Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising.

Facebook not only uses the personal information that a user voluntarily provides through your profile to advertise. It also uses data such as the phone number that we use for two-step authentication or even the one that we have never given it, but it does appear in agendas that other people have linked.

It is a type of practice that various studies have been showing for years, that Facebook recognizes in part and that new research has revealed in a simple way. How? By contacting people on Facebook who have never shared their phone numbers and emails.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

Facebook would be giving advertisers access to so-called shadow profiles

The fact of the matter is that in this case it goes further: Facebook would be giving advertisers access to shadow profiles, also called shadow contact information. Contact data that they have collected and that, in principle, have not been provided to them for purposes such as targeted advertising.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

Alan Mislove, a professor at Northeastern University in Boston and one of the authors of this new study, was struck by an ad expressly addressed to him and disseminated by Kashmir Hill, a reporter for Gizmodo, who has reported on the investigation in the medium itself.

The intention was clear: to test the theory that she would be able to address him by a technique that Facebook assured him would not work, He says. He directed the ad to a Facebook account connected to Alan Mislove’s office landline number, he explains in his report, a number that Mislove has never provided to Facebook.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

And he assures that the teacher saw the ad in a matter of hours.

Two-Step Authentication phone number and other contacts’ calendars are advertiser data

Professor Mislove along with Giridhari Venkatadri, Piotr Sapiezynski, the three from Northeastern University, and Elena Lucherini, from Princeton University, carried out various tests which included the delivery of contact information to Facebook, through different channels, for a group of trial accounts.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

They then had to see if an advertiser could use that information to drive their ads to those profiles. And they assure that they discovered something tremendously striking of which many users of the social network are surely not aware.

Facebook’s solution for users annoyed with this practice: do not use their phone numbers with this method

When a user gives Facebook a phone number to be able to use two-step authentication or to receive notifications about new logins to the account, strictly related to security, that phone number becomes a piece of information that an advertiser can contact within a couple of weeks.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

From Facebook, asked about this question, they respond that they use the information that people provide them “to offer a better and more personalized experience, including advertisements”. Speaking to Engadget, they add that they are clear about how they use the information they collect, “including the contact information that people upload or add to their own accounts,” remembering that users can manage and delete the contact information they have uploaded to. any moment. Although not the one that others have loaded.

The solution to avoid this problem is simply not to use the phone number for this security method. Since, for four months, it is not mandatory to provide it to be able to use two-factor authentication on Facebook. Alternatively, third-party applications such as Google Authenticator and Duo Security can be used on both mobile and desktop in order to identify yourself.

Our data, when it is contained in someone else’s agenda, technically ceases to be ours.

The study led by researcher Giridhari Venkatadri also found a certainly disturbing data crossover, also related to so-called shadow profiles, in which advertising again comes into play and poses a serious privacy problem.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

If user A shares his contact book with Facebook and the data includes a phone number that belongs to user B, a user who has never shared this number with the social network, an advertiser will be able to identify you with an ad using that same data.

Why? Because even if it had never provided it to the social network, and Facebook a priori does not know that it belongs to user B, it can know other data, such as email, which may have been provided by user A together with the telephone number and correspondingly linked by the social network.

Facebook on the experiment: “The ad was likely shown to you because someone else uploaded your contact information through a contact importer.”

In turn, an advertiser can target specific customers who at some point gave them contact information by uploading their data to Facebook. In this way, if an advertiser wants to address user B and has his phone number, a number that Facebook did not know but that he has linked to an existing profile thanks to an email that he does, the data crossing is completed.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

“The ad was likely shown to you because someone else uploaded your contact information through a contact importer,” a Facebook spokesperson confirmed to journalist Kashmir Hill.

For Venkatadri, lead author of the research, this was the most surprising find. Because with this, Facebook is able to direct ads to users from information that was not directly provided by them. Taking into account, in addition, that users may not know that the social network has such data. Because technically that data belongs to other people and accessing that information “in the shade” would violate the privacy of the person who uploaded it.

Facebook did not question any of the researchers’ findings.

Facebook uses your phone number, obtained from two-step verification or contact books, to show you advertising

Facebook didn’t question any of the researchers’ findings, according to Gizmodo, and It limited itself to explaining that the use of the data is included in its corresponding policy and that give the community the possibility to control their advertising experience, including that concerning the data that advertisers link, the so-called audiences or personalized audiences. A type of targeted advertising that can be disabled on Facebook and other networks, such as Twitter, that also use it.

The researchers also tried other data-crossing methods that didn’t work, such as the one involving WhatsApp. They wanted to see if Facebook could be using the numbers of users of the instant messaging service to target them in advertising and they found no evidence. This indicates that plans to link user data from the two platforms have not yet been carried out, at least for advertising.

What this research reveals is that probably Facebook is not transparent enough when explaining how data that is not publicly available in user profiles or that belongs to them and has not been provided by them is used.

From SamaGame we have contacted Facebook to verify this information; We will update this article as soon as we get a reply.