Facebook U-turns on phone and address data sharing Published duration 18 January 2011

image caption Facebook wants users to connect with website developers as well as friends

Facebook appears to have U-turned on plans to allow external websites to see users' addresses and mobile phone numbers.

Security experts pointed out that such a system would be ripe for exploitation from rogue app developers.

It said it needed to find a more robust way to make sure users know what information they are handing over.

"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and are making changes to help ensure you only share this information when you intend to do so," the firm said.

The updates would be launched "in the next few weeks", it added and the feature will be suspended in the meanwhile.

Bad guys

Facebook's volte-face is likely to be a case of 'once bitten, twice shy'.

Last year, wide-ranging changes to privacy settings resulted in a loud chorus of disapproval from both users and privacy experts, including the Canadian privacy commissioner, Jenny Stoddart.

The firm was forced to radically simplify privacy settings. Ms Stoddart said at the time that the social network had "vastly improved" the sharing of personal information with third-party developers.

Facebook founder Mark Zuckerberg has made no secret of his desire to open up the relationship between the network's 500 million members and the wider internet.

Having access to mobile phone numbers and physical addresses could have real benefits for users, the firm said in its blog.

"You could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for the up-to-the-minute alerts on special deals directly to your mobile phone."

"You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies," he said.

Not required

Facebook has introduced a dashboard which allows users to decide what level of access to grant various apps they sign up for.

It also said that users would have to grant permission to any apps or sites that had wanted to access people's home address or phone number.

But many people still click 'accept' far too quickly, said Mr Cluley.

"Facebook does alert users to the fact that this information will be shared with others, warning prompts and other pop-ups are so frequent that they are often ignored," he said.