
Facebook iPhone app shares all your phone numbers - dreemteem
http://blogs.computerworlduk.com/microchick/2010/10/facebook-iphone-app-shares-all-your-phone-numbers/index.htm
======
Sam_Odio
There are a number of inaccuracies in this article that I'd like to correct:

> _The Facebook app also appears to share numbers for contacts that you don’t
> have, but your Facebook friends do._

This does not happen. After syncing, the Facebook Phonebook only displays
contact information you have access to. This includes: 1.Phone numbers your
friends have manually added to their profile. 2.Phone numbers already in your
address book.

> _Facebook does this without your knowledge or consent._

Also inaccurate. To enable the syncing feature you must:

1\. Open iPhone app. 2.Click "Friends" 3. Click Sync 4.Turn "On" (this page
could probably be more clear) 5."I Agree" to the notice explaining what
information will be transferred:

"If you enable this feature, all contacts from your device (name, email,
address, phone number) will be sent to Facebook and be subject to Facebook's
Privacy Policy, and your friends' profile photos and other info from Facebook
will be added to your iPhone address book. Please make sure your friends are
comfortable with any use you make of their information. [I Don't Agree] [I
Agree]"

> _the Facebook iPhone app seems to ignore Apple’s rules on user consent,
> specifically point 7.1 which states: “Apps cannot transmit data about a user
> obtaining the user’s prior permission and providing the user with access to
> information about how and where the data will be used.”_

Inaccurate. See above. That said, it's possible the app could be more clear. I
will create an internal ticket with new suggested language.

> _To be extra secure, I recommend removing yourself from Facebook Phonebook
> though this link, which appears to be down at the moment - possibly due to
> high demand._

Accurate. I pinged the engineer that is working on this. Turns out they took
the page down for some scheduled downtime. They're working hard to get it back
online in response to this article.

Disclaimer: I'm not directly involved in this feature at Facebook (but I am
somewhat familiar with it).

~~~
spinchange
>This includes: 1.Phone numbers your friends have manually added to their
profile. 2.Phone numbers already in your address book.

Why do I have numerous contacts on my facebook phonebook page for whom I don't
have a number in my phone, and they don't have their number listed anywhere on
their profiles? (I've checked and rechecked)

~~~
Sam_Odio
It's possible that you previously synced that number. Can you email me
directly with your Facebook profile ID or alias? I'd like to investigate:
samodio@company.com

EDIT (1 hour later): I haven't received your email and we haven't been able to
reproduce your bug. Can you email me (even if it's just user error) with a
more detailed description? I want to make sure we follow up on this.

~~~
spinchange
I can provide you with my facebook name, but I don't think you'll be able to
reproduce -or- see anything with that alone. (It's not really a 'bug')

I am simply seeing phone numbers of facebook friends (on my "facebook
phonebook" page) who 1) do not have any phone numbers listed in their FB
profiles, and 2) that I do not have phone numbers for in my own contact list
on my iPhone.

~~~
Sam_Odio
What you're describing is a bug that hasn't previously been reported to us.
Why are you hesitant to follow up via email so that we can investigate?

~~~
spinchange
I am not hesitant to follow-up via email. I sent one to the address you
supplied above and it hard-bounced. Beside, what will my facebook user name
provide you? You won't be able to see my account or phonebook page. Who is the
"us" you are referring to? The domain you provided is company.com? Are you a
facebook employee?

EDIT: I see from your HN profile you are affiliated with FB. Perhaps I am
misunderstanding where to send you my info? samodio@company.com is returning
an invalid address error.

EDIT 2: Sorry, Sam. I think I got my mail to you the second time around.
Apologies.

------
extension
Here's the consent screen you get when you click "Sync" in the app:

"If you enable this feature, all contacts from your device (name, email,
address, phone number) will be sent to Facebook and be subject to Facebook's
Privacy Policy, and your friends' profile photos and other info from Facebook
will be added to your iPhone address book. Please make sure your friends are
comfortable with any use you make of their information. [I Don't Agree] [I
Agree]"

Technically fair warning, but I personally feel this is too invasive no matter
what the user clicks through.

~~~
pavel_lishin
Why the "technically"? It's an absolutely fair warning, and tells you exactly
what it's doing.

Although I do agree with you, this information isn't something Facebook's app
should be harvesting in any event... although the functionality itself would
be tempting for a lot of people. Maybe they could only send hashes of your
contact data, and compare it with hashes on their servers?

~~~
gecko
I'm not even convinced of that. Use MobileMe? Your address book gets synced
with Apple. Have an Android phone? It gets synced with Google. Maybe Plaxo?
Same deal. This should be treated the same as those solutions, as near as I
can tell.

I should note that, unless I am missing something, the claim from the article
that anyone can view your Facebook phonebook seems incorrect to me. The only
way I can find to get there is to go to "Edit Friends." Even when I view the
profile as my fiancée, who has access to everything in my Facebook profile, I
can discern no way to get to that area.

This seems like a completely fabricated story designed to scare users, which
is annoying to me, because it's the boy who cried wolf: whenever a nothing
story like this about Facebook surfaces, it's that much harder to people's
attention when they do something legitimate.

~~~
extension
With MobileMe, you have explicitly signed up for a service who's primary
purpose is to share your data. Android is arguably the same situation, though
you don't have any alternative so I would actually throw them in the same
dungeon as Facebook.

Experience teaches us that the only consequences users understand are the ones
they desire. Everything else is ignored. So, if they download their Facebook
contacts to their phone and this also causes their phone contacts to be
uploaded to Facebook, you will end up with some angry users, dialog or no
dialog.

------
trustfundbaby
Discovered this many about a month or two ago, and have not been able to fix
it since.

To see if you're affected go to "Account" (top left hand corner), "Edit
Friends", and then "Phone book" ... (right hand menu)

I was shocked to find that it had taken every. single. number. off my iphone
and published them to that page.

I had to disable Facebook/iphone sync then try to delete the phone numbers by
clicking the link on the left that they recommend to you
[http://www.facebook.com/contact_importer/remove_uploads.php?...](http://www.facebook.com/contact_importer/remove_uploads.php?r=/phonebook),
but it has _never_ worked, despite me clicking on that link at least 30 times
over the last few months.

So yeah ... my entire iphone phonebook is on facebook right now, and yours may
be too.

~~~
kylec
Hm, in the top left-hand corner I have "Logout", not "Account". Is there
another way I can check?

------
tofumatt
There's something about the word "sync" that implies, y'know, a sync. I said
no to contact sync when I installed Facebook for iPhone and that was that --
no problem.

~~~
TheBranca18
It's a little more than that when this article is stating that there's a
severe privacy risk for people who don't even own an iPhone or have never
installed the Facebook application. Perhaps it's not a big deal for you to
have your phone number out there for public consumption, but it is for many
people including myself.

~~~
extension
Unfortunately, phone numbers have no pretense of being private. When you call
someone, they get your number. Etiquette alone determines what they can do
with it, and etiquette is lagging behind social technology.

~~~
Terretta
> they get your number

Not if it's blocked.

------
msluyter
To disable, go here:

[http://www.facebook.com/contact_importer/remove_uploads.php?...](http://www.facebook.com/contact_importer/remove_uploads.php?r=/phonebook)

(Currently appears to be down, however.)

~~~
spinchange
I've been checking all day and hearing from others that it's 'never' worked
for them either. (Prior to the story breaking)

------
rakkhi
I think this article is simply spreading FUD. It has a many inaccuracies that
have been highlighted and as far as I'm concerned is simply looking to get an
audience with sensationalist Facebook privacy bandwagon

Firstly the sync feature:

[+] offers enough notice and gets consent

[+] does not take your entire contacts including their phone numbers and put
this in your Facebook phonebook accessible to all - I use it and all I can see
in my Facebook phonebook is the friends who have shared their phone numbers
already

Secondly the real sensitivity of this data:

[+] I mean seriously it is a name, a phone number and maybe an email address.
How sensitive is this? If I have a name I can find a phone number through this
magic book called the white pages. You can find an email address in so many
places and if you can find somewhere where they work it is not hard to guess
firstname.lastname@company.com or 8 characters of surname + 1 of first name @
company.com

If someone receives unsolicited emails that is simple to deal with and
everyone does it every day. Phone calls similarly are not hard to report and
get blocked.

I use my google contacts as my phone's contacts with exchange ActiveSync and
linking to Facebook and Linked is great - it allows me to create email groups
very easily and always have to hand an email address or a phone number on my
phone or on a desktop endpoint. Syncing this data is just convenient and
people should not be put off by sensationalist articles such as these.

------
natrius
Where's the proof that this actually shares the phone numbers of people who
haven't put it on their Facebook profile? It sounds like a way to store your
numbers so they come back if you switch phones. Sharing phone numbers that
people haven't chosen to share is too stupid for me to believe.

~~~
spinchange
I know this is entirely anecdotal, but I have several 'net firends' listed on
my "facebook phonebook" page for whom I don't have a number in my phone and
they do not have any numbers posted on their profile.

------
monkeygrinder
Facebook responds to questions here:
[http://blogs.computerworlduk.com/microchick/2010/10/facebook...](http://blogs.computerworlduk.com/microchick/2010/10/facebook-
clears-up-iphone-app-contact-sync-hype/)

What else would you like to know about this app?

------
revjx
That's a bit scary. I'd still say that if you share any of your private
details with Facebook, you're an idiot. I'm pretty sure that when you Sync
your iphone contacts with Facebook, it does warn you that it'll harvest
them...

------
dinedal
Does anyone know if this effects Android users too?

~~~
seancron
I just confirmed that it does affect Android users as well.

I'm using the Facebook application on a Motorola Droid running Froyo, and all
of my numbers have been synced to Facebook.

Note: I selected the sync all friends option, since almost all my Facebook
friends are in my contacts anyway. I don't know if it would do this if you
only selected sync with existing contacts. I'd guess that it most likely
would, but I can't confirm it.

------
16s
The 2nd Great Satan strikes again.

