Ever since the Cambridge Analytica scandal game to light, Facebook has been in the spotlight for its invasive data mining practices. The Cambridge Analytica scandal exposed how Facebook allowed a company to harvest profile information from millions of accounts via a fake “personality quiz” app and then use it for political purposes. This can be referred to as weaponising of data you share with Facebook.
The most recent example of this kind of invasive data mining has been unearthed by Gizmodo, which discovered that Facebook can be used to target people with ads via phone numbers they haven’t even shared with the social networking website. To prove this, Gizmodo tried to placed a targeted ad via Facebook’s “custom audiences” feature. Gizmodo used a landline number for researcher Alan Mislove’s office (with his consent) to place an ad targeting that number, and found that the researcher saw the ad within two weeks. Mislove had never shared that landline number with Facebook, so it’s very likely that Facebook obtained that from the address books of other users who shared their contact information and had the number listed as Mislove’s.
Remember seeing a Facebook prompt that asks you to upload your contacts to Facebook to stay connected? Well, congratulations, now it’s been demonstrated that this allows shady advertisers to target everyone in your contact list even if they have never shared that particular number or email address with Facebook. This may have been obvious to privacy conscious people already, but Gizmodo notes that Facebook has so far denied this practice altogether.
The report also points out that a group of researchers from Princeton University have published a paper that goes deeper into the rabbit hole that is “custom audiences” for targeted Facebook ads. They found that Facebook even allows advertisers to target you via the mobile phone number you provided for security purposes. If you remember adding your number to Facebook to “protect your account” via two-factor authentication (essentially getting a one-time password via SMS), well it’s been compromised and advertisers have probably already sent ads via even that information, which Facebook supposedly never shares with anyone. There are many more details in Gizmodo’s excellent report, so you should definitely head over there to check it out.