Facebook will stop using 2FA tool to power a friend suggestion feature
Facebook says it will soon stop its practice of using phone numbers provided to the company as part of its two-factor authentication (2FA) security tool to power a friend suggestion feature, Reuters reported on Thursday. According to the report, Facebook was using phone numbers users gave it specifically to protect their accounts from unauthorized access to try and encourage them to add members of their address book to their friends list.
The company says the change is part of its broader privacy overhaul in response to a $5 billion Federal Trade Commission settlement reached in July over Facebook’s privacy practices. As part of that settlement, Facebook was barred from using phone numbers gathered from 2FA requests for advertising. Today’s change is an extension of that. Although not explicitly demanded by the FTC, Facebook’s use of phone numbers has come under scrutiny by the company’s internal privacy review team, led by chief privacy officer Michel Protti.
Protti’s team conducted a review starting in August that deemed the phone number-powered friend suggestion tool could be a potential privacy violation similar to the advertising one, Reuters reports. Protti is also in charge of signing off on the quarterly privacy certifications mandated by the FTC settlement. The review was designed to make sure “the system updates supporting our privacy statements were done correctly,” Protti told Reuters. It also “adds more layers of process and rigor to the vetting of our technical work to make sure our public statements match our operations.”
For users who rely on their phone number to power Facebook’s 2FA login, the company isn’t going to fix the issue by default for those affected. Instead, users will have to remove their existing phone number and re-add them, Reuters reports. That’s a notable distinction from the decoupling of phone numbers from Facebook’s advertising process this past summer, which it did on the direct order of the FTC and also for both new and existing users.
The change related to friend suggestions is only going into effect this week for users in Ecuador, Ethiopia, Pakistan, Libya, and Cambodia. Facebook will expand to users around the globe next year. It’s not clear, however, why Facebook is not making the change automatic for all users by default and when exactly it plans to separate 2FA phone numbers from friend suggestions in 2020. Facebook was not immediately available for comment.