How did Facebook get my number? And why is it giving my name out to strangers?
Published 10/08/2016 | 09:01
Facebook thrives on data, prodding users to provide it with their memories, cherished moments and relationships. And for years, it has badgered users into handing out their phone numbers.
More recently, however, it has taken a different tack - taking mobile numbers from other, less direct, sources and adding them to profiles. Users who don't willingly give the company their mobile number are now asked to verify one that Facebook "thinks" is yours.
This has shocked some users who, having not given the app permission to see their contacts, wondered how it had got hold of their numbers.
But perhaps less widely-known is that these numbers, even if unconfirmed, can be used to discover your name and appearance without you knowing, as I found out recently.
How did Facebook get my number?
I was content with ignoring Facebook's continued prompts and never provided it with my mobile number. But recently, when digging into Facebook's settings, I found that it not only knew my phone number, but was using it as a public identifier for me.
In the Notification Settings part of the app I noticed that Facebook had saved my phone number in the Text Messaging Settings with the words "Confirm" and "Remove" next to it. Curious to know how the app had got my number, given that it didn't have access to my contacts, I asked Facebook.
Based on what the company told me, it's almost impossible to stop it knowing your phone number. If you haven't given it to Facebook directly, the service can retrieve it from a variety of places, including the number stored in the phone or tablet that you're using, your mobile operator, or if you provided it at some point in the past.
Even if it doesn't have it from these sources, Facebook friends who have given the app access to their own contacts book may also have given it your number. Given that most of us have hundreds of friends on Facebook, the chances of this happening are pretty reasonable.
As Facebook says in its online Help Centre:
When we ask you to add your phone number, you may see your number automatically suggested so that it's easier for you to add. This might be based on your phone or tablet, your mobile operator, contact information provided by others on Facebook, or other sources. We also might have your number because you gave it to us in the past, but haven't confirmed it.
The number will only be added to your account if you choose to confirm and verify it.
Giving my name away
Facebook says it only adds a phone number to an account if users confirm it, but it turns out that even unconfirmed numbers can be used to identify people. After finding Facebook knew my number, I discovered that a colleague could easily find me on the network via my phone number, even though I hadn't verified it.
Here's how. When a Facebook user tries to add new friends on their mobile app, one way to do so is by importing numbers saved on their phone. Facebook matches these numbers to profiles, and suggests adding those profiles, displaying the user's picture and full name.
Even though I haven't confirmed my phone number to Facebook (which had obtained it without my knowledge),it appears anyone with that number can find out my name and see my profile picture.
Other ways of finding people using their phone number - for example, by pasting the number into Facebook's search bar - don't work if a phone number hasn't been verified, so being able to find them via the smartphone contact book in this way appears inconsistent.
To see just how visible I was, I set up a fake Facebook account on a phone that didn't have my number stored on it. As soon as I saved the number in the phone - even under the fake name "Fred" - I was able to find my real Facebook profile by logging into the fake account and importing contacts.
I checked Facebook's settings and noticed that it had automatically set "Who can look you up using the phone number you provided?" to "Everyone". Admittedly I hadn't changed the privacy of this setting, but I also hadn't provided a number or verified the one it had lifted. Given that I hadn't granted Facebook my phone number in the first place, I didn't suspect I would have to stop Facebook using it.
Facebook said it wants to make it easy for people to find their contacts on the social network, which is why it allows people to see your account if they have your number.
But in my situation, I had not given Facebook my number, was unaware that it had found it from other sources, and did not know it could be used to look me up.
Why it scared me
A lot of people have my mobile number that don't know identifying details about me, such as my full name, where I work and what I look like.
If for example you gave your number to a taxi, delivery company or restaurant, they could look you up on Facebook and immediately know your name, what you look like and some basic details about you - depending on your privacy settings. And if your name is in anyway unique, like mine, that opens up the possibility of a lot more information being available, such as where you work.
Another time that you might share your phone number without intending to give away your name is on a dating app or at a party. It's acceptable to give a potential date your first name and number without and expect that you'll maintain a relative amount of anonymity.
Criminals looking to build up a profile about individuals could also do so using randomly generated phone numbers, or numbers that they found online but which came without any other identifying information.
A similar number look-up is available on other social networks and messaging services, such as WhatsApp and Telegram. But on WhatsApp you only see the person's username once they reply to a message, meaning unsolicited texters can't find out your full name.
Telegram recently came under fire after security researchers found hackers had managed to confirm the accounts of 15 million Iranian users. The news sparked fears among privacy conscious users, many of whom favour Telegram for its security and end-to-end encryption.
Aral Balkan, a privacy expert who runs Ind.ie, said: "You have the right to choose what you keep to yourself and what you share with others. It doesn't mean that you have to isolate yourself, it simply means you have the right to choose who has your phone number and who doesn't. But you have no privacy on Facebook."
How to hide your mobile number from Facebook
It's unclear if there's a way to stop Facebook from finding out your phone number in the first place. But if it indicates that it thinks it knows your number you can ask it to remove the suggestion by going to Settings -> General -> Phone.
To control who can find you on the social network using your number go to Settings -> Privacy -> change "Who can look you up using the phone number you provided to friends or friends of friends. It isn't possible to turn this off completely so if you want to keep your number separate from your Facebook friends keep it off in the first place.
In a blog post in 2012 about Facebook and its pursuit of users' numbers, security expert Graham Cluley said: "My advice is always be careful what phone numbers you share with websites.
"There may be a case for keeping an old phone in a drawer, with a pay-as-you-go SIM. That throwaway phone can be used for websites that demand a phone contact, but you don't feel they really need it."