Thursday, April 19, 2012

Spooky Facebook requests phone number and recommends friends

At work we have a lot of clients that we "Like" on Facebook to help them with their social media profiles. Some of these clients I'm personally interested in and others not so much. My news feed is becoming very cluttered as a consequence.  A colleague suggested setting up a second Facebook profile that can be used for professional purposes. This appeals to me as I don't particularly want to share my "Child vomited on shoulder" stories with colleagues and business associates. I also want to start messing around with promoting this blog a bit more to further my knowledge within the work environment.

So I set about setting up a new profile, with a more professional photograph, using my work email address.

I was surprised to find that Facebook wanted my mobile phone number in order for me to continue with my registration. Not only that but I was warned that I could only register this number with one account. I was pretty sure that back in 2007 when I first signed up to Facebook this wasn't a requirement so I wasn't concerned that my mobile number was already registered. But I was concerned that I might need to associate this number with my primary account at some time. And of course, I was a bit worried about what they might do with the number once they have it. Concern Number One. I hesitated.

Then the Social Media expert in the office assured me they only wanted it for the creation of the account and that I could change it later. Cool. I continued.

I then received a text message with a code I was required to submit in order to continue my account creation. This I did, then made sure that Facebook wasn't going to send me any SMS messages or give out my number.

The next page blew me away.

I was asked to select friends from a list which included a mixture of good friends, an old uni friend, ex-colleagues, my dad, girls I knew in pregnancy yoga over three years ago, my husband's aunt, and a friend of a friend I haven't seen for years.

It was an eclectic list to say the least. Some of them I am already friends with, using my primary account, others I'm not, although we do have one mutual Facebook friend. I do know all of them. How does Facebook know this? Concern Number Two.

Whilst pondering this aloud the aforementioned Social Media expert (affectionately and hereafter referred to as Salmon) muttered something about Facebook being able to access my iPhone SMS database. Eh what? Say again? Concern Number Three.

"Oh yes," said the all-knowing Salmon. "If you have the Facebook app on your phone, and you have given Facebook your phone number then they can access your message bank. They got into trouble for not disclosing it. Google it."

And how come you didn't think to mention this earlier oh wise Salmon? Anyway I did. Google it.

And I found this. To summarise for those who can't be bothered to click on the link, Facebook login credentials are not encrypted within the mobile apps and as such can be exploited by a rogue app, or anyone with a USB connection to your phone. The developer who discovered this found a Facebook access token inside a game app. He copied the token and using Facebook Query Language managed to pull any information he desired from his Facebook account. I urge you to follow the link and read the article. What happened next almost beggars belief. Concern Number Four.

I also found a link to an article regarding the eavesdropping on text messages. The article only references Android phones and Facebook denied it. But still. By now I'm getting rather concerned. And totally spooked.

How did Facebook know that I knew those people? All I had told it was my work email address, my phone number, my name (minus my married name) and my date of birth. These are not generally people I have emailed from work. I couldn't see any way it could have linked me to my primary account or to any of those people. I started to get concerned that it had read my phone Contacts list but not all of the suggestions were in there. It was like magic! A dark and scary magic.

Here's my current theory. We use GMail for email at work and I have my Google accounts set up so that I can log in to both my work and personal accounts within the same browser session. (This is an excellent feature which is really useful for GMail but then falls apart when you want to use some Google apps, such as Documents.) So Google knows both my work email address and my personal email address and that they both belong to the same person. As we've already established Facebook knows my work email address. Well, my primary Facebook account has my personal GMail account as a secondary email. Could this be how Facebook knows I probably know those people? Could it be looking at my personal GMail contacts and then seeing if any of them are on Facebook, and then suggesting either them, or their friends? Or could it be that because I have emailed myself from work it is suggesting my own primary Facebook account's friends and their friends? It seems convoluted but I'm otherwise stuck for an explanation. Let me know in the comments if you have any ideas.

Meanwhile, I think I will sack the whole idea of a second account and I'm rethinking heavily how I use my primary one.


  1. this is really too useful and have more ideas from yours. keep sharing many techniques. eagerly waiting for your new blog and useful information. keep doing more.
    Digital Marketing Course in Chennai

    1. Great Article Cloud Computing Projects

      Networking Projects

      Final Year Projects for CSE

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. One of the primary things you can do is Google the phone number. This is especially successful in discovering telemarketers, yet can likewise be viable for organizations that rundown their phone number on the web. 0800 number cost

  3. A telephone system is a major expense for any business but it is necessary for handling incoming and outgoing calls business calls

  4. Thanks For Sharing The Information The information Shared Is Very valuable Please keep updating us Time Just Went On reading The article Python Online Course AWS Online Course Devops Online Course DataScience Online Course

  5. Dan itulah beberapa ciri yang dimiliki oleh sebuah agen poker online terbaik dan terpercaya, tempat di mana Anda bisa mendapatkan uang asli secara nyata. Anda akan mendapatkan kepuasan bermain sekaligus kepuasan finansial berupa keuntungan yang berlimpah
    bandar ceme terpercaya
    paito warna
    prediksi sgp

  6. These are the great blogs; I assure you that I really enjoyed a lot in reading.
    Wikipedia’s traffic


  7. مكافحة حشرات بالخبر مكافحة حشرات بالخبر
    مكافحة حشرات بمكة مكافحة حشرات بمكة
    مكافحة حشرات بالمدينة المنورة شركة مكافحة حشرات بالمدينة المنورة
    مكافحة حشرات بالدمام شركة مكافحة حشرات بالدمام

  8. I really enjoy reading of your article. I wanted to inform you that you have people like me who appreciate your work. sms bomber apk editor no wifi games

  9. If you should be opting for finest contents like me, just visit this blog site daily because it provides the feature contents, thanks.
    web design company boston

  10. Thank you for sharing with us! Good luck!
    vivi winkler