The latest Facebook privacy flaw is a doozy
Over the past couple of years there has been no shortage of talk about privacy, particularly when it comes to social networks, and especially Facebook. In fact, the service recently made news when the site's privacy settings famously bit founder Mark Zuckerburg's own sister.
Facebook has worked to make its privacy settings easier to understand for everyday users, and to a certain extent has succeeded, but fatal flaws still seem to rear their ugly heads.
In this case, it could be one of the more dangerous ones to appear, as the implications could prove to be much more far-reaching. Earlier today, Bennett Haselton let it be known to Slashdot that searching Facebook for a phone number brings up results, with links to real people.
That may seem inconsequential at first glance. My colleague Joe Wilcox scoffed that "You can search for someone by phone number. So what? If you have the number, you likely have other details". True.
But here is the kicker. You do not need those other details. You do not even need the phone number. I began plugging in phone numbers for my city -- area code and the first three digits of my own number. I found people. People who live in my county. Women and girls I could stalk. Clicking an account reveals whatever that person has made public, and thanks to Facebook's still-confusing privacy settings there is more public than most users think -- ask Randi Zuckerburg.
I asked two BetaNews colleagues to search for my phone number and both found me with no problem. I am not worried about me, but I have a 16 year-old daughter. But, and let me stress this, it appears to only affect phone numbers that are left public. However, that is a large number of the user base, thanks to confusion.
So I have found a name and a phone number -- at the least, but perhaps more. Plus I know you are in my area. With this information the stalking process becomes much easier. (Don't worry, this is just a news reporting exercise. I won't stalk you.)
It is likely that Facebook will close this loophole, but it is illustration of the myriad problems that the social network faces while trying to walk a fine line between sharing and privacy. Unfortunately, this is a rather major one and it involves the safety of people, especially children.
In response, after being contacted by BetaNews, a Facebook spokesperson says that "the ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page".