Facebook phonebook: Privacy confusion
How worried should Facebook users be that the social network is making it a little too easy for private phone numbers to be shared?
That's been a hot topic of debate in our office this week after the Guardian's piece suggesting that the iPhone Facebook app could result in numbers being uploaded from phones onto the site without users being aware.
The piece said all it would then take was for someone's Facebook account to be hacked and lots of private numbers would be laid bare. That did not strike me as particularly worrying, unless you think Facebook is less secure than other services - after all, the same would be true if your Gmail account were hacked.
But then my colleague Jonathan Fildes started examining his own Facebook phonebook - and found something mildly worrying. He told me:
"After reading the Guardian piece, I checked my own phonebook. Luckily, the paper explained how to find it, as it is not at all obvious from your profile that the feature even exists - but you can find your own at www.facebook.com/phonebook.
"Everything seemed to be in order. I hadn't synced contacts from my iPhone, so there were only around 20 numbers there, most drawn in from friends who had chosen to share their phone number with me."
Most, but not all?
"There was one oddity: a prominent tech blogger who I recognised, but who I was not friends with on Facebook and whose contact details I did not have in my phone.
"I checked his profile; sure enough, he chose to share his number with anyone. No privacy breach there, but how did the number appear in my phonebook?
"I spoke to Facebook; after a chat with the engineering team, a spokesperson suggested that I might have the blogger's contact details in my Gmail address book and that I might have decided to import my contacts from there.
"I checked. I had e-mailed this blogger and he was in my contact book. But I e-mailed him earlier this year for the first time; the only time I imported my contacts from Gmail was when I set up my Facebook account in 2007."
So how do you think his number was put in your address book?
"I told Facebook that this suggested one of two things: that Facebook periodically trawls my Gmail account for new contacts without my consent or that the phonebook makes recommendations based on my friends, four of whom are friends with the tech blogger.
"Facebook categorically denied my first theory and pointed me towards its friend finder, which states: 'We will not store your password after we import your friends' information. We may use the email addresses you upload through this importer to help you connect with friends, including using this information to generate suggestions for you and your contacts on Facebook.'
"Which left my second theory: the blogger's number was suggested by Facebook based on my connections. This seemed to be likely, Facebook said, and sent me a link to explain: 'When you import contacts into Facebook from your email, mobile, instant messaging service or other social network, we may use this information to create friend suggestions for you and your friends. We also display these contacts in your Facebook phonebook.'"
So, is that the explanation?
"Well, then I was sent another e-mail: 'Just to confirm that your second suggestion is not correct. Suggestions do not appear in the phonebook.'
"At this point I was getting more and more confused. Phonebook doesn't make suggestions, but someone who was friends with four of my friends appeared in my phonebook automatically. So, I asked, what was happening?
"The most likely explanation, Facebook said, was that 'one of your four mutual contacts has used the contact importer tool and uploaded contact details for both you and [the blogger], which creates that link'.
A "link". "So, he was suggested to me? 'No,' Facebook reiterated, 'we don't make suggestions. This was a link.'"
What's the difference between a "suggestion" and a "link"? I'm confused.
"Me too. In this case, there is nothing sinister - I am quite happy to have this particular blogger's number and it would appear from his profile that he is happy to share it with anyone. But this is just one example. We have been contacted by many more people confused by the people they see in their phonebook. One could see his wife's phone number, but it was attached to the profile of someone he didn't recognize.
"Facebook says that this could be because the algorithms and system used to match phone numbers may not be working accurately. Or that the person now attached to his wife's phone number may have uploaded the wrong number or a number without the correct country code. It says it is now reviewing the system.
"It could be a technical problem that is easily fixed. But I think what this episode really highlights is the ongoing confusion around knowing what you share and how you share it on Facebook."
I agree. Facebook keeps refining its privacy settings, and promising that it's offering users new ways of controlling their data. But which of us even knew that there was a phonebook option?
And are we any clearer about just how it works, and whether we can be sure that our data is not being passed around by people we may not even know?