What is 2FA?

2FA stands for two-factor authentication. It is a very common process among various websites and software systems. The purpose of this process is to check if the right user is logging in. The two factors here typically refers to either the phone number or email address of the user and the respective password. This is the preliminary stage for a user to log into his account. Facebook has adopted this method since its inception in 2004.

The Road to Confession

Facebook has kept the information away from the public eye for quite some time. However, a fresh report published by Gizmodo had exposed this secret. On Wednesday this week, they came forth with the report on their website discussing the details.

The report is based on an experiment conducted by Kashmir Hill. A theory of his computer science professor Alan Mislove inspired him to carry it out. After running some tests, they saw the difference within hours. Thus, the hidden algorithm of a “custom audience” got decoded.

TechCrunch then asked the Facebook officials upfront about this disclosure. The corresponding spokesperson sent them a statement admitting the use of 2FA phone number for customized ad targeting.

This incident paired with other privacy invasion incidents (the Cambridge Analytica scandal concerning the 2016 election, the spamming codes sent to the 2FA phone numbers a few months ago and the latest cyberattack on 50 million user accounts) has painted quite the target on Facebook. Considering all these incidents happened in a matter of months, it is exceptionally concerning and has raised many eyebrows.

The Danish programmer and creator of Ruby on Rails, David Heinemeier Hansson has even gone so far calling Facebook a “criminal enterprise” in light of these events. Facebook, on the other hand, is planning to use similar means for targeting ads at WhatsApp users. So the Facebook users may not see an improvement in their privacy standards anytime soon.

How Does 2FA Affect Ad Targeting?

Companies like Facebook ask users for their phone number during 2FA in order to strengthen the security system. Or so they claimed.
In reality, however, they are running these numbers through highly efficient data miners to extract more useful information about the users. As a result, their information pool has a lot more data than the ones you agreed to provide them. There is a hidden layer of details embedded in the system which other platforms use to show you targeted ads.

Although Mark Zuckerberg denied the existence of shadow profiles six months ago, Facebook actually prepares and maintains data profiles on the non-users. They obtain the required information about them from the users and other connected sources to do so. All these shady incidents have painted a big question mark on the transparency of this billion dollar company.

A Facebook spokesperson commented that the only way to stay out of this 2FA phone number ad targeting is to not use that phone number. This poor advice has shrunk the trust boundaries even more for all Facebook users. An interesting response has been recorded from a Taiwanese hacker who is now determined to delete Zuckerberg’s Facebook page by Sunday.