It seems as though Facebook is abusing the trust of security-conscious users of the social network in a bid to increase engagement. At least, that’s the claim being made by software engineer Gabriel Lewis, who has the proof to back it up.
As The Verge reports, Facebook allows you to setup two-factor authentication (2FA) on your account to add an extra layer of security. In order to do that, though, Facebook requires you supply a phone number.
So I signed up for 2 factor auth on Facebook and they used it as an opportunity to spam me notifications. Then they posted my replies on my wall. ???? pic.twitter.com/Fy44b07wNg
— Gabriel Lewis ?? (@Gabriel__Lewis) February 12, 2018
What Lewis discovered when he enabled 2FA was that Facebook assumed it was acceptable to then use his number to send SMS messages informing him when friends had posted on the social network. Even worse than that, though, attempting to respond to those text messages saw his responses appear on Facebook as posts.
Clearly, when you enable 2FA the focus is on security and you don’t expect to automatically have your phone number opened up as a new engagement channel for Facebook. There was no opt-in or even opt-out presented, it was simply triggered by enabling 2FA.
Is this a bug or a feature? If it’s a feature then Facebook could be facing another lawsuit with regards to violations of the Telephone Consumer Protection Act. I say another as one is already underway regarding the sending of unauthorized birthday reminder text messages.