Target: Facebook CEO Mark Zuckerberg
Goal: Fix security on Facebook so that user phone numbers will not be available to the public
Recently, mobile developer Brandon Copley created a database of 2.5 million Facebook users in order to find a thief who had stolen his laptop. However, he then realized that the database contained the phone numbers of those millions of users. Copley had accidentally found a security hole that allowed personal phone numbers to be visible to the public, unless the user specifically reset their security settings. When he tried to inform Facebook of this problem, his concerns were dismissed and his own Facebook account was closed.
Default Facebook settings make a user’s phone number visible to the public, so that a person can be found by their phone number. Many users do not know this setting exists, or how to change it, leaving their phone number to be found by anyone willing to look for it. When Copley showed the company that this meant millions of phone numbers are available to be found by anyone with a similar database to his, a spokesperson for Facebook reiterated that “the ability to search for a person by phone number is intentional behavior and not a bug in Facebook.” The company refuses to address this privacy concern, instead shifting the responsibility to Facebook users to change their default security settings.
While the security settings will keep a user’s phone number private from those who are not specifically searching for it, Copley’s database shows that phone numbers are available to strangers. Instead of addressing this concern, Facebook shifted the blame onto Copley for creating the database. His own Facebook account was banned, along with his wife’s and business partner’s, as they have used the same computer as he did to create the database. It is disturbing that Facebook has taken this harsh action against the person who pointed out the security flaw instead of taking steps to fix it. Copley is not the only person capable of creating such a database, and Facebook has made no effort to stop another from gaining access to millions of phone numbers. Tell Facebook that instead of blaming others for this security flaw, they must fix it.
Dear Mr. Zuckerberg,
Recently, mobile developer Brandon Copley created a database of Facebook users in order to find a thief who had stolen his laptop. He found that the database contained phone numbers of 2.5 million users. When he reported this security flaw to your company, he was told that it was intentional. Copley was then banned from Facebook for creating the database.
I ask you to fix this security flaw. While Copley’s database does not show what would be accessible to the everyday Facebook user, it is possible that another person will gain access to these phone numbers. Users have the ability to change their privacy settings, but many are unaware of the default settings or how to change them. The blame should not be shifted onto the users when there is a clear flaw with Facebook’s security. Fix this flaw and keep phone numbers private.
[Your Name Here]
Photo credit: Louis Volant via Flickr