Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information.
They found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information.
First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks.
(This is not the first time Facebook has misused 2FA phone numbers.).
Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.
SMS-based 2FA requires a phone number, so you can receive a text with a “second factor” code when you log in.
Even with the welcome move to no longer require phone numbers for 2FA, Facebook still has work to do here. »