
Facebook won’t let you opt out of its phone number ‘look up’ setting - longdefeat
https://techcrunch.com/2019/03/03/facebook-phone-number-look-up/
======
potatofarmer45
This will make keeping your social media private during recruiting much much
harder because rather than trying to search for your name on FB or your email,
an interviewer can just search your listed contact number. Names are often not
unique but phone numbers are.

This matters because creating a new email account for recruiting is trivial,
yet creating a new phone number for recruiting is not. Most phones are not
dual sim, and you want to have a phone on you in case the recruiter or future
employer calls. Hence the account id rate using a phone number should be much
higher and makes it dramatically easier to find somebody.

The nasty part is even if you rename your account to your "first-name middle-
name" or an alias, you could be found out via phone number search. So simply
renaming your account no longer ensures random recruiters can't just find your
profile. Your FB name could be "giant blue monkey" which prevents a regular
name search but would still be identifiable via phone number search.

~~~
on_and_off
There are also a non negligible number of people using an alias on facebook
because they have good reason.

Apparently when a woman uses a pseudonym on facebook, it is not unlikely that
it is because of a nasty/stalkerish ex that she would rather get away from.

I am actually in favor of a transparent society (a la david brin) , but we
have to grown up a lot and handle such cases before the advantages that come
with it can even be contemplated.

~~~
arcturus17
> in favor of a transparent society

I suggest you read The Transparent Society by Byung-Chul Han. It’s a brutal
50-page indictment of the hypercult of transparency and its effects on the
human soul, on the political discourse, and on traditional values like truth
and beauty. Might change your view on the costs of transparency.

~~~
no_identd
The Hypercult of Transparency[nice choice of words!] exists because people
keep falling for the Transparency=Accountability meme. And until the rather
recent advent of homeomorphic encryption, that meme did have some rather
humongous amounts of truth to it. However, given the existence of homeomorphic
encryption, this no longer rings true.

Speaking of homeomorphic encryption and Facebook:

[https://news.ycombinator.com/item?id=19288633](https://news.ycombinator.com/item?id=19288633)

~~~
bogomipz
Whats the connection between discussions about "the cult of transparency" and
homeomorphic encryption?

~~~
Natanael_L
Presumably that accountability could be achieved despite secrecy, through
code. Also see Zero-knowledge proofs

~~~
no_identd
Yepp.

------
ascorbic
This is surely a breach of GDRP. One of the principles is that data must only
be used for the purpose for which it was collected. Taking a number provided
explicitly for 2FA and using it for search certainly sounds like a breach.

~~~
rocqua
They might get around this by not doing it with numbers provided after the
GDPR penalties came into effect.

~~~
ascorbic
No, that doesn't get them out of it.

------
tobr
If you are a Facebook employee, or are close to one, please help me
understand. How does it feel to see reports like this being released almost
weekly? I realize people are very good at dealing with moral dissonance when
their paycheck depends on it, but surely you must be thinking, talking to your
colleagues, about what your personal responsibility in this is?

~~~
bertil
Overall, the vast majority of similar reports are completely irrelevant,
partial or non-sensical. Happy to give details but the most common pattern is
the same person demanding that Facebook regulate speech in one sentence and
being outraged that Facebook feels allowed to regulate speech before that
sentence is over. Most journalists who write about Facebook are deemed as
“having no idea what they are talking about”. A lot of them are granted some
internal access by people who think that it would improve the coverage but
rapidly discover that their ignorance isn’t because they lack of access but it
is a decision.

This case is a small but clear oversight, one team (Security) set-up a
necessary 2FA option; another (Growth) re-using information attached to a
profile without context. Both teams have clear objectives but should have
clearer lines when edge-cases like these appear. Two remarks on that: 1.
clarity in large organisation and 2. prioritisation.

1\. Overall, Facebook teams need clearer demarkation but every company in the
world has far, far worst practice so as soon as you try to interview, you reek
in horror at practices anywhere else — and that’s what they are willing to
tell you _before_ you join.

The internal discussion is probably split between many debates; I’ve never
been very good at expecting issues around security, but probably a dozen
philosophical questions like:

\- phone numbers and SMS are not safe from MITM attack, the company should not
accept them at all; vs. other options like a device are too selective,
demanding, etc. so if people are happy and their threat model doesn’t include
MITM SMSs, the company should offer that as an option;

\- this is the only piece of information that is “User only” and that
visibility option was removed because it used to lead to abuses; vs. we can
monitor abusive use of a visibility feature even if that’s extra work, more
technical plumbing that could lead to more internal abuse;

\- there are no identified threat actually unblocked if there were, our bug
bounty would have caught them; vs. we do not have to limit Security to known
threats, but “feels” for bad practices should be trusted as a sign there is a
threat in there that the company should respect even if we can’t isolate why.

Knowing what to do as an individual contributor when you have gods fighting
over your head can be daunting; you want to have a clearer picture that, say
“Only me” will be a visibility option for longer and not replaced by “Hide
that from anyone, even having access to the account to prevent an access even
from escalating into a worse security threat” or that when it’s replaced, this
piece of information won’t be missed or excluded.

Anyone who has build large data schemas would be familiar with how tricky
changes like that can be when done without coordination. Anyone who follows
visibility of information from Facebook has noticed a lack of clear purpose:
more nuanced options appear and disappear because there’s a tension between
simplification and curating interests.

2\. Overall, working for Facebook feels like you are dealing with a fire, an
earthquake, a zombie invasion, a revolution and a flood at the same time — and
the public only seems to care about electricity shortages. And when you look
into internal numbers about who cares about any of the above, the flood seems
like a big deal, no one cares about electricity but someone you know that the
fire and the zombie invasion are far worst. Facebook is the only place where
managers are very clear that the fire will destroy your water pump much faster
than the water goes up, and zombies are actually quite slow — and you can not
prevent earthquakes, only deal with the aftermaths, so they want you to deal
with them in a specific order: #1 Extinguish Fire, #2 Automate the water
pumping for the Flood, into the fire-prevention stock, #3 Delegate the dyke-
building, #4 Once you have a plan for that, expand dykes to protect from
zombies, #5 Schedule a town-hall for _after_ the physical security of everyone
is guaranteed because talk is better than a revolution, #6 Imagine what
seismographs could be like (network?) and how they could prevent bad things,
given how fast earthquakes are. Nothing about electricity because it escapes
everyone’s mind at this point.

I once had a task that was about preventing thousands of crimes from
happening; it was #3 on my list. That felt wrong, but my manager explained
how, if #1 and #2 were not done, I couldn’t do #3. It felt very strange. #2,
in particular, was very debatable: I reached out to a friend of mine, a lawyer
outside the company and probably one of the top 10 people on deciding if
something like #2 was ethical. My friend told me that he had far bigger issues
to deal with. So I did #2 reluctantly; I did it first because it made #1
easier. In the mean time, #1 was cancelled without my manager telling me. I
had asked someone else to do #3 and he got a massive promotion.

Two years later, the press was up in arms because _thinking_ about #7 was
presumably unethical. #7 is about making sure that vulnerable users were even
more protected than they were on Facebook (while no other platform did
anything for them) and the press really objected to vulnerable users being on
Facebook at all. The most widely circulated OpEd on the topic explicitly
didn’t care for them being protected: that they were on Facebook at all was
the problem. As a former employee, I knew why they really needed to be there:
it is their only source of needed social life.

My experience was a little extreme, but it’s quite representative.

Take the recent appeal to have more community monitoring:

\- Facebook notices, years before anyone, external agents using social media
to spread inflammatory messages; they understand that they won’t be able to
prevent the gutter-press from spreading it, so they appeal to institutions
because they carry editorial authority and local understanding that Facebook
can’t have.

\- That is dismissed as interference, and Facebook is mocked for knowing
nothing about the free press. As a reaction, Facebook publishes articles on
polarisation and clearly point at external sources; they asks researchers to
measure how much the News Feed bridges that gap and helps moderate the worst
messages. The article is summarised clearly with graphs by internal comms. The
article is summarised in the press as: Facebook is pouring gas on the
political fire.

\- Facebook anticipates that astroturfing will get worst, at an exponential
rate, and decides to enforce strict “authentic identity” rules to cut most of
it; also starts efforts in identifying “fake news”. Explicitly connects the
efforts to political manipulation. Both efforts are openly disparaged by
people who spread false information and openly ignore that Facebook has a
clear handling process for people who don’t want to be found for legitimate
reasons. Political parties gladly finance negative attack ads that are the
main source of inauthentic, false coverage.

\- Facebook gets signal that human censoring is not scaling; details become
increasingly worrying. Facebook ramps up their AI research program to identify
increasingly relative inauthentic users, messages; the program is ignored, or
only presented as an Orwellian effort by “the Borg”. Mentions of issues in
human reporting are completely overlooked by the press.

\- Facebook realise that scaling its community enforcement won’t work because
they don’t know how to manage those and the third-party company are treating
them like lab rats at best. Asks for improvement on work conditions; nothing,
or rather systematic executive-level Me-Too scandals. Facebook fires said
companies out of desperation. Instant backlash because ‘Facebook fired
journalists’. Facepalm, partial decision reversal. Silence from the press,
which honestly is a relief at this point.

\- Major progress on the front of automated community enforcement. Facebook is
the first to identify several threats to democracy (Cambridge Analytica is
banned in 2014; everyone finds Trump funny when he asked for Russia’s help,
while Facebook Security reveals to the FBI suspicious behaviour).
Unsurprisingly, Facebook is _blamed_ for acting as a Good Samaritan; internal
debate on whether to come clean publicly, or only tell law enforcement. Law
enforcement is clearly dependent on electoral results, so coming clean
publicly proves important… but extremely costly for the company brand. Should
the company sacrifice the little goodwill it has left among the press now, to
prevent current threats, or keep it for a worse crisis?

\- No surprise: political parties don’t like being targetted as being bad
actors and defend themselves by empowering lunatics and doubling down on a
constant barrage of incendiary news. Community enforcement is completely
overwhelmed by its own scale and size and catastrophic situations emerges. No
one raises that Facebook has offered several solutions, from institutional
standards, automated detection, visibility control and just blames the company
for its subsidiaries. The company is just the enemy of everyone at this point.
Facebook has two options: not having any community enforcement, or trusting
suppliers that have repeatedly lied to them. The third one is what many
employees are working on: automation.

Your question is: why wouldn’t they leave? Answer: many do. Drama is hurtful
no matter how you understand the whole story. Whether those who stay are more
confident, or less reliable in their ethical stand is debatable.

If you care more for technical problems, I’m happy to explain why
facebook.com/ads/preferences is the best implementation at the moment of user-
control over dark data brokers. It’s insufficient, but helping people identify
threats and we can implement reporting from there that no other company will
let you have, not without the transparency of Facebook.

~~~
IanSanders
This post might as well have been written by a third party to discredit
facebook.

To summarize:

1) "As long as there's someone worse we don't have to worry"

2) "working for Facebook feels like you are dealing with making profit,
pleasing management, pleasing partners, progressing your career and going home
early at the same time — and the public only seems to care about privacy
violations."

~~~
bertil
Not sure I wrote about any of those points and confused why you would think
raising a strawman is a good argument.

I’m also not saying that large or influential companies should not be held to
higher standards; they absolutely should, and they _are_ where I come from.
I’m simply saying that, if you consider problems where Facebook made a bad
decision (a minority of the scandals) those issues trickle down to two
systemic problems: clear, non-contradictory internal guidelines and
prioritisation. Facebook employees are trained to recognise both. When they
consider other options, they would often see companies where both are
significantly worse. Other companies have simply not been through a decade of
excruciating oversight by the international press. Those who have are not
managed by someone who is nearly as willing to admit his fault as Mark.

I doesn’t mean that those companies are not better options for ex-Facebooker:
they often are; or that they would not make the world a better place by
joining those, and advocating for higher standards: they often would. Those
companies typically should be held to a lesser standard because they have less
of an overall impact. But, as an employee, if you want to prevent problems
like those that you regret being a witness to at Facebook, leaving is hard
because you can easily see the rest of the world as worst more often than not.
If you come with your expectation, gained from working at Facebook, that any
minor issue will be twisted into a scandal, most other companies feel very
wrong.

You can see that by looking at how many people are above ex-Facebookers at the
companies that they join: it’s unusually few. That’s because they rarely trust
too many layers to make the right call.

------
kpcyrd
I've designed an OSINT system with this specific feature in mind (it's on
github since a few months). Basically being able to go from
phonenumber->accounts is very powerful and works even more efficiently to
identify a person than an email address or even a real name.

The abuse potential of this is far greater than some people assume.

~~~
dpacmittal
Can you post the link to your project?

~~~
plopz
My guess is
[https://github.com/kpcyrd/sn0int](https://github.com/kpcyrd/sn0int)

------
Lewton
I refused the 2FA nag on Facebook because I didn’t want them to have my phone
number

Then after a while the nag started popping up with my phone number already
filled out.

Really fucking creepy and not okay.

~~~
skybrian
For what it's worth, I just deleted my phone number and added Google
Authenticator, and it seemed to work fine.

~~~
Lewton
Just to be clear. My phone number is not tied to my account, Facebook got my
phone number elsewhere and suggested that I tie it to my account

~~~
kevin_b_er
Facebook got it from your own friends or associates. Such information
gathering forms the "shadow profile" on Facebook.

------
jamisteven
Been warning people about this for years. Every major social media company has
been pushing this shit as "security", when in reality its whats known in
intelligence circles as "linkability". The more points of verification, the
better a profile can be built to associate an actual identity with an email
address, screen name, username, alias, etc. Snowden warned everyone about
this, nobody listened.

~~~
annadane
How many other social media companies? Curious.

~~~
kpcyrd
twitter also aggressively collects your phonenumber.

Telegram is so aggressively anti privacy that I tried around 5 numbers I own
and only 2 of them worked.

------
wtmt
Ok, so Facebook has yet another appalling practice that's been known for quite
sometime (see the Telegraph article linked in this one). The percentage of
users boycotting the company and its products don't seem to materially matter.
Facebook is making more money now than before. Facebook will not behave well
on its own. Regulation and really hefty fines running into a low double digit
percentage of revenue (not profits) are the answers!

~~~
ru999gol
hahaha thank you, the thought of republicans or democrats effectively
regulating a predatory corporation for malicious business practices made me
laugh out loud :D

~~~
WrtCdEvrydy
I mean, Democrats have tried it in the past.

------
dgellow
Isn’t it the same for Twitter? I tried recently to create a second account,
it’s now impossible to do so without specifying a phone number during signup.
And the mobile application was trying to access my contact list, which seems
to be used to suggest people to follow by looking for their phone number (see
[https://help.twitter.com/en/using-twitter/upload-your-
contac...](https://help.twitter.com/en/using-twitter/upload-your-contacts-to-
search-for-friends)).

~~~
Vinnl
I think there's a "Sign up with email" link on Twitter.

Though of course, every time I created a new account there it was quickly
blocked, only allowing me to unblock it by providing a phone number. That
might have to do with a number of privacy-enhancing browser extensions I've
got installed.

That said, thanks to GDPR, I'm relatively confident that they've actually
deleted my phone number when I asked them to after verification.

~~~
dgellow
Where do you find this “signup with email”? I don’t see it, but I may be
looking at the incorrect place

------
iliketosleep
_Using security to further weaken privacy_ (quote from Zeynep Tufekci in the
article) aptly sums up the method countless companies have been using to
violate user privacy. It's essentially a form of fraud - obtaining private
information on a false premise. It'll be a good test for GDRP - let's see if
there's actually some accountability.

------
sn_master
This seems just as bad as the bug they had before, where if you entered your
email but not password correctly it would show up your real name.

The potential for abuse by spammers is too high. They not only would know who
they're calling, but also all the public info on their Facebook profile and
whatever else they can stitch it with.

------
Taniwha
A slightly off-topic question - how the hell do you contact Facebook if you
don't have a Facebook account?

Someone has registered a Facebook account using my email address (apparently
they do no verification at all) and I can't stop the spam ....

~~~
pfarnsworth
Request an new password, and then change the password on the Facebook account.
I've done that myself.

~~~
Taniwha
well - I did that .... and changed the email address to a dummy account ....
and still they send me almost weekly spam to the old address - "Why aren't you
using FaceBook? here's a single link you can use to log on without a password"
... these bozos have no concept of security

~~~
geomark
Sounds like what has been happening to me. Except when I try to login to nuke
the thing I get some error message about a database error and can't login. So
the Facebook spam about new friend suggestions etc keeps coming. But since I
have always marked it as spam it usually goes straight to the spam box.

~~~
pfarnsworth
If they won't stop spamming you, you can sue them under the CAN-SPAM act.

------
sanxiyn
Just delete the phone number. You can use two factor authentication with OTP,
SMS part is unnecessary.

~~~
cmurf
The last time I tried to do this, about a year, it required a phone number to
enable 2FA in the first place, and then it was possible to use OTP (with e.g.
Google Authenticator). But once I got sucked into doing that, I couldn't
delete the phone number to do only OTP without it also disabling 2FA.

~~~
hkjayakumar
It still gives the same warning if you remove the phone number while TOTP is
enabled. But I was able to remove and then set up TOTP based 2FA without a
phone number.

I should add that removing the phone number didn't actually delete the number
from my profile (who could have known?). You have to go into the Mobile tab
and remove the phone number again.

All this despite me reluctantly adding my phone number just for 2FA. Dark
patterns throughout the website.

------
rootusrootus
I don't recall giving them my cell phone number, though I do remember being
nagged about it incessantly. Just went and looked and sure enough, they've got
it. So I deleted it. The account, I mean, not the phone number. I haven't been
active on FB in a while and it's no loss to me.

------
cmsonger
Facebook doing something ethically questionable again. Must be a day ending in
"Y".

------
CamelCaseName
I'm a bit confused at the alarmist title.

I just checked my FB settings, and the article is correct, the best you can
restrict your phone number is to just friends.

Why then are the top comments about the inescapablility of employers looking
you up by phone number?

Unless you have your employer as a friend on Facebook, just change the setting
to friends only.

My understanding is that on this setting, Facebook only allows someone to find
your Facebook profile if they:

1\. are your friend on FB and

2\. have your phone number.

That seems quite reasonable to me.

~~~
SmellyGeekBoy
This setting restricts the visibility on your profile page. The article claims
that someone who already knows the number can type it into the search box and
your profile will pop up.

(No idea whether this is true either way and I'm no longer on Facebook to be
able to check; just trying to clarify).

------
snarfy
Glad I never gave them my number.

~~~
6nf
Don't worry someone in your circle of friends already handed it over.

~~~
pfarnsworth
Exactly. It takes just one person who knows your phone number to upload their
entire contact list and it's saved. The likelihood that Facebook doesn't have
your phone number and name is 0% unless you don't have a phone number.

~~~
swish_bob
It's worse than that. If you gave them your phone number, you can ask to see
it and have them to erase it. If one of your contacts gave them your number,
it's _their_ data, you cannot get Facebook to confirm they have it and you
can't ask them to remove it ...

------
logfromblammo
I have been considering this off and on over many years, and I'm starting to
think that others in this community may have done so as well: I want to ditch
all my phone numbers, and replace them with addresses and identifiers that I
can control myself.

It seems as though if a group of people all had the same app installed on our
phones--like Signal, or something similar--we could bypass the phone number
system, and set up our own audio-chat sessions over the data connection. If
anyone else wanted to talk, they would also need to have the same app, or use
its API, and add my contact information. That would add quite a bit of
friction to person-to-person communication, but I kind of want that now, as it
would also add equal friction to robot-to-person communications. But it isn't
exactly easy to get a mobile data network connection _without_ also buying in
to the phone network addressing system.

Everywhere I look, in the realm of security breaches and vulnerabilities, a
large number of exploits use the public switched telephone network, or its
addresses, to compromise the security of the people forced to use them by
network effects. Many of the others exploit email addresses on the large
providers--apple.com, gmail.com, yahoo.com, hotmail.com--which are popular due
to ease of use, and the difficulty involved in getting mail delivered from a
private domain to someone using addresses from those providers.

I get the impression that if I set up a phone to ring on a SIP request to
'myhomephone@mydomain.example.com' instead of something like
'2125551212@voipprovider.example.com', it would never get robo-dialed calls.
But it would also never get calls from people I might want to speak with,
because their phones can only call phone numbers. What's the way out of this
trap? How do we stop jackasses from jumping into the middle of any private
communications we might wish to have, in a way that is also easy enough to use
that nontechnical relative can use a prepackaged setup for it?

------
maehwasu
Out of all possible choices, you can be sure FB will choose the worst one.

I was a user since 2004, deleted last year, and never looked back.

------
wisienkas
This is going to be interesting in EU where this is not allowed in such way. I
believe fines are given as percentage of overall turnover. meaning expensive
no matter the size of the company.

------
Tsubasachan
Okay so we finally killed off the telephone book and now Facebook reintroduces
it? And you can't even opt out?

My policy of never giving out my phone number to an American company proves
wise once more.

~~~
r3bl
> Facebook spokesperson Jay Nancarrow told TechCrunch that the settings “are
> not new,” adding that, “the setting applies to any phone numbers you added
> to your profile and isn’t specific to any feature.”

They're not joking when they say this isn't new.

I remember a situation while I was still in high school (2011-2012 maybe?) in
which someone tried to prank me by sending me SMS from a number I didn't have.
I figured out exactly who it was using a simple Facebook search. The best you
could do even then was to set it to friends-only, and the prankster didn't do
that.

------
poppy_h
In 2013 (or 2014?) facebook had my cleaning lady's husband in my friend
suggestions. I had never met the guy IRL, no friends in common, and had only
spoken to him over text (from what I remember there was something about her
not speaking English well so I'd coordinate with him instead). I remember
being surprised at the time, but thinking, ok, so they are using phone numbers
to link people. All that to say, doesn't sound like a new thing to me.

------
ListeningPie
The article says you set the lookup to only work for friends. That means that
no one that is not a friend can find you based on a phone number. Can someone
explain why everyone is getting worked up?

All the comments refer to being findable to strangers and stalkers by phone
number but that’s not the case.

------
jplayer01
They own WhatsApp, which is integral to having a social life in Germany. So
they already have my phone number.

~~~
assblaster
You don't need WhatsApp to have a social life anywhere, even in Germany.

There's something seriously wrong with society if an app owned by a malicious
tech company is considered fundamental to the human experience.

~~~
jplayer01
Tell that to everybody I know who uses WhatsApp to communicate and coordinate.

------
thisisit
This article which is based on tweets by Jeremy Burge was posted earlier on
HN:

[https://news.ycombinator.com/item?id=19291987](https://news.ycombinator.com/item?id=19291987)

Surprisingly, it didn't generate discussion or upvotes like this particular
submission.

------
daveheq
I added a fake number because they wouldn't stop asking me for it, and now it
just occasionally asks for it. There's no reason they need it, and I don't
even put my real name on there. If you wanna not hire me because of that, your
loss.

------
GuillaumeBrdet
Facebook disappointment of 2019: #24

What will it be tomorrow? We should also make a list so someone can actually
see the number of things they do within a year alone.

------
Stubb
Who in their right mind would give Facebook their phone number in the first
place? Seriously…did people not expect Facebook to sell it to anyone with two
pennies to rub together?

~~~
pier25
I seriously doubt the vast majority of Facebook users would think about that.

~~~
Stubb
The corporate motto for my next business is going to be: "People are not that
bright."

~~~
pier25
While I tend to agree... it's also fair to say most people won't care about
stuff outside their area of interest.

For example I know nothing and don't care about car stuff. I just leave the
car at the mechanic, pay, and have to trust they did a good job.

------
webninja
I wish there was a way to prevent Facebook from continually uploading every
photo I have ever taken on my iPhone to Facebook’s servers.

------
Quiark
How do we coordinate outrage at facebook for this and many terrible things
they've done?

~~~
efiecho
Why coordinate outrage? So they will "learn" and do better in the future,
HAHAHA.

Seriously, just delete your account, no one needs Facebook even those that
make up ridiculous excuses for why the can't leave Facebook.

~~~
logfromblammo
I don't trust them enough to just delete the account and leave it. I go on
once every six months to delete everything I can reach with my name attached
to it, that is older than six months, and leave a single "I'm still alive, but
don't try contacting me via Facebook, as it will have up to six months
latency" post.

For a while, it was extra-creepy whenever I did a semiannual log in, because
pop-ups would appear, and in a very distinctive "Audrey II" voice, scream "
_FEED ME [your data], SEYMOUR!_ " But the last time I tried it, I didn't see
that. Can't tell whether they gave up, or already got the data from other
people and just don't need me any more.

Delete your history, starting from the oldest thing you can see. Un-like
everything you liked. Un-tag everything you are tagged in. Remove your photos.
Replace profile pic with a public domain image. When you finally get to zero,
log out and delete all cookies and block all bugs and trackers. Then start
increasing the time between log-ins. When you get the nag e-mails to come
back, go on just long enough to turn off nag e-mails. Wean yourself off until
you don't care about being on Facebook any more.

Then you can use Facebook on infrequent occasions, to tell all your still-
trapped friends about all the other ways to contact you that have lower
latency, better signal-to-noise ratio, and more privacy. If you just delete,
that leaves a you-shaped hole in Facebook that the company could fill with a
placeholder. Your character might become an NPC that the game-master could
control to manipulate the other players.

------
dannykwells
I literally just had someone comment on a different post "There's nothing else
shady happening at Facebook, we know it all now" \- LOL.

Facebook, and Facebook uniquely (although Google too), must be regulated by
world governments, and citizens must be protected from it through GDPR like
rules.

------
virgakwolfw
That's why I don't put it in there.

~~~
Freak_NL
Don't worry, your friends will help Facebook fill in the blanks with their
smartphone address books. There is bound to be some Facebook-connected app
(WhatsApp perhaps?) they use that does link your Facebook identifier with your
phone number.

------
JustSomeNobody
Good thing I never gave them a phone number.

------
snek
does facebook support otp 2fa, or just sms

~~~
sanxiyn
Facebook supports OTP 2FA. Use it.

~~~
jfaat
Does it still require you to have the Facebook app installed, or can you use a
3rd party tool like Authy now?

~~~
OkGoDoIt
Any Authy or Google Authenticator -like app works. I personally use Authy.

------
bwann
Your friends already know what your phone number is

------
conmarap
Isn't this a violation of gdpr? And if it is, how have they not been sued yet?

------
superkuh
There is an easy way to opt-out. Stop using Facebook.

~~~
6nf
Do you know how I can tell that you didn't read the article?

~~~
hopler
Deleting one's account does appear to be a mitigation

~~~
superkuh
These constant articles are like watching someone stick their hand on a hot
stove and complain over and over that it hurts. But try suggesting they take
their hand off the burner and nope, freak outs and/or insults.

It really is an option. It really is the best option. It isn't flippant or
sarcasm.

~~~
tomhoward
It may not be a great loss to you, but for many people, deleting Facebook
would come at a great cost.

Facebook has done a sufficiently good job of intertwining itself into people's
lives, so that to abandon it would mean losing touch with family and friends,
missing out on invitations to events, excluding one's self from valued
discussion groups and more.

What people resent is that Facebook seems to hold people to ransom like this,
now they've made people so reliant on it.

So, sure, people can just leave, fine. But don't diminish the fact that for
many people, quitting Facebook would have serious drawbacks.

~~~
superkuh
I'm aware how dependent many people are. I imagine that's why suggesting they
take responsibility for themselves triggers such emotional responses. I recall
one academic study showed people would have to be paid ~$1000 before they'd
consider stopping for just a year. But that only makes it all the more
important.

If people don't like the way things are then they have to be the change.
Facebook is not going to change as it's business model is based on selling
it's users. In the absense of taking responsibility for themselves or Facebook
chosing to change many default to arguements for government regulation.
Bringing in the use of force like this creates problems significantly worse
than the privacy issues of the original _voluntary_ Facebook use.

~~~
tomhoward
I mean, yep, that's all valid and I'm with you on personal responsibility.

But you just don't stimulate constructive discussions by asserting that the
only rational path is the quitting, whilst not factoring in the costs.

This is not a simple case of "watching someone stick their hand on a hot stove
and complain over and over that it hurts", because the alternative action you
advocate just causes pain of a different kind.

Most of what you're saying is valid, except for the fact that it's simple and
obvious to fix.

If it were that simple, we wouldn't need to have this discussion at all.

