At the time I was creating this lecture (in October 2018), disturbing news broke that Facebook had sold phone numbers to advertisers. Facebook selling their user's data to advertisers is nothing new, of course. What makes this cringeworthy is the fact that they obtained the phone numbers by encouraging people to enable SMS-based two-factor authentication on their accounts.

Facebook made it seem that users would increase their account safety by enabling two-factor authentication, which is in and of itself a good thing, but at the same time put their users at risk by selling that data.

Two-factor authentication using SMS to receive codes is inherently unsafer than other methods due to the fact that phone numbers can be hijacked. But Facebook is really taking the mickey by claiming to have their users' best interest at heart, then selling on the information that was provided for security purposes.

Here's my advise: when possible, do not use your SMS for two-factor authentication, especially in the case of Facebook.

Since you're enrolled in this course, you probably take your online safety seriously, so at the very least you should think about what all this means for you, and how you want to deal with this. We tend to think of Social Media as free services for us, but unfortunately that's not really the case.

Just keep this in mind: you are not Facebook's customer, advertisers are!

Source: https://www.eff.org/deeplinks/2018/09/you-gave-facebook-your-number-security-they-used-it-ads