Facebook is ending one of its most frustrating growth practices, promising to no longer use phone numbers provided by users for extra security to also suggest potential friends on the social network. The company admitted last year that it used numbers registered as part of two-factor authentication (2FA) to also power the “people you may know” feature that attempts to bolster users’ friends lists.
Two-factor authentication is one of the first suggested security steps experts recommend when it comes to preventing unauthorized access to an account. As well as a username and password, it means Facebook requires a special, time-sensitive code that is sent to a phone number. Without that code, the user cannot log in.
The downside was how Facebook was also using numbers registered for 2FA. What users didn’t realize was that Facebook had also been relying on them to help connect people on the social network. By comparing people’s numbers with other users’ contacts, it could help populate friends lists.
Now, that’s changing. Facebook confirmed to Reuters that it will no longer be using 2FA numbers for that, beginning in Ecuador, Ethiopia, Pakistan, Libya, and Cambodia this week. A global roll-out of the new policy will follow early in 2020.
It’s unclear at this stage why Facebook has taken a different approach, though it’s hard not to see it as a way for the social network to try to minimize the number of people who remove themselves from the “people you may know” tool. Facebook is required to provide quarterly privacy certifications to the US Federal Trade Commission (FTC), after agreeing a $5 billion settlement – still to be finalized – over claims it mishandled user privacy.
The “people you may know” feature uses a variety of data to populate a suggested friends list. As well as matching any contacts a user may have uploaded – typically as part of installing the Facebook app on their smartphone – it can use friends in common, people who are in the same Facebook group or who have been tagged in the same photo, or people from common networks such as schools or work. To delete contacts that have been uploaded to Facebook you have to go to the “Uploading and Managing Your Contacts” screen and then choose “Delete All”; “continuous contact uploading” on any device running the Facebook app must also be switched off, else they’ll simply be uploaded again the next time the app is run.