Facebook Grants Advertisers Access To The “Shadow Phone Numbers” Of Users


Facebook data scandals are quite like the mob… just when you think you’re finally out… they manage to find a pervasive way to pull you right back in. Once again, to the surprise of no one, Facebook users are being subjected to suspiciously targeted commercials on the controversial social media platform. Thanks to a new report from Gizmodo, it appears this is the result of Facebook allegedly granting advertisers access to their users hidden “shadow contact information”, even when profiles opt out of this data harvesting process.

Last week, the publication conducted an informal experiment to access how the website was able to use information collected by advertisers that wasn’t shared on the platform by the subject themselves. Gizmodo described one of the methods by which Facebook targets ads to users is through allowing companies to upload phones numbers and email addresses kept within their own files, forcing ads in front of accounts that are associated with the contact information related data harvested when they received a product.

They cite several how this works, such as a particular clothing retailers are able to place commercials for dresses on the Instagram feeds of women “who brought their product in the past”, how politicians can prioritise ads for those “on their mailing lists”, or casinos can offer deals to “the email addresses of people suspected of gambling addiction”. Facebook reportedly calls this a “custom audience” filter, and it’s easily accessible to businesses here.

Gizmodo’s subjects was Alan Mislove of Northeastern University, currently studying the methods social networks employ to intercept privacy protections. Journalist Kashmir Hill explains his theory of targeting an ad to Mr. Mislove was to “direct the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.”

Following the results, Facebook originally tried to deny this practice was in anyway true. The report then cites an investigation conducted by Northeastern University’s Mislove, Giridhari Venkatadri and Piotr Sapiezynski, as well as Elena Lucherini of Princeton University, which proves through a number of tests that information uploaded by advertisers is being linked between profiles and their previously undisclosed “shadow profiles.”

This is a clear example of Facebook’s circumvention of data consent, which is to be expected of a reputation-tarnished data-mining company. Instead of Facebook using a voluntary process, where the information users have actually consented to having on the website, from “contact and basic info” sections, is rightfully appropriated for ads, they’ve opted to play the role of a cyberstalker-for-hire in misusing all available data across the board.

The report details how Facebook collect this “shadow contact information”, found only by their direct snooping into third-party data hives, and are able to connect profiles through the information that was only granted to Facebook for “security purposes”, such as the two factor authentication (2FA) process used to confirm accounts or to receive alerts about new attempted log-ins to a user’s own account

Essentially, if you’ve previously trusted your information to a company, they’re easily able to exploit that information without your consent by just giving it Facebook. This happens regardless of your current data/advertising arrangements with the site, legal promises under the penalty of fraud not to misuse this trusted information for its intended purpose, or whether you even have a Facebook account. It’s a business model that relies on having users kept in the dark about the whole game.

Facebook, in an attempt to save face, soon admitted to misusing their users’ security information for advertising in a recent statement to TechCrunch. “We use the information people provide to offer a better, more personalized experience on Facebook, including ads,” a company spokesperson said. “We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”

This would be all well and good if it wasn’t a lie. They spokesperson also states users can avoid this unethical “repurposing” of data by simply not using a phone number for 2FA, when other non-mobile verification methods were only just introduced in May, basically saying people who used the only available method for years are just shit outta luck. Currently there’s no means of accounting for full deletion of this data, meaning they’ll be able to use whatever they have regardless of your say so. These are the people want to be the gatekeepers of what they determine is and isn’t ‘fake news’, remember.

Mislove commented on the issue: I think that many users don’t fully understand how ad targeting works today: that advertisers can literally specify exactly which users should see their ads by uploading the users’ email addresses, phone numbers, names+dates of birth, etc… In describing this work to colleagues, many computer scientists were surprised by this, and were even more surprised to learn that not only Facebook, but also Google, Pinterest, and Twitter all offer related services. Thus, we think there is a significant need to educate users about how exactly targeted advertising on such platforms works today.”

Thanks for reading! Bailey T. Steen is a journalist, graphic designer and film critic residing in the heart of Victoria, Australia. He’s also a proud Putin Puppet™ on occasion. His articles have been published on TrigTent, Medium, Steemit and Janks Reviews. For updates, follow @atheist_cvnt on either Twitter, Instagram or Gab.Ai, while you can contact him for personal or business reasons directly at bsteen85@gmail.com. Cheers, darlings!! 💋

troubled writer, depressed slug, bisexual simp, neoliberal socialist, trotskyist-bidenist, “corn-pop was a good dude, actually,” bio in pronouns: (any/all)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store