
Facebook will stop using 2FA to harvest phone numbers for friend suggestions - commoner
https://www.theverge.com/2019/12/19/21030068/facebook-friend-suggestions-2fa-security-phone-number-privacy-violation-ftc
======
mehrdadn
Can Facebook execs keep a straight face while making people believe they're
acting in good faith?

> For users who rely on their phone number to power Facebook’s 2FA login, the
> company isn’t going to fix the issue by default for those affected. Instead,
> users will have to remove their existing phone number and re-add them,
> Reuters reports.

Nothing says "I'm sorry, I made a mistake" like _continuing to exploit_
everyone who might not be paying attention.

~~~
denzil_correa
Remember, this move only came about after the FTC fine and is a result of a
follow up to the $5Bn settlement. I wonder if this is enough though.

Meanwhile,

> Before the latest change, Facebook conducted a review to ensure “the system
> updates supporting our privacy statements were done correctly,” said Protti,
> which “adds more layers of process and rigor to the vetting of our technical
> work to make sure our public statements match our operations.”

[https://www.reuters.com/article/us-facebook-privacy-
idUSKBN1...](https://www.reuters.com/article/us-facebook-privacy-
idUSKBN1YN26Q)

------
docuru
I guess there strategy has been, “if no-one says its bad, just do it” (since
no-one notice it)

------
haecceity
I thought phone numbers were not only for 2fa but required to sign up or they
flag your account for robot.

~~~
boring_twenties
Dunno about new signups but I've never added one and my account works fine. I
use TOTP for the 2FA.

------
craftinator
Oh thank god! How nice of them to stop doing that! Go Zuck, go!

