Facebook Flip-Flops on Selling User Addresses, Phone Numbers
Facebook made a quick retreat Monday (Jan. 17), announcing it would “temporarily” disable a brand-new feature that lets third-party applications harvest users’ phone numbers and home addresses.
The feature had been debuted with a quiet Facebook blog posting on Friday afternoon, Jan. 14.
It said the feature would let users “easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute special deals directly to your mobile phone.”
In other words, Facebook was giving advertisers and third-party application developers access to users’ cell-phone numbers and home addresses.
Over the weekend, the feature drew condemnation from security experts and privacy advocates.
"It won’t take long for scammers to take advantage of this new facility to use for their own criminal ends,”said Graham Cluley, senior technology consultant for the British security firm Sophos.
Users would have to give permission to app developers to get their addresses and phone numbers, but Cluley wrote that “there are just too many attacks happening on a daily basis which trick users into doing precisely this.”
“Now shady app developers will find it easier than ever before to gather even more personal information from users,” Cluley added. “You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purpose of SMS spamming, or sells on the data to cold-calling companies."
A current example of such an attack involves a viral video of a girl so distracted by texting that she falls into a shopping-mall fountain.
A Facebook worm has been posting messages reading “Girl Falls Into A Fountain While Texting.” But the link included in the post is malicious, directing users to a page that requests their names, lists of friends and user IDs.
In fact, nearly all Facebook scams -- from an alleged Miley Cyrus sex tape to any number of sexy videos -- deceive users into giving out personal information.
Three days after the feature was unveiled, Facebook responded to the backlash with a carefully worded post on its Facebook Developers Blog.
“[W]e got some useful feedback that we could make people more clearly aware of when they are granting access to this data,” the posting read in part. “[W]e are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready.
“We look forward to re-enabling this improved feature in the next few weeks.”
