousands of years now. It's an invented need.

Re:funny how everyone 'wants' your phone #

[murphtall]

I find it convenient. I don't like small talk. I wanna give them my info have them see the notes, verify nothing different and I can nod to answer that and get back to sitting quietly and patiently as my hair gets cut. And yes I have a specific way I like my hair flat topped. Not military. A different blend from the zero to the top and a longer spike than most. It's taken me a good year to get this stuff figured out. I was a hair farmer for years and never had haircuts that wasn't "trim off a half inch of dead ends" and since I left my moms basement in the 80s, I like to get out and get some strange* now again again and it pays to look good and to be a "sharp dressed man" *and you young'ns may think two 21 year olds are better than a single 42 year old but ill take a single 42 year old sex starved last over three inexperienced 21 year olds that won't fellate for longer than20 minutes every time

Facebook being a bit lax with privacy....

[cant_get_a_good_nick]

The headline just writes itself sometimes.

The interesting mix, is that just a few stories down on the home page is the story about the Facebook VOIP app that only can call Facebook users that have phone numbers on their profiles. Sometimes it's obvious that Facebook is moving too fast to realize how their different systems interact.

Facebook isn't interested in your privacy ...

[gstoddart]

They want your information so they can sell it. They want as much as they can possibly get.

Do you think Facebook even try to protect your privacy? They write a feature which you might want, but which mostly benefits them.

And they've shown time and time again, they're not very good at even trying.

That fact that Zukerfucks sister got burned with privacy settings says they're deliberately obtuse.

Sure, Facebook could do all sorts of things to protect your privacy, but that's now how they get paid.

Re:Facebook isn't interested in your privacy ...

which is why apart from my name the other details on Facebook are false.

my "Friends" are people I actually know in real life BEFORE Facebook or are Family and every one else is blocked.

I do NOT play games, or "My birthday" requests etc etc and I have an ad blocker for facebook which makes it bearable

Facebook exists only by selling my information, so I make sure they have as little as possible to sell.

Re:Facebook isn't interested in your privacy ...

[fermion]

But who gives them that information? Is there really a reason to have a phone number anywhere on the web unless you want people to call you? I know that somethings on facebook are supposed to be private, or accessible only to select people, but we have seen in case case where that status was not protected or changes in the privacy statement made information public. This is not 2012. We don't really have the excuse to say that facebook, funded by advertisers, made my data public without my knowledge. We pretty much know that facebook is going to do this. It is like complaining that you gave a stranger $900 to buy an ipad and you never got it. Sure you were robbed, but not under threat of violence or even something that common sense should have told you not to do.

What might be interesting is why this problem of leaked phone numbers is not more widespread. To phrase it differently, why does google not recognize a phone number and perform some magic to make it link to a name. I would think because the traditionally extremely profitable and protective reverse lookup services have convinced them the ad revenue from said services would be more lucrative than any benefit the additional end user feature might provide. After all the phone book is public record, and given their agressive collection of personal information during their drive bys, they really care nothing about safety or privacy.

Re:Facebook isn't interested in your privacy ...

I would LOVE to see a buch of torrent files with lots of data from Facebook. Come on hackers! Break in! Steal!

Re:Facebook isn't interested in your privacy ...

[gstoddart]

But who gives them that information? Is there really a reason to have a phone number anywhere on the web unless you want people to call you?

Google regularly asks me to attach a mobile number in case I lose access to my account. Facebook occasionally tells me the same lie.

They ask for this kind of stuff all the time. I also routinely see the same stupid canned "security questions" with no option of filling in your own meaningful (and secure) questions -- and those standard questions are too easily gotten by someone else.

Re:Facebook isn't interested in your privacy ...

[I+Mean,+What]

When you post anything to or about your friends, anything at all, you're informing on them. The only winning move is not to play.

Apparently you can search for lots of things

[rudy_wayne]

Apparently you can search for lots of things on Facebook. For example:

http://media.gizmodo.co.uk/wp-content/uploads/2013/01/facebookgraphlols1.png

http://media.gizmodo.co.uk/wp-content/uploads/2013/01/facebooklols4.png

Re:Apparently you can search for lots of things

[Obfuscant]

Apparently you can search for lots of things on Facebook. For example:

Fearing the worst, I went to Facebook and tried searching for phone numbers. The first phone number I entered was from my own area code, made up prefix. It returned not one result, but a large number of results. People from Mexico, Indonesia, Greece, all over the world. Amazing, these people all have the same US phone number?

So I tried it with my own phone number. Again, a large number of hits, people from Mexico, Indonesia, Greece. Foreign countries like New Mexico, too. But I was not in the list. This is even more amazing. These people all have the same phone number I do, and I don't.

I think the fact that Facebook will find matches for phone numbers you enter into their search doesn't necessarily mean that those people have that phone number. Or that the number will accept SMS messages, spam or otherwise.

Why do people use Facebook?

It's a permanent source of amazement to me that people want to be in Facebook at all. What is that wonderful something that they are getting from it?

Problem already solved:

I have a phone firewall. You're in my phone book, or you won't get through. You only get in there through a personal meeting. End of story.

The phone books of the past....

[joocemann]

... screwed us over more than they helped genuine people find us... Oh wait. Nope. They were optional, like facebook, and mostly the people that called were worth answering for.

Don't use that on face book, or toss out the tin hat.

Re:The phone books of the past....

[joocemann]

Forgot to mention.

You're not as important as you think you are. Chances are good that your phone number is useless to people that don't already have it.

Re:The phone books of the past....

[Cro+Magnon]

The phone books of the past gave a name, address, and phone #. FB will give name, address, phone, blood type, school, job, gross pay, and your vacation plans.

Re:The phone books of the past....

You couldn't automate calling every number in the phone book. I agree with you that this is vastly overhyped, but digital storage can't be directly compared to paper storage.

Re:The phone books of the past....

[w_dragon]

The phonebook has been online for a very long time. whitepages.com

Re:The phone books of the past....

[Registered+Coward+v2]

You couldn't automate calling every number in the phone book. I agree with you that this is vastly overhyped, but digital storage can't be directly compared to paper storage.

You could also buy databases of all listed US numbers - I've used them in the past to help company's analyze business opportunities by identifying the number and types of businesses in various locations. When I did, it was trivially easy to dump the entire database into Excel or Access and build queries to return the needed information.

Re:The phone books of the past....

[GodfatherofSoul]

Oh really? That must explain the 5-10 robocalls I get every day.

Re:The phone books of the past....

screwed us over more than they helped genuine people find us... Oh wait. Nope. They were optional, like facebook

No, they weren't optional, "like facebook". It was opt out rather than opt in, and you had to PAY to opt out. However, what's different today is that local landline calls were free, and all incoming calls were free. With a cell phone, most plans costs you money if I call you, which is why giving out that number to just anybody is bad.

Re:The phone books of the past....

[joocemann]

www.donotcall.gov It actually works. Enjoy.

Re:The phone books of the past....

[joocemann]

When I registered for a phone number back in the 90s, you had to pay like $2 to be in the phone book. I paid, of course, because that was how people would find me.

Re:The phone books of the past....

[joocemann]

For facebook to share that, you had to share that. And they told you they would. Is there something you're missing here other than wanting free cake and to eat it however you like?

This sounds more like a personal issue than anything you could blame others for.

Re:The phone books of the past....

[GodfatherofSoul]

You know how I know it doesn't? I'm on it.

Re:The phone books of the past....

[sdnoob]

the difference between the phone companies' directories and facebook is that when you tell the phone company you want an unpublished listing... they oblige, as required by law.. facebook, on the other hand, will just fuck around with default privacy settings until your data is public.

Re:The phone books of the past....

For facebook to share that, you had to share that.

Nonsense. If one of your "friends" posts info about you then that info is now tied to your account's harvestable data.

Re:The phone books of the past....

[thegarbz]

Err if anything Facebook is Opt-In. The phonebook was Opt-Out.

Thanks but I'll take facebook's approach.

Re:The phone books of the past....

[thegarbz]

Funny. In our country it was the opposite. You had to pay a fee to get an unlisted number.

Re:The phone books of the past....

While I mostly agree, just this week there was a special on TV about a furnace cleaning operation abusing the Canadian Do Not Call list. The call centers turned out to be based in Pakistan and knew all about the DNC system. They masked their caller number to protect their actual location, coached operators to never disclose their true location, on and on it went.

The CRTC, Industry Canada and the RCMP all claimed it was impossible to trace the origin of the calls. An investigative TV show not only did so but captured video footage of call center managers explicitly coaching staff. "Don't worry, they don't know anything, they have no way of finding us..." The most interesting bit was that they had to spend a lot of time assuring the call operators not to fear threats, anger, negative feedback and all the rest.

http://www.cbc.ca/news/canada/story/2013/01/10/marketplace-offshore-telemarketers.html

Pretty sleazy.

Re:The phone books of the past....

So turn in the robocallers and profit?

Re:The phone books of the past....

[Obfuscant]

www.donotcall.gov It actually works. Enjoy.

Why would an outfit that is calling to steal your credit card data bother respecting a trivial law like the DNC list?

I had the guy on one of the ceaseless "credit service" calls actually tell me that I could trust him with my credit card info because it was illegal for him to abuse that data and he'd go to jail. I almost had a stroke I was laughing so hard.

Re:The phone books of the past....

[joocemann]

You have to approve it or it isn't added to your account.

Re:The phone books of the past....

Opt-in/out based on either using the site or not. Once you're signed-up, you're opted-in with Facebook, regardless of your settings with the site. They have proven, time and again, their willingness to modify default settings that results in more shared data and less privacy.

Hell, once a FRIEND or acquaintance of yours signs up for Facebook, you can be involuntarily, and unknowingly, be "opted-in" to Facebook by inclusion in contacts lists, photo tags, even simply a mention on a wall post. Facebook has and continues to update profiles on millions upon millions of NON MEMBERS. Did THEY opt in? Fuck no.

Re:The phone books of the past....

Not true. If your friend adds your contact information or tags you in a post, you can't remove that data.

You are so forceful with your opinion, do you work for Facebook or something? Your responses make me want to go out of my way to educate some people about Facebook's data harvesting. So you've accomplished the opposite of what you wanted, asshole.

Re:The phone books of the past....

Not always. Had a friend who put in an unlisted office line at home. Just an employee, not an officer or owner of the company. Company went out of business in the post-.com post 9/11 crash. Creditors started calling/mailing/showing up at her door. Turns out the "unlisted" attribute somehow got removed after the first year or two.

My number is [local area code]-382-5968

See if you can figure out what that spells, dipshit.

similar too.....

[wbr1]

Associating your phone number with a public cesspit like Facebook akin to writing it on the stalls at every sleazy game station, adult store and strip club next to the words "for a good time call...."

Re:similar too.....

[Applekid]

Except with bathroom stall numbers, the odds are greater that the call will be for a good time instead of how I can refinance my left nut for fast ca$$$$h

Re:similar too.....

[The_Star_Child]

Those calling bathroom stall numbers will undoubtedly "refinance" your left nut.

oh no!

[trevc]

I heard that there is a book circulating with EVERYBODY's name, address and phone numbers in it!!!!!

Re:oh no!

[SilverJets]

Where I live phone books only list landlines and the name and address tied to that land line.

A lot of people are going cell phone only. One of the benefits being you have a private number without having to pay the phone company extortion money to keep your name, number and address out of their phone book.

Worst privacy violation since the phone book

OMG the SKY IS FALLING - whitepages.com

2013: Still using Facebook

Why are you people still even on Failbook in the first place? Are you really such sheep that you just have to be there "because everyone else is"? If everyone else jumped off a cliff would you follow them to your death? Don't be a Lemming.

o Facebook does NOT have your best interests at heart. You're just a "product" that it sells to advertisers.
o "I have nothing to hide" is a bullshit reason to post your whole life on the Internet. You really think the government and corporations aren't mining that data to predict -- and ultimately control -- your life? Wise up.

o "I want to stay connected to people". Here's a radical idea: How about you actually see people in person and interact and "connect" with them that way? This is what you people don't seem to get: The Internet does NOT "connect" anything except computers; your "friends" on Facebook are not your "friends" unless you actually SEE them and TALK TO THEM in person on at least a semi-regular basis. Failbook "friends" may as well be machine intelligence pretending to be people for all you know. Words on a page do not constitute a relationship!

You and everyone you know who says it is wrong: Your privacy is worth something, and it is real. Don't give it away to some fucking corporation, don't give it away to ANY government for ANY reason. The Internet is not your "friends"; it is just HARDWARE. Meet with real, live people; spend time with them, TALK to them, KNOW them, not just words on a page.

Re:2013: Still using Facebook

[Jmc23]

Tell me, what is privacy worth? The only helpful thing I've seen privacy do is to emotionally protect people who are ashamed of their actions. Oh sure, you can rant about some paranoid delusions you have, and OMG corps might find out my buying habits and try and give me discounts on stuff I buy! Basically privacy (in civilized societies) just protects the emotionally weak, the mentally weak paranoids, and every single criminal

Here's a radical revelation for you, not all of a person's friends are always within a geographically close location. What's wrong with using a medium to keep in contact with them? You're right, the internet is a TOOL, and what's wrong with using it as such? A hammer can bash in your skull or hammer a nail, how you use a tool is up to you.

Re:2013: Still using Facebook

[lannocc]

Why are you people still even on Failbook in the first place?

Okay, I'll bite. It's just another medium for me to publicize who I am and what I'm all about. My profile has been public (as much as it can be; you may still have to log in) for years now, by choice. Now, I am a developer so I could easily roll out any of my own website solutions for a public online presence (and have in the past), but really the existing platforms like Facebook are simply (a) easier and (b) more connected. I don't have private discussions on Facebook. I want people to be able to find as much about me as they can.

True, not everyone is interested in publicizing pieces of their lives. Facebook is not to be used by anyone wishing to remain anonymous or to privately share details with select individuals. For that, there are more direct means of communication available. But, treat Facebook for what it is (a mostly public blog-type presence) and you can find utility in the service.

Re:2013: Still using Facebook

[markass530]

this is 2013, everyone doesn't live in the same village There's different states, countries & Continents. . What you describe is often not possible

Re:2013: Still using Facebook

Tell me, what is privacy worth?

Who says you or anyone else gets to decide what someone's privacy is worth? Who says you or anyone else gets to decide what parts of someone's life are deserving of privacy? From the language of your comment you sound like an arrogant asshole to me, someone I'd definintely NOT recommend being allowed to decide anything for anyone else.

Oh, and since you seem to think that "privacy only protects people ashamed of their actions", how about you post your complete financial records for the last 10 years or so, and install cameras and microphones in your house, all Internet accessible, so we can all view the glorious example of clean, moral living you must obviously represent. Be sure to make the camera in your bedroom one with night vision, so we can watch you fuck your wife (missionary position only, I'm sure, and only for procreation purposes).

What an asshole.

Re:2013: Still using Facebook

See, here's the thing: You and I and many of us are fully cognizant of all this. But many many more people are NOT cognizant of it, and they're being taken advantage of, and while I'm nobody's hero, I do object to that. It falls to those of us who are aware of what's going on, to a certain extent anyways, to protect the interests of everyone else by pointing out that Not Everything Is OK.

Re:2013: Still using Facebook

[romons]

I should take advice from an anonymous coward who yells at me?

I seriously don't care what Facebook knows about me. The more they know, the less I have to see ads for feminine hygiene products and other productsI'm not interested in. That is the most annoying thing about broadcast media these days, their inability to determine which ads might actually interest me, and their attempt to overcome that by plastering 15 ads between segments. Facebook and their buddies are fixing that, and I'm grateful. Even the NYTimes page has directed ads these days, which makes it somewhat less annoying to read. I typically see ads for things that I've shown interest in at some point.

I suppose you'll say I'm more likely to get some asshole trying to pick my pocket through the internet, but having somebody know my phone number isn't going to let that happen. My phone number is listed, anybody can look it up already.

Most dogs will be happy

[G3ckoG33k]

Possibly, many dogs will be happy as will their Slashdot counterparts.

However, this does not equate the general public as a whole, who will be pissed off.

Profanities aren't for sissies.

I see stupid people...

[waddgodd]

EVERY SINGLE TIME I see a privacy breach issue, I see howls of "oh my god, how DARE they". It's easy, YOU LET THEM. You gave them a real phone number to snarf, you told them your real name, you gave them your freaking address and allowed them to turn on location tracking. You don't want people getting your information, DON'T GIVE IT OUT. Or if you do, LIE. Here's a great address to use as code for "none of your damn business": 1060 West Addison Street Chicago, IL 60613 (it's Wrigley Field, made famous as the fake address Elwood registered his car at in Blues Brothers). There's other addresses just as easily translated to "go away", such as 1600 Pennsylvania, Washington, DC. For phone numbers, here's a start: [insert your area code]-555-1212, long distance information. At one point, it was estimated that Elvis was added to any given user base within 72 hours of its opening to the public, I can't verify that anymore, my google-fu is too weak, but it sounds about right.

Re:I see stupid people...

[waddgodd]

Well, I was going to wait for your karma to catch up with you, your reply really should be -1; flamebait, but clearly that isn't happening, so you'll get the response you deserve. Congratulations on selling your privacy cheap, I'm sure that the rest of the world appreciates you for it. What's the old saying, "if you didn't pay for it, YOU are the product", and you have clearly given them a lot of product to work with, and for that I thank you, as it makes the system work. People like me, who sell their privacy dear, don't get very far without the suck^Wusers that make the "you are the product" a net positive transaction for the Zuckermans of the world, as in they can provide whatever sops of value they allow us all because they're making substantially more from all the free information you're giving them. As for your armchair analysis of my past lives, good on you for giving more of a fuck about my past lives than I do, I hope it serves you well.

Re:I see stupid people...

[leenks]

I spend more time checking my GMail spam folder for false positives than I do reading legitimate mail (300-400 spams a day, maybe 15-20 false positives). Even mails I have explicit filters for the great Google machine decides are spam.

Re:I see stupid people...

[Jmc23]

What are they going to do with my information? Offer me deals on things I'm interested in? I would actually greatly appreciate that. Why should it bother me if they make money as well?

So tell me, why do you hold your privacy so dear? I strongly believe that 'do as I say, not as I do' is what is seriously wrong with our world. I hold myself to the same standards as I hold everybody else. Actions speak louder than words and the only way to really lead is by example. I believe in openess in all things, because if you've lived for any amount of time in human society you quickly realize that misunderstandings arise from lack of information because people keep things to themselves. These people don't seem to realize that we are all humans, all going through comparable situations, and sharing ourselves is the quickest path to growth. What's really funny about paranoid people, and humans in general, is that we always expect others to do as we would.

Re:I see stupid people...

[Jmc23]

It's funny when people mod you as flamebait for telling a truth about yourself.

Re:I see stupid people...

[rueger]

I'll second that. Although I've pretty much stripped FB of any real info, my contact info is, and has been, on-line for years, and I really don't see enough spam to care, and thus far don't seem to have had my identity stolen.

(Pause while some guy jumps up to tell his tale of woe when he lost house, job, car, girl, and hamster to an Internet fraudster... yeah, yeah it happens...)

Just today CBC Radio was in a dither warning people about the dangers of Internet dating sites because some twit handed over $200,000 to some guy who claimed to be in love with her. Guess what? Crooked lovers have been taking advantage of well heeled women for generations - long before AT&F&C1&D2 was invented. Fraud has always been with us, and always will be - at least as long as there are greedy and gullible people.

There's a really simple reason why lots of people have their contact info on-line: So that people who need to can phone them, e-mail them, and generally get hold of them.

Re:I see stupid people...

These people don't seem to realize that we are all humans, all going through comparable situations, and sharing ourselves is the quickest path to being monetized by large corporations. What's really funny about ignorant people, and humans in general, is that we never expect others to take advantage of us.

FTFY

Re:I see stupid people...

Anyone who posted to Usenet gets spammed. I suspect, but cannot prove, that somehow e-mail addresses are harvested from LinkedIn.

Jenny?

[magarity]

Search FB in all area codes for 867-5309 and ask to speak to Jenny. Lolz

Re:Jenny?

That's my sister you fucking pervert.

putting on my tin foil hat for a moment...

[logicassasin]

There's more to it than meets the eye. I don't have a FB account, so I can't fathom why they would ask for you to include your phone number on it for any reason. I do know that Google now REQUIRES it just to open a Gmail account.

Some part of me simply doesn't trust this. We all know about correlation engines and how they work, and we know that the NSA collects and reads your emails (http://www.guardian.co.uk/technology/2012/sep/15/data-whistleblower-constitutional-rights). Now we add into the mix your phone number, which, as we already know is subject to warrant-less tapping (http://www.businessinsider.com/senate-renews-controversial-law-which-allows-warrantless-wiretapping-of-us-citizens-2012-12) and if the number you provides happens to belong to your cellphone, we know that it can act as a covert "roving bug" (http://yro.slashdot.org/story/06/12/02/0415209/fbi-taps-cell-phone-microphones-in-mafia-case). All of this provides more data to track you, what you do, who you interact with, who you're near at any given moment and those individuals interactions... All in the name of "keeping you/this country safe".

This simply doesn't sit well with me.

Re:putting on my tin foil hat for a moment...

[vux984]

I do know that Google now REQUIRES it just to open a Gmail account.

I just created one, without a phone number. It seemed to work just fine...

maybe its only true if you select USA as country?

Re:putting on my tin foil hat for a moment...

[blueg3]

I do know that Google now REQUIRES it just to open a Gmail account.

Nonsense. It requires name, birthdate (without any verification), gender (including "other"), and solving a CAPTCHA. There is a mobile phone number field, but it doesn't complain if you leave it blank.

Re:putting on my tin foil hat for a moment...

Nope. The gp is smoking crack.

Re:putting on my tin foil hat for a moment...

[Jmc23]

You can receive posts, messages, etc... on your cell and respond. Actually quite useful if you're traveling

Re:putting on my tin foil hat for a moment...

[imuffin]

Facebook has my phone numer. Occasionally, friends who need to call me but don't have my number get it from Facebook. And it auto populated my phone with my friends' numbers, and they auto update when my friends change them. When I get a call from someone whose number I otherwise wouldn't have had, now their name and profile pic show up on my phone before I answer. Potential privacy issues? Sure. But it is not without utility.

Re:putting on my tin foil hat for a moment...

[Kaenneth]

I work on a major website that allows free trials, since an account includes an e-mail address, sometimes spammers will try to sign up large numbers of accounts.

So sometimes; but not usually (I don't know the trigger) you get prompted for a phone number to have an SMS/voice call sent to, to validate your sign up.

Just like Google sometimes requires a CAPTCHA to do a search, if your queries look like they might be automated.

Re:putting on my tin foil hat for a moment...

I am able to make a gmail account without a phone number attached as well, it prompts me that it is recommended, but not required IN THE USA with no fancy tricks.

facebook

People still use it? If they use it, they don't care about their security, or privacy. They want everyone to know about them, and their daily routine. They want it to be known. Why should everyone care about security, or privacy. Honestly, some people have nothing to hide, even if they should. They simply don't care.

If they were to actually understand the point of security and/or privacy, they'd never signed up for the facebook anyway.

Dear Facebook,

    God damn man, you did it. You made people not care about their security/privacy. You dealt with the swarm of people that were trying to explain to everyone that you are evil. You have shown, us that know of your evil, the stupidity of the people that you herded into your little program of data-mining. You have made me proud to not be a member of your product, or should I say, I'm glad I'm not your product".

Just don't give FB your phone number

[DaveAtFraud]

I gave FB 555-1212 as my phone number. If someone wants to contact me, FB provides lots of ways for people I know to get in touch or request I "friend" them so they can.

Cheers,
Dave

Re:Just don't give FB your phone number

[erice]

I gave FB 555-1212 as my phone number. If someone wants to contact me, FB provides lots of ways for people I know to get in touch or request I "friend" them so they can.

Cheers,
Dave

I didn't give them any phone number and the email address is only used for facebook.

Still, this is a pretty serious permissions flaw. Users that are not privileged to see information should not be able to search for it either.

Re:Just don't give FB your phone number

[blueg3]

Still, this is a pretty serious permissions flaw. Users that are not privileged to see information should not be able to search for it either.

As far as I can tell, if they have your phone number but it's set to not be visible to anyone else, it can't be searched for.

The only tests the author seems to have performed would not give any indication of what privacy setting was assigned to the phone number. So, all of his results could have been from people who had public phone numbers on Facebook.

Re:Just don't give FB your phone number

[Overzeetop]

It wasn't clear FTFA whether the phone numbers were marked as private or public on the FB accounts. If the information is marked to be shared only with "friends" then I don't believe it's searchable. I can't test it on mine...everything on my account is generally shared globally or simply not in facebook.

I do think it's funny that the dummy account I set up on FB for use with websites which want to use FB as their login criteria (and in which profile I put NSA as my employer) asks me from time to time if I happen to know "these other people who are work for the NSA."

Re:Just don't give FB your phone number

[erice]

Still, this is a pretty serious permissions flaw. Users that are not privileged to see information should not be able to search for it either.

As far as I can tell, if they have your phone number but it's set to not be visible to anyone else, it can't be searched for.

The only tests the author seems to have performed would not give any indication of what privacy setting was assigned to the phone number. So, all of his results could have been from people who had public phone numbers on Facebook.

I tested it with a friend's email address. Her "real" email address is not visible but by searching for it, I can find her page.

Re:Just don't give FB your phone number

[blueg3]

I tested it with a friend's email address. Her "real" email address is not visible but by searching for it, I can find her page.

Are e-mail addresses the same as phone numbers now?

Re:Just don't give FB your phone number

[blueg3]

This does appear to be the case for e-mail addresses. At least, I replicated what I suspect was your test -- I searched for someone who has both a Facebook and real e-mail address on file with Facebook but with only the Facebook e-mail address visible. I searched using their real e-mail address and found their page, despite the searched-for e-mail address not being visible.

Is it possible on Facebook to have no e-mail address visible and, if so, does it still work then?

Re:Just don't give FB your phone number

ive tested this, it doesn't work. they filter for shit numbers like this. and you think you can just outwit facebook with a off the top of your head whim? :) they have entire meetings with army's of MBA's and business people who have thought of that way before you

Re:Just don't give FB your phone number

[DaveAtFraud]

So, pick a valid number that's not yours (I really am using 555-1212 but FB could have instituted a filter since I started using it). Something like the local Scientology branch, Jehova's Witnesses, somebody's FAX line, etc. Use your imagination.

Cheers,
Dave

Re:Just don't give FB your phone number

Wooo. An MBA. Definitely brighter than the majority of readership here then.

Dupe

We covered all this back in 2002.

TIme for you to get laid!

Holy crap! If someone wanted to send random text messages to a random number, all they have to do is key a random number into their phone.

BTW, people still list there full name and address in the white pages.

The fact that your grandma falls victim to scams is a testament to your own (iherited) intelligence.

interesting

[logicassasin]

Can anyone else outside of the US report back on this? Does Google require a phone number in your country?

Re:interesting

[vux984]

I did my test from Canada btw.

Re:interesting

[MotorMachineMercenar]

In EU Gmail asks me periodically to verify my account via an SMS. There is a "skip this" text in small font, though, but I bet a lot of people don't notice it.

Don't have google+.

Searching for...

This babe gave me this number: 911-0911. I hope I can finally find her on Facebook with this feature.

Dude, you got scammed

She gave me the same number. I tried to call her but I couldn't find a phone with an 11 on it.

Presumably

[EngnrFrmrlyKnownAsAC]

I could start dictionary-attacking and eventually Mark Zuckerberg's phone number will be revealed. Hmm....

Disconcerting

[ideonexus]

I was a little creeped-out, but did appreciate my android phone downloading all my Facebook friends as contacts with their phone numbers when I first set it up. Admittedly, 95% of these are people I would never ever call, it's still nice to not have to hunt down phone numbers for the remaining 5% I *might* need to call when traveling in other cities or states.

This threat seems very credible to me as I've written harvesters for other websites and phone numbers are very easy to iterate through. I've gone to my Facebook account, clicked on "Account Settings > Mobile" and removed my phone number since I've decided FB is too loose with my info, but another option is "Privacy Settings > Who Can Look Me Up?" and letting only your friends search you by phone/email.

This must have been changed quite recently

[logicassasin]

I tried to sign up for a gmail account for use with various *nix message boards maybe a month or two ago and it tried to force me to provide a phone number. There was no Captcha option when I did it. I entered my information and went to the next screen where it demanded a phone number.

I ended up opening a hotmail account instead.

Re:This must have been changed quite recently

[blueg3]

Do you have something like NoScript that inhibits the action of reCaptcha? Gmail requires a phone confirmation if you don't fill out the reCaptcha.

I've had to create throwaway Gmail accounts for a variety of things and have never seen the forced-phone-number thing.

who cares

who cares about a phone number? didn't they used to have big books full of everybody's name, number and address? I've published my number publicly on facebook and still nobody calls me.

Re:who cares

I called, but you did not answer

Bzzzzt. Wrong.

[etrusco]

This only works if the number is already visible/public.

Just a strategy

[futhermocker]

to market their new subsidiary site phonebook.com

Facebook allows users to set who sees the phone

[origamy]

You can change that in Facebook > Privacy Settings > Who can look me up? > Who can look me up by e-mail or phone
Simply change from "Everyone" to either "Friends" or "Friends of Friends".

Alternatively, do not give Facebook your phone number.

(Insert witty subject here)

[Impy+the+Impiuos+Imp]

LEAVE FACEBOOK ALONE!

Monetizing is hard, y'all!

OMGWTFBBQ!!@!?!

The Yellow Pages Are Coming! The Yellow Pages Are Coming!

Seriously, there is a privacy concern here for people who have unregistered numbers, but forward and reverse lookup have been around for a long time, and phone numbers - or who they call - are generally not that sensitive.

ha

[sootman]

> And it wouldn't be a practical way to unmask the phone number
> associated with a particular account, either -- even if you knew
> the person's area code, and narrowed down the list of possible
> exchange numbers following the area code, you'd still have to
> try tens of thousands of possibilities.

That's why God made computers. Even if FB blocks cURL and the like, there are many ways to automate a browser.

A service for mankind

[gmuslera]

Facebook has been creating a culture of security awareness for all mankind since 2005. Most people, don't know, is new to computers/tablets or technology in general, but slowly the entire world is getting a clue on what should not to be done in the network, not because boring teaching or manuals, but feeling in real life the consequences, because facebook.

Re:A service for mankind

Meanwhile, LinkedIn keeps trying to be Facebook.

Privacy and FB

Is and has been non-existent for some time. When these things are allowed, nevermind whether they're halted or not - the grab is done and the loot is stolen.
Bit by bit and account by account, Mark is accumulating a massive db of the more personal sort - that now includes linking/mashing phone numbers up to people.

As with anything - it should always have an opt out clause - disallowing any retention of data or sharing of data, by default and requiring the user to access the account and change the setting to ALLOW.

Greed - powered by the richest companies

It's all about the $$$ -simply put. Your privacy (LOL) does not exist or matter on any site - the likes of Google+, FB, Twitter, etc...
Everything little detail you post , pic, TXT or IM is accessible, available, sellable and a GOLDMINE to marketing and advertising corporations drooling at this next opportunity.

Best possible solution

[Maxo-Texas]

Don't give facebook your number.

Don't give facebook your real name.

Don't give facebook your real address.

For optimum protection, don't use facebook since you can be identified through your social links.

I got your feature idea right here...

Quit throwing spam into your articles. There's your feature idea.

White Pages

[LordLucless]

Rather, the problem is that you could use this technique to build up a database of phone numbers and associated accounts without targeting any specific phone number or account. Not only would you know the names associated with each of the numbers, you could associate the phone number with anything else that was discoverable from the person's Facebook profile - which usually includes their location, their interests, and the names of their other friends.

Wow, you could spend all that effort to recompile the white pages. Um, woohoo? I think people forget that most of this information (name, phone number, location) is already available in a publicly-accessible directory. Sure, you can't get their friends-list from the WP, but if you have their name and location, you can probably find their FB account without too much trouble anyway.

This seems to be the reverse side of the "...but on the internet!" effect Slashdot complains about en masse in patent stories. This information has been available for decades in meatspace, but once it's "on the internet" it's a privacy violation.

Re:White Pages

1. It's hard work to extract phone numbers from the white pages in order to do reverse lookups, in some countries it's even prohibited.
2. The white pages includes, at most, name, address and phone number, frequently the name is just initials and surname.
3. You can opt out of having your name in the white pages, on Facebook other people can opt you back in.

Re:White Pages

[LordLucless]

1. It's hard work to extract phone numbers from the white pages in order to do reverse lookups, in some countries it's even prohibited.

It's actually pretty dang easy. All the data's there, it just needs to be indexed - and there have been such indexes floating around online for years.

2. The white pages includes, at most, name, address and phone number, frequently the name is just initials and surname.

If you care about privacy, your Facebook profile can contain, at minimum, name. In fact, if you care at all about privacy, you can make your phone number non-public, and the whole issue becomes moot, as it's non-searchable. Complaining that the default settings are too open is ridiculous - if you want to give a site your personal details, and yet can't be bothered managing who can access them, you deserve whatever you get.

3. You can opt out of having your name in the white pages, on Facebook other people can opt you back in.

The only way people can "opt you in" to Facebook is by tagging you in their photos. This doesn't make you searchable by phone number (or any other means) on Facebook, and it doesn't even let you filter photos. The same criticism could be levelled against any photo site that allows you to add captions to your photos.

Dear 20th century: what's a 'phone number'?

[Rogerborg]

Maybe you could leave that information in a time capsule, and I could tweet some geocachers to IM me the info.

What's the problem?

Since people have to pay to call or SMS me, the chance of an avalanche of phone spam is minimal.

Thisis why I kept my landline #

[hduff]

The landline number is the only number I give out. The calls are screened and blocked or unknown calls are not answered by me; they get to leave a message. On;y people I want to call me on a regular basis are given my cell number.

Radio Snack stopped doing this years ago

[SuperBanana]

Look son, I've been going into Radio Snack since the early 90's.

There was a big fuss about the whole demanding-your-phone-number/address thing, and they stopped with it, almost a decade ago. Hey look, a site called Slashdot even covered it: http://news.slashdot.org/story/02/11/25/1846245/radioshack-stops-being-nosy

No matter where I go, most any clerk who has asked for my number or email address has not blinked an eye when I've declined by saying "No thank you." The typical response is a polite or even cheerful "No problem."

Kapow software for harvesting

I know customers that use Kapow for harvesting. http://kapowsoftware.com/solutions/index.php