THE SOCIAL NETWORK Facebook has been accused of spamming users of its two-factor authentication (2FA) service.
Facebook implemented 2FA a few months ago, but it appears that the firm isn’t just using the tool to offer users a more secure way to log into their account.
According to US software engineer Gabriel Lewis, Facebook is using his phone number, which he used to sign up to 2FA, to notify him about friends’ posts on the social network.
“So I signed up for two-factor authentication on Facebook and they used it as an opportunity to spam me notifications. Then they posted my replies on my wall,” he wrote on Twitter.
Oh, and that isn’t the worst bit, as the real problems begin if you decide to relpy to the message. Should you reply with something along the lines of “do not text me”, or “f*ck off, facebook”, this will automatically be posted to your Facebook profile.
And, ironically, this does not opt you out from receiving future SMS notifications from the company.
“To everyone telling me to opt out of mobile notifications, I never opted in,” Lewis added.
Writing on Twitter, technology critic Zeynep Tufekci slammed Facebook’s behaviour: “This is horrible. You give Facebook your phone number for login authentication.
“Instead, it abuses it to SMS spam to drive up engagement, and when you reply to spam, is posts it on your wall”.
Millions of users, particularly in the US, have abandoned the website as a result of privacy, spam and security problems – although its decline in mature markets has been masked by continuing growth in developing markets.
One user said: “I stopped using Facebook months ago for a wide variety of reasons. I’ll never go back”.
In response to questioning from The Verge, Facebook burbled: “We give people control over their notifications, including those that relate to security features like two-factor authentication.
“We’re looking into this situation to see if there’s more we can do to help people manage their communications.
“Also, people who sign up for two-factor authentication using a U2F security key and code generator do not need to register a phone number with Facebook.” µ
Source : Inquirer