The Next Facebook Privacy Scandal: Sharing Phone Numbers, Addresses


You know the Request for Permission window (shown above) well. It pops up almost every time that you attempt to access a new application or feature from your Facebook page -- or from one of the millions of sites that now uses Facebook Platform. But something is different about it. Instead of just showing "Access my basic information," as it has for some time, it now includes "Access my contact information," a feature that, should you select "Allow" will pass your current address and mobile phone number to whichever application is trying to gain access to them.

On Friday night at exactly 9:00 p.m. Jeff Bowen posted a new entry on the Facebook Developer blog, a virtual space where the social network updates outside developers that use the services provided by Facebook Platform, that highlighted the new feature. It provided step-by-step instructions for developers to get your most coveted information. "We are now making a user's address and mobile phone number accessible as part of the User Graph object," Bowen wrote. "Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs."

Bowen -- and Facebook -- admitted that the information is sensitive. Within hours, regular Facebook users who would, presumably, stay away from a blog for developers under most circumstances, were attacking the blog post. "Before you even consider implementing this very intrusive feature, Facebook needs to stop the scammers from making rogue applications and scamming people," one user wrote. Another followed: "We, as users do NOT condone allowing third party application being allowed access ot our physical addresses nor telephone numbers [sic]."

As is to be expected, other users came to Facebook's defense. To be fair, some applications could use this information in positive ways: delivering purchased merchandise without having to ask repeatedly for an address, for example. But, with history as our guide, we know that opening up new options for sharing information will lead to a quick and ugly backlash against Facebook. Some, including Sophos' Graham Cluley, have already called for users to remove their phone numbers and home addresses from their profiles immediately. Allowing rogue developers access to home addresses, he wrote, is just opening up more possibilities for identity theft.

If you're seriously concerned about this and other changes to Facebook's privacy settings, there's only one way around them: Remove yourself from the network entirely. It's not a move I advocate as I believe the site does more good than harm and that you're only cutting yourself off from a large -- and growing -- part of our lives, but it is an option to consider.