Ever since the Cambridge Analytica scandal game to light, Facebook has been in the spotlight for its invasive data mining practices. The Cambridge Analytica scandal exposed how Facebook allowed a company to harvest profile information from millions of accounts via a fake “personality quiz” app and then use it for political purposes. This can be referred to as weaponising of data you share with Facebook.
The most recent example of this kind of invasive data mining has been unearthed by Gizmodo, which discovered that Facebook can be used to target people with ads via phone numbers they haven’t even shared with the social networking website. To prove this, Gizmodo tried to placed a targeted ad via Facebook’s “custom audiences” feature. Gizmodo used a landline number for researcher Alan Mislove’s office (with his consent) to place an ad targeting that number, and found that the researcher saw the ad within two weeks. Mislove had never shared that landline number with Facebook, so it’s very likely that Facebook obtained that from the address books of other users who shared their contact information and had the number listed as Mislove’s.
Remember seeing a Facebook prompt that asks you to upload your contacts to Facebook to stay connected? Well, congratulations, now it’s been demonstrated that this allows shady advertisers to target everyone in your contact list even if they have never shared that particular number or email address with Facebook. This may have been obvious to privacy conscious people already, but Gizmodo notes that Facebook has so far denied this practice altogether.