Should I put my phone number online?

Recently a controversy erupted over Facebook Phonebook, an app that shares users’ phone numbers without permission. Generally, Facebook can only share your number if you posted it and made it public via your privacy settings. However, by synching with your smartphone’s contacts, this app can share a phone number that has not been published.  (This link will show you exactly how to hide your number on Facebook, though it won’t prevent your friends from possibly sharing your number with Phonebook.)

All of this talk has led me to wonder:  should I put my phone number online?

I don’t know about you, but I am really paranoid when it comes to putting my details online. I don’t just worry about the ultra-sensitive information, like bank details and card numbers. I worry about my identity, my name, date of birth, my address and my phone number.

I’ve given the issue some thought to try to work out what it is that I am worried about and whether I am being a little too cautious. After all, I have found it useful to look up my friends’ phone numbers on social media sites when my phone has let me down, so why should I withhold the same information from them? I am quite security conscious, so I probably have less to worry about than the average internet user.

But what might the average internet user have to worry about?

Banking scams

By far the most common threat is that which gives a criminal direct access to your finances. Your bank details can be stolen in a number of ways. There is no point in making it even easier by broadcasting your account numbers, card numbers or passwords. Other information, like your address and number, might be useful if it comes paired with your bank details, but they are not usually needed for criminals to make a profit from your account.

Social sabotage

By social sabotage I mean anything that could ruin your reputation with your peers. You can socially sabotage yourself by allowing your boss to see a photo of you hosting a late night party in the office. Your (one time) friend can publish the picture without your consent. Both of these problems are common and they are a reason to be careful about who you invite into your social circles and of what you say and do.

A lesser problem is that your account is hacked and your reputation is ruined by an action supposedly performed by you. This is not as common. It is most likely to happen if you have immature friends, rebellious children or a jilted ex-partner and can be prevented by having a completely secret and impossible-to-guess password.

Identity theft

This is where you would have to worry about putting your address and phone number online. It is not very likely to happen though. It is most likely to happen as part of a banking scam and for that, as already mentioned, your phone number and address tend to be of secondary importance compared to your card numbers and account details.

The other thing you should know is that if anyone wants to find your address and phone number online, the chances are that they already can. It doesn’t matter if you did not publish them anywhere yourself. Phone directories are online and have been for some time. I found three services in Finland alone that claimed to be able to give me the personal details of people I know if I logged in to their services. For the USA, there are sites like Spokeo.

These sites do not only give out your phone number and address, regardless of whether you know their existence, but they often collate other data. They will tell other people what you have posted in Yahoo! Groups (the titles of these posts are visible even if the group is private). They will gather your date of birth, gender, relationship status. Some may even gather photos of you. Your house. Your children. Whatever seems to be related to you online.

All this information is out there already. These sites just make it easier to find. Most of the time no-one is going to use those sites and there is no need to worry. If you are paranoid then you can search for yourself and hunt down all the places your information is being leaked from. Usually the only reason to be this paranoid about your data is if you know that someone is out to get you! By this I mean that you are involved in a legal matter or that your livelihood relies on your reputation.

Data loss

There’s a very small chance that this problem will occur to you as an act of sabotage. You’ll suffer the loss of information from your online accounts, finding it deleted one day. This is most likely to happen because someone who is very close to you is angry with you. If this is happened to you, though, it is the second thing you should consider.

Before you rush to accuse someone of tampering with your accounts be aware that it is far more likely that an error with the software or website you use has caused your data to vanish. Always check with customer services first or search the internet to see if anyone else has the same problem at the same time.


Do you hold a crucial place in a business? Are you a government official? Are you a rebel to a strict governmental regime? Perhaps you’re a celebrity? Have a stalker? Messy divorce? No? Then you probably won’t ever have to worry about this.

If you ever intend to answer ‘yes’ to the above questions then it is a good idea to become more security savvy. Reading this blog is a good start, well done.

If you can answer ‘yes’ already, then you might be one of the few who are justified in being really paranoid and withholding most or all personal details from the online world. At the very least, seek advice relative to your position.

If you’ve skipped to the end looking for a summary, then the answer to whether you should put your phone number (or address) online is:

It depends.

It is probably online already, but that does not mean that many people will know where to look for it.

  • If you are going to broadcast it in many public places, think very carefully about who that public is. There’s no need to give all of your jilted lovers your new number, or to invite calls from the Rick Astley Fan Club that you left all those joking insults with. If that’s the kind of thing you get up to, keep your personal details to yourself.
  • If you are going to put your phone number and address into a web form, think carefully about the legitimacy of the site you are on. Is it Amazon or amateur porn? If it is not a bona fide company, then do not give away your details.
  • If your address and bank details are requested, by all means be suspicious and double-check everything. To be safe, never give away more details than the bare minimum required by a service.
  • It doesn’t hurt if you refuse to use online services that are not essential to you if they ask for too many details.

Finally, if you want to respond to this article, please don’t call me! Leaving a comment on the blog will do nicely.


CC image by nathanmac87.

More posts from this topic


Advertising – to block or not to block? (Poll)

I have become pretty immune to advertising on the net. The brain develops an algorithm to locate the relevant content and filter out the junk around it. Frankly speaking, ask me about what ads there were on the page I just visited, and I have no clue. And I believe that’s true for many of us. Except that our internal ad-blockers aren’t perfect. The advertising may still affect us unconsciously. This issue has been in the headlines a lot since Apple introduced a simple way to implement ad-blocking on iPhones and iPads. Many took advantage of the opportunity and released new tools, among them the excellent F-Secure ADBLOCKER. And many media providers got upset as this development will no doubt increase the usage of ad blocking, and thus reduce advertising revenues. Some newspapers are already attempting to prevent users with ad-blockers from using their site at all. And some publishers admit that advertising has gone too far and they had it coming. So let’s take a look at the pros and cons of advertising. First the pros. Advertisers pay for your “free” stuff. It makes it possible to get a lot of excellent services and content without paying money. Instead you pay by exposing yourself to ads and letting companies profile you for targeted advertising. Some may actually find ads, especially well targeted ads, useful. They may contain special offers and campaign codes that are of true value to you. Advertising can be entertaining. And then the longer list, the cons. Advertising often disturbs your user experience. You have to locate the beef among glossy blinking ads. And you may even have to dodge pop-ups to actually see your content. Advertising may lure you to make more, often unnecessary, purchases. That’s basically the objective of advertising. Advertising often tries to trick you into opening the advertiser’s site. For example by mimicking a Next- or Download- button in the ad. Advertising may show content that is unsuitable for the viewer. Advertising can be a way to deliver malware. Ads are delivered from separate servers. A compromised ad server may show infected ads on sites with a good reputation. I.e. in places where you don’t expect to run into malware. Advertising will consume bandwidth and make pages load more slowly. This can cost you real money depending on your data plan. Advertising is the main reason to track you. Many companies attempt to profile you as accurately as possible to make targeted advertising more effective. Good targeted advertising may not be evil in itself, but misuse of the collected data is a real threat. It seems likes the cons win hands-down. But there is one argument in favor of advertisement that deserves some more attention. The publishers who take an aggressive approach against ad-blocking typically say that blocking ads is like taking a free ride. You try to benefit from free content without paying the price. And this is an argument that can’t be dismissed just like that. Remember that advertising is the engine for a significant part of the net. Imagine that 100% of the users would use 100% effective ad-blockers. What would our virtual world look like in that case? I don’t know, but it would definitively be a different world. But on the other hand, it’s easy to find sites where advertising definitively has gone overboard. So it is understandable if the advertisers receive little sympathy for their fight against ad-blocking. This is yet another question without any clear and simple answers. So let’s pass it to you, dear readers. What do you think about advertising on the web? [polldaddy poll=9139628]   [caption id="attachment_8591" align="aligncenter" width="1024"] Article trying to defend advertising. The beef is there under the ad. ;)[/caption]   Safe surfing, Micke   Image: iPhone and www.streamingmedia.com screenshots  

October 22, 2015
sign license

POLL – How should we deal with harmful license terms?

We blogged last week, once again, about the fact that people fail to read the license terms they approve when installing software. That post was inspired by a Chrome extension that monetized by collecting and selling data about users’ surfing behavior. People found out about this, got mad and called it spyware. Even if the data collection was documented in the privacy policy, and they technically had approved it. But this case is not really the point, it’s just an example of a very common business model on the Internet. The real point is what we should think about this business model. We have been used to free software and services on the net, and there are two major reasons for that. Initially the net was a playground for nerds and almost all services and programs were developed on a hobby or academic basis. The nerds were happy to give them away and all others were happy to get them for free. But businesses run into a problem when they tried to enter the net. There was no reliable payment method. This created the need for compensation models without money. The net of today is to a significant part powered by these moneyless business models. Products using them are often called free, which is incorrect as there usually is some kind of compensation involved. Nowadays we have money-based payment models too, but both our desire to get stuff for free and the moneyless models are still going strong. So what do these moneyless models really mean? Exposing the user to advertising is the best known example. This is a pretty open and honest model. Advertising can’t be hidden as the whole point is to make you see it. But it gets complicated when we start talking targeted advertising. Then someone need to know who you are and what you like, to be able to show you relevant ads. This is where it becomes a privacy issue. Ordinary users have no way to verify what data is collected about them and how it is used. Heck, often they don’t even know under what legislation it is stored and if the vendor respects privacy laws at all. Is this legal? Basically yes. Anyone is free to make agreements that involve submitting private data. But these scenarios can still be problematic in several ways. They may be in conflict with national consumer protection and privacy laws, but the most common complaint is that they aren’t fair. It’s practically impossible for ordinary users to read and understand many pages of legalese for every installed app. And some vendors utilize this by hiding the shady parts of the agreement deep into the mumbo jumbo. This creates a situation where the agreement may give significant rights to the vendor, which the users is totally unaware of. App permissions is nice development that attempts to tackle this problem. Modern operating systems for mobile devices require that apps are granted access to the resources they need. This enables the system to know more about what the app is up to and inform the user. But these rights are just becoming a slightly more advanced version of the license terms. People accept them without thinking about what they mean. This may be legal, but is it right? Personally I think the situation isn’t sustainable and something need to be done. But what? There are several ways to see this problem. What do you think is the best option?   [polldaddy poll=8801974]   The good news is however that you can avoid this problem. You can select to steer clear of “free” offerings and prefer software and services you pay money for. Their business model is simple and transparent, you get stuff and the vendor get money. These vendors do not need to hide scary clauses deep in the agreement document and can instead publish privacy principles like this.   Safe surfing, Micke     Photo by Orin Zebest at Flickr

April 15, 2015
webpage screenshot TOS

Sad figures about how many read the license terms

Do you remember our stunt in London where we offered free WiFi against getting your firstborn child? No, we have not collected any kids yet. But it sure was a nice demonstration of how careless we have become with user terms of software and service. It has been said that “Yes, I have read then license agreement” is the world’s biggest lie. Spot on! This was proven once again by a recent case where a Chrome extension was dragged into the spotlight accused of spying on users. Let’s first check the background. The “Webpage Screenshot” extension, which has been pulled from the Chrome Web Store, enabled users to conveniently take screenshots of web page content. It was a very popular extension with over 1,2 million users and tons of good reviews. But the problem is that the vendor seemed to get revenues by uploading user behavior, mainly visited web links, and monetizing on that data. The data upload was not very visible in the description, but the extension’s privacy policy did mention it. So the extension seemed to be acting according to what had been documented in the policy. Some people were upset and felt that they had been spied on. They installed the extension and had no clue that a screenshot utility would upload behavior data. And I can certainly understand why. But on the other hand, they did approve the user terms and conditions when installing. So they have technically given their approval to the data collection. Did the Webpage Screenshot users know what they signed up for? Let’s find out. It had 1 224 811 users when I collected this data. The question is how many of them had read the terms. You can pause here and think about it if you want to guess. The right answer follows below.   [caption id="attachment_8032" align="aligncenter" width="681"] Trying to access Webpage Screenshot gave an error in Chrome Web Store on April 7th 2015.[/caption]   The privacy policy was provided as a shortened URL which makes it possible to check its statistics. The link had been opened 146 times during the whole lifetime of the extension, slightly less than a year. Yes, only 146 times for over 1,2 million users! This means that only 0,012 % clicked the link! And the number of users who read all the way down to the data collection paragraph is even smaller. At least 99,988 % installed without reading the terms. So these figures support the claim that “I have read the terms” is the biggest lie. But they also show that “nobody reads the terms” is slightly incorrect.   Safe surfing, Micke   PS. Does F-Secure block this kind of programs? Typically no. They are usually not technically harmful, the user has installed them deliberately and we can’t really know what the user expects them to do. Or not to do. So this is not really a malware problem, it’s a fundamental problem in the business models of Internet.   Images: Screenshots from the Webpage Screenshot homepage and Chrome Web Store    

April 8, 2015