Facebook uses info you never provided to target you with ads

Facebook today confirmed that it was using private phone numbers to target Facebook users with advertisements. Not just any phone number, but the 2FA (2-factor authorization) phone number you give the company in confidence to further strengthen your Facebook login process. In attempting to keep yourself more securely private, you've just opened yourself up to less privacy.

The concern here isn't that Facebook is targeting people with advertisements. Facebook is allowed to use information people are willing to give up freely. But much like the steps-too-far Facebook's taken in the past to ramp-up ad-targeting, they've once again taken a step-too-far. This revelation comes after an equally-heinous revelation earlier this week: that Facebook was using information it hadn't been given expressly by users to target users with ads.

In a way, these two items of interest are the same. Facebook shouldn't be using phone numbers to target anyone with advertisements in the first place – they're not a telemarketing company, and there's no reason why they should have personal information in their archives that wasn't given to them expressly by the people to which said information belongs.

The story begins at Gizmodo, where a security research team provided proof that Facebook targets advertisements at people using information those users never provided Facebook. The test went like so:

1. Party 1 was given a phone number by Party 2.

2. Party 2 used said phone number to target an ad on Facebook.

3. Party 1 saw said ad on Facebook almost immediately.

Party 1 never gave the phone number to Facebook. The phone number was a landline phone, and should not have been in Facebook's databanks in any way whatsoever. Said phone number certainly shouldn't have been attached to a specific Facebook user, in any case. If Party 1 wanted to contact Facebook about this situation, it'd go like this:

4. Party 1 wants to remove their phone number from Facebook's records.

5. Facebook does not have this option available to Party 1.

6. Facebook's privacy policy is such that this Party 1 information is protected from Party 1 access because it was not given to Facebook by Party 1. It is Facebook's view that because they accessed this information legally, access to this personal information should not be in the hands of any user, even the user to whom the information pertains.

Facebook actually speaks about this situation in their "About Ads" page over at Ad Preferences. There they give some control over "your activity across Facebook companies and products" as well as "your activity on other websites and apps."

Facebook also mentions "Your activity with other businesses." They suggest that "When you share information like your phone number or email address with a business, they might add it to a customer list that can be matched to your Facebook profile. We can then try to match the ad to the most relevant audience."

If you've ever given your phone number or email address to any company willing to submit that information to a "customer list," Facebook could potentially have it. They buy customer lists all the time, and they want as complete a dossier on you as they can get. The more complete your information is, the better they can target advertisements and commence with the emptying of your wallet.

Facebook left a statement with TechCrunch about the situation in a roundabout way this morning: "We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you've uploaded at any time."

This includes phone numbers or any other information given to Facebook for secure login – or any other purpose, really. Facebook uses everything to target users with advertisements. Every single little bit of information the've got.

The only way to avoid Facebook's ad targeting – even with information you never provided Facebook directly – is to avoid Facebook altogether. It doesn't matter if you gave your info to Facebook, they've got it. The only way to avoid their you-targeted advertisements is to avoid the social network completely.

Of course Facebook isn't the only company that takes part in this sort of advertisement targeting. I'd like to invite any ad network to reach out to us to guarantee they don't participate in the purchase of or proliferation of private information about consumers in order to provide "a more personalized experience" with targeted ads. This madness does not begin and end with Facebook, of that you can be sure.