Hacker News new | past | comments | ask | show | jobs | submit login
Facebook has your complete phonebook (facebook.com)
97 points by ladino on Aug 6, 2011 | hide | past | favorite | 76 comments

There was a hubbub about this a while ago. How it works is, you have to install the Facebook app on your phone and then enable contact syncing. When you do that, you get a big confirmation screen that says this:

If you enable this feature, all contacts from your device (name, email address, phone number) will be sent to Facebook and be subject to Facebook's Privacy Policy, and your friends' profile photos and other info from Facebook will be added to your iPhone address book. Please make sure your friends are comfortable with any use you make of their information. [Cancel] [I Agree]

EDIT: However, IIRC they added or strengthened this warning after the initial controversy.

I would argue this is bad UX because it forces the user to all at once make such a big nebulous decision about what their friends are comfortable with.

Headline: "People outraged at feature they actively enabled".

Probably a better headline is something like "People moderately surprised at something that sorta makes sense after a reminder".

"actively enabled" doesn't necessarily mean "actively conscient of the full consequences"

This is more than bad UX: asking me to speak for the privacy preferences of all my Facebook friends in one go is ludicrous, and more-or-less asking to be lied to.

It's like 20-page T&Cs, only worse. We all know that approximately nobody actually reads the T&Cs. But we can be damn sure that absolutely nobody will actually go and ask all their device contacts whether they're happy to have their details uploaded to Facebook.

How is any of this Facebooks problem let alone responsibility to sort out for you?

Well, for one thing, keeping personal data on people without their consent is probably illegal under most European nations' law, no matter how many of their friends tell you it's OK.

This is my basic problem with Facebook's whole MO: it tries to solve the one problem no single data mining company can ever solve -- having enough resources to spy effectively on everyone -- by recruiting people's own friends to do much of the spying for it. There is something fundamentally shady about that, if you believe privacy and control of sensitive personal data have any value.

Like mentioned before...you have to opt in to typing your phone number on your Facebook page, and it is visible to the people you've shared your Info page with, it doesn't get there by itself. More crying about nothing to make Facebook look evil?

Like mentioned before, these numbers have been imported from my phone on behalf of other people. I can assure you that my wife doesn't have her phone number in her facebook profile, yet there it is in the list. Likewise, I doubt my accountant has her PAs number on her profile yet there it is along side her FB profile along with an "add friend" link.

Like mentioned before, I'd be surprised that just because I accepted the T&Cs in app that this would be permissible under EU laws if the other party hadn't consented to FB retaining their number.

There are hundreds of people in my phone which are not listed from the link in the post, I only see people on my friends list who have their Facebook phone numbers shared there currently, or did at one time when it was imported into my phone book. Sounds more likely at one time your wife had her phone number pushed to / listed on Facebook and it was synced to your phone before she removed it.

I acknowledge that. I remember that the facebook-app on my android phone asked me whether I wanted to sync my phones addressbook to FB or not. I've chosen not to, and thus there are no phone-numbers FROM MY PHONE shown on the linked facebook-page, only the numbers my friends have put in themselves (some aren't even in my phone...).

I'm pretty sure I said no when that happened, and I can't find a setting anywhere, yet that page definitely has numbers that weren't put on Facebook by the owner. I wonder if the HTC Facebook integration (I have a Droid Incredible, and I knew that there was phonebook integration in the other direction--friends show up in my phonebook if their number is on facebook even if I've never directly added them). It's possible that they either automatically did the sync or asked in a not very clear way when I first set up my phone and was dying to click through all the prompts so I could use it.

I don't own a smartphone and therefore have never installed the facebook app yet I can see my list of contacts with their mobile phone numbers. My guess is that this page just lists your contacts that are sharing their mobile phone numbers with you and it has nothing to do with using the mobile Facebook app.

It's both. If you have contacts on a phone that aren't your Facebook friends, they'll be merged.

It'd be better if the warning said "sent and stored". Reading the Privacy Policy didn't give me fair warning that this info would be retained in this specific instance.

Perhaps I'm a bit weird, but it doesn't entirely surprise or upset me. In fact, I just found a lot of people I'd lost touch with and didn't think to check for them on Facebook.

They should have asked, but whatever. Are you shocked? Iirc I synced my Address Book to Facebook anyhow.

My Address Book is on Apple's server, my TimeMachine drive, Google's servers, apparently Facebook, and any number of other online services. I don't really care. I'd much rather have the data backed up than risk losing it. And having it on Facebook has obvious utility.

Misleading title but scary nonetheless. It's not my complete phonebook... not even close. But it does have numbers of friends who aren't in my phone (which is useful and possibly OK considering they added me as friends).

Nevertheless i never explicitly opted into this which is bad.

It is just showing a list of friends that have put their phone numbers in their profile. For me, it's a list of about 20% of my friends. Certainly not contacts from my phone. I checked my phone and I had never turned on "Contact Sync."

I don't know what else someone could think "Contact Sync" does. But yes, if they ever turned that on automatically, for shame. I don't see any evidence that they did.

Yes, of course I knew - they had a big flashing warning sign that they were syncing your contacts to their cloud that you have to click through.

I actually like this a lot. If they then shared those phone numbers publicly I would complain...but why would I not want to sync my phonebook to Facebook (anymore than I'd not want to sync my phonebook to Google, which I certainly do as well?)

From what I saw, the Android doesn't seem to give any warning about my contacts going to them.

I opened this and discovered a lot of names and phone numbers I didn't recognize.

As it turns out, these contacts were all from my dad. I used his blackberry once last year to check my Facebook and I guess it loaded his contacts into my Facebook account. I don't remember authorizing it to do that (though it was likely in something I just clicked through). Still, this seems like an easy way to steal contact lists from people - "oh hey, can I check my Facebook real quick?"

Like I said, this was a year ago, so I'm sure things have changed (another commenter mentions "a hubbub about this a while ago"), but neither I nor my dad realized what had happened until now (he still doesn't know, I suspect).

You crossed a line on that one, facebook (again). It's getting really tiresome to keep updating my settings to keep you out of my life.

This sort of thing is what keeps people from doing anything substantial on facebook. Can you imagine "Facebook Docs", FMail, or anything of the sort? No. Because facebook would make it all public without telling anyone.

I really believe that in the very long run, this culture of invasion will limit facebook's potential.

I'm sure this was in the TOS somewhere, but really? It's just disrespectful.

What precisely are you upset about? I did not work on this feature, but I'm trying to understand your reaction.

Your friends entered their phone numbers. They are your friends. You can see those phone numbers if they choose to allow you to do so. You also (possibly) chose to import your address book of your friends and Facebook is showing them to you. The numbers are not public and everyone involved explicitly agreed to share the information. What part of that do you object to?

On further thought, it's possible I jumped the gun on this and that my phone contacts weren't actually taken without consent- my memory is imperfect.

That said, my opinion on facebook's attitude towards me and my privacy is unchanged. It's easy to get jumpy when a company disregards your privacy at every turn. Had this been on google (for example), I'm pretty sure I would not have jumped so quickly to what was probably an incorrect conclusion. But it was fb, who has repeatedly disregarded my wishes and abused my trust to the point where I literally treat everything I put on it as public.

There are phone numbers in that list of people who aren't on Facebook, and given Facebook's relationship with law enforcement, I'd rather they not have them. I understood the Facebook app to be syncing information with people who were already on Facebook, not my entire phone book.

That is absurd logic. Law enforcement has no problem getting information about the people you contact from your phone company.

We created Social Fortress[1] for this exact reason. Solve the root problem: Protect(AES256 Encrypt) and control your data transparently, prior to sending it anywhere, and you don't have to worry about this ever again.

[1] I'm involved with https://www.socialfortress.com

Really neat idea, I like it. From watching the demo it would seem that anyone who I want to share with would also have to have SocialFortress installed as well?

Thanks. To see protected messages and photos, yes. You are able to toggle protection on and off in real-time so you can easily choose to send simple, less detailed, messages in plain-text and more detailed encrypted.

I'm pretty sure this information is explicitly imported by the user in Adroid/iPhone/BlackBerry apps when he or she allows the apps to use profile pictures as contact photos.

I remember at some point when authorizing the installation of the FB BB App (well over a year ago) it mentioned something about needing access to contacts to work. I presumed this to mean for the local app not for them to suck them up into the cloud.

FB continues to lead the way when it comes to "it's in our TOS but don't go reading it because it won't match our marketing copy"

Same here on Android. The options were to add metadata like photos to contacts already in my phone, or to import my entire FB contact list into my phone (even if I didn't have them in my phone book). I chose the former.

At no point was it mentioned that they would be helping themselves to the rest of my contacts, to whom I have no connection to on Facebook.

Pissed off doesn't even begin to cover it.

I clicked through that same authorization step and it was very clear they were syncing your contacts to their service.

However, this is kind of irrelevant because 99% of users are not going to read this kind of a warning no matter WHAT it says and are just going to click through. They want their Facebook photos on their phone contacts dammit!

What I don't understand here is why everyone is so concerned at all about this. If you have an Android phone, Google has your phone book. If you have an iPhone, Apple does. If you back-up your computer to the cloud, they have it too. As long as none of them share it publicly, why do you care?

If Facebook was sharing your private phone numbers to the world or exposing who you had in your phonebook to people, I'd understand the outrage. But all they did was backup and sync your contacts which seems to me to be a service, not an offense.

Well I would like to have my phone number online on as few services as possible. In particular if I have no chance to change anything about it

reminds me of the south park episode that ripped from the human centipede

That episode was so poignant about people not reading TOS's it kind of hurt.


Wait, isn't that an awesome feature? How is it creepy? I like the idea that I'd appear in the "remember when?" section of Facebook, it's fun.

As for suggesting a name, isn't that just automating the tedious tagging work you do on Facebook? I really don't see what the privacy worry is there. They have the capability to do face detection whether they use it or not, and this seems like a really valid use for it.


Are you Facebook friends with your wife's younger sister's dumb drunk friends? If not, then they won't get suggestions on their photo uploads.

People do substantial stuff on facebook. Good evidence of several hundred people doing so:


The Barnum quotation comes to mind.

Actually, no I did not know that and I find it hard to believe because I don't have a Facebook account.

This has been around for a long time... it's the phone numbers that your friends on Facebook willingly submitted, they just make it easy for you to see whose phone number you already have access to through Facebook without having to go to someones profile.

The contacts listed on that page aren't even in my phonebook.

It seems like that page only lists the numbers from people who willingly shared their number if you canceled out of the import feature after installing the facebook app on your phone.

No - they also take phone numbers from your phone and upload them to Facebook (if you use a mobile Facebook app).

Not "if you use a mobile Facebook app", more like "If you said yes to some option that allows them to do this". I've had the Facebook app on all my phones the past few years (1 java, 5 android, 1 symbian), and yet I have no phone contacts here.

You're wrong, it's actually a copy of the contacts stored on your phone. On my account, the local pizza place and haircutters are listed, which definitively do not have facebook user profiles.

Only if you imported your contacts. That list was only my friends on Facebook who put their numbers on Facebook. Most of them are not in my address book.

Facebook hasn't my complete phonebook. Following your URL, I get a list of phone numbers of some friends, not my complete phonebook, i.e., phone numbers entered by my friends and not from my phonebook.

Where is this setting now?

Edit: Found it in Friends -> some arrow button on the top-right -> Sync contacts -> Enable. So you can go there if you want to enable/disable the feature.

When I installed the app, Facebook didn't even ask me if I wanted to enable it. I actually manually typed all of my contacts instead. I wish I knew about it before :(

When you delete your facebook, all you friends who were using this will no longer know your phone number.

I don't have a mobile phone so it only shows my Facebook friends who publish their numbers. Nothing to see here...

My phone number is the only public piece of information I have on Facebook. That's only because it's a Google voice number which is the best thing since sliced bread.

Facebook only has phone numbers posted by my friends themselves and my Windows Phone syncs my Facebook contacts. Bi-directional sync of your phone's contacts back to Facebook appears to be an iOS/Android only thing.

For the iPhone, if you want to check if you are sharing your contacts, open the Facebook app, go to Main Menu > Friends, click the icon on the upper right and then Sync Contacts.

I believe the syncing option is off by default

Every iPhone application can also access your entire phone book, too.

You can see specifically who has been imported and delete them here: http://www.facebook.com/invite_history.php

I have my number in Facebook, but my friends dont see it (I checked) so this happens only for people who actively published their phone number, or a 'friend' did it for them.

Wrong. I have used the facebook app on Nokia symbian phone, but I only see a short list of friends who have shared their number. Not even close to being a full address book.

That's rather helpful actually. I just wish it matched my Gmail contacts. (And since I synced both to my Droid, you would think they would match.)

Most annoying. It makes no attempts to delete multiple contact data. From all the syncing each non-facebook contact has 13 listings!

I don't think that's my complete phonebook

9 of 170 friends, not very complete.

Since when are submissions requiring me to register or sign in ok on HN? Flagged.

If you wanted to make some point by posting this link you should have written your thoughts down somewhere and linked to that instead.

it's only available if you have an iphone and use the facebook app (not sure about android)

No, any phone you install the Facebook App on. As Facebook has my phone contacts. I don't own an iPhone and only use a BB.

thanks for the update!

It's only available if you sinced your phonebook with Facebook, there's no automatic sync (yet).

I just turned this feature on because I didn't know the iPhone supported it. Thanks Facebook!

Glad I dumped their iOS app a while back...

That's great, now how do I export all that data into AddressBook on my Mac? If I need to call Joe, I'm not logging into Facebook to look up his number, unless I'm desperate. I'm looking in the AddressBook. So, if Facebook wants to be more hot than crazy on the crazy/hot graph, they should let me import this data to my address book!

I am happy I didn't even agree to the T&C of the facebook app forced by my phone manufacturer.

fuck iphone app! is it standard opt-in?

This comes from the "contact" section of your profile and is only shared if you type it there yourself.

No, this definitely has things that have been uploaded from my iPhone address book.

Agree - I saw this a few days ago. When they are "syncing" their app they are taking your phone numbers, not just using it to display photos on your phone for your contacts, which is what I thought I remember this started out as.

that's what i thought too, until i read this on that page:

"Facebook Phonebook displays contacts you have imported from your phone, as well as your Facebook friends.

If you would like to remove your mobile contacts from Facebook, you need to disable the feature on your mobile phone and visit this page."

Absolutely not true. They ganked it from my phone.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact