Facebook’s two-factor authentication has come under major scrutiny over privacy issues. As a result of a tweet from security researcher Zeynep Tufekci, it has been revealed that the two-factor authentication which Facebook has so voraciously promoted to ensure security, can also allow anyone to look up that user’s profile. And no, it isn’t just that. The worst part is that users cannot choose to opt out of the authentication.
Facebook came under heavy fire after admitting that they were using users phone number to directed targeted ads. The fact that users’ phone numbers can now be used to look up profiles, even if they weren’t registered on Facebook, has caused severe unrest among its user community. Users were under the assumption that their phone number would only be used for authentication purposes and the realization has caused many to seriously doubt the company’s ability to protect it’s users’ online privacy and data.
“Using security to further weaken privacy is a lousy move—especially since phone numbers can be hijacked to weaken security. Putting people at risk,” Security expert Zeynep Tufekci tweeted over the weekend. He was among those to call out the social media giant for the move. Even if a user changes their privacy settings so that only “friends” or “friends of friends” can browse through profile, the company’s default settings automatically allow everyone on the Internet to find the profile using the phone number.
Yep. I can no longer keep keep private the phone number that I PROVIDED ONLY FOR SECURITY to Facebook. ZERO notification of this major, risky change. For years I urged dissidents at risk to use 2FA on Facebook. They were afraid of this. @Facebook doesn't care about their safety. pic.twitter.com/lW8wjBJlfz
— zeynep tufekci (@zeynep) March 3, 2019
Even if users haven’t opted for two-factor authentication, they have been several reported cases of users having their numbers being used. This was also reported last year by Gizmodo where if a user gives Facebook a phone number two-factor, it “became targetable by an advertiser within a couple of weeks.”
The scandal will put Facebook’s attempts of unifying their messaging platform with that of WhatsApp and Instagram’s under heavy observation. This is largely because platforms like WhatsApp use a user’s phone number as a primary source of connecting people.
In a reply to the growing specific concerns, resounding among its users, Facebook said “We appreciate the feedback we’ve received about these settings and will take it into account.”
For now, users can protect their phone numbers and Facebook profile by changing the ‘Who can look you up using the phone number you provided’’ option to ‘Friends’. This can be found in the ‘Privacy’ section of your Facebook account settings under, ‘How People Find and Contact You’ option. Facebook sets the phone number lookup setting to ‘Everyone’ by default.
But that is just it. You can’t really do more than that.