What’s the big deal with Facebook email addresses?

Home / What’s the big deal with Facebook email addresses?

What’s the big deal with Facebook email addresses?

You might have heard about the news recently of Facebook changing the default e-mail address of its users to an @facebook.com e-mail address. If you haven’t heard, you might Like to check your Facebook contact details. There’s a good chance your primary e-mail address is your name followed by @facebook.com! I’m not usually one for worrying about privacy but when the social network decides what my e-mail address is to be, there’s a few things to consider here that should ring alarm bells.

Facebook for friends and family

The purpose of Facebook is for friends and family to connect with other friends and family members, which is totally fine. If your Facebook contacts are anything like mine, your contact list consists of your closest friends and family, work colleagues, colleagues from previous jobs, friends of other friends that you don’t really know too well, and then acquaintances that you’ve maybe met once or twice at events. Every now and again a status update appears in my News Feed from a contact and I wonder, “who is that again?“. However, Facebook provides the tools for me to decide what information I’m willing to share with those people on my contacts, as well as contacts of contacts and the rest of the Internet. The trouble is, too often Facebook ignores privacy and shares information that it thinks I should share with everyone. And by everyone, I mean anyone on the Internet.

Facebook already lets my contacts send me messages with the built-in messaging feature. I rarely check my Facebook messages, since I’m usually bombarded with third-party app requests and invites to events that I have no interest in – usually from contacts that aren’t in my closest circle of friends and family. The contacts I like to hear from already have my e-mail address, that I trusted and chose to give them. When I receive e-mail I don’t want to read or don’t want to receive, it’s easy to delete and I can mark the message as spam so as not to receive messages from that sender again. If Facebook had an effective spam filter, I would never again be requested to join Farmville or Mafia Wars or whatever else the latest Facebook app happens to be.

Easy target for junk e-mail

Now that Facebook has chosen to assign me a Facebook e-mail address, it’s easy to guess and available to everyone on the Internet, including spammers, and automated crawlers that search out e-mail addresses for marketing purposes or malicious uses. With that comes an increase in junk mail and worse, the increased risk of malware to infect my Facebook profile and computer or smartphone. Drive-by downloads are the new biggest threat to web site owners where malicious programs infect a web site and are then downloaded to the web site’s visitors. With the large number of users on Facebook, that’s a gold mine for spammers to distribute malware affecting Facebook or to target innocent users that could be easily deceived with phishing e-mail scams.

Malware on Facebook has happened before and could potentially be exploited further. Users that check their e-mail are normally more aware of potential risks from e-mail addresses they don’t recognise. The largest concern with suspicious e-mails is those that appear to have been sent by your contacts. It can be difficult to distinguish a genuine e-mail message from one of your contacts by only the subject line. Most web-based e-mail services like Hotmail or Gmail have security tools that flag suspicious messages, give warnings before you open anything suspicious and block images, links or attachments that it considers unsafe. These services also have extensive spam filtering tools and antivirus tools working in the background before e-mail is even delivered to your inbox. Whilst Facebook does take security seriously, I personally haven’t found Facebook’s messaging service anywhere near as secure as my Hotmail or my Gmail accounts.

However, when users are on Facebook, they’re not there to be concerned about security risks, especially messages that appear to have been sent by their contacts and there is no annoying warnings or prompts to remind them before opening the message. Given the large number of young users on Facebook, this risk is even greater. Facebook is already notorious for scams promising free downloads for games or access to pornographic material, which all too often successfully trick people in to downloading malicious software or giving away personal information.

Free e-mail services expire

A few years back, my Facebook account was compromised. Someone else gained access to it and was able to make all sorts of changes and delete data. Worst of all, they successfully changed my password and effectively locked me out of my account. The process of recovering my Facebook account took a few hours and required me to click a verification link that it e-mailed to me.

If Facebook encourages users to use its service instead of traditional e-mail services, it could potentially lead to users no longer seeing the relevance in having an e-mail account with another provider. Users will probably still have an e-mail account with a service like Hotmail to sign up for Facebook in the first place but these free e-mail accounts only remain valid if the user actually uses it. After 120 days, if a user does not log in to their Hotmail account, their account automatically expires.

Assuming this happens, in the case of where a Facebook account is compromised like mine was, wouldn’t it be rather difficult to send a verification link to click if the user can’t actually access their e-mail any longer?

Is there a need?

In the end, the biggest contention with Facebook changing my primary e-mail address to one that Facebook gave me, is that I did not ask for it, did not want it, and more over, do not need it. Like most other people, I already have e-mail addresses for work use and for personal use and have no need to have yet another e-mail address to collect more junk e-mail. Ironically, with Facebook’s multitude of notification settings, users could potentially receive an e-mail to tell them they have an e-mail waiting!

Then there is the question of what else might Facebook decide I should have? I’m happy to use Facebook for the purposes of checking the status updates of friends and family, their photographs and to join in on light-hearted conversations on each other’s walls. I’ve no problem with Facebook introducing extra features, it makes sense after all, but if I want to join in, tell me about it and leave me to make my own decision to sign up rather than force me to use a service that has the potential to become more problematic than useful.

In the end, what about the choice of creating an e-mail address? Several friends of mine have long, obscure and good-humoured e-mail addresses. It makes them not too easy for automated spam-bots to guess but more importantly, they are a unique reflection of that individual’s creative personality and choice.

Can I turn off Facebook e-mail?

At the moment, you can only hide your Facebook e-mail address from appearing in your contact information. This only stops the e-mail address from appearing to your contacts. There currently is not a way to disable the @facebook.com e-mail address. You can hide the e-mail address by following the steps below:

  1. Sign in to your Facebook account
  2. At the top-right menu, next to Home, click the small down arrow
  3. Choose Account Settings
  4. Click E-mail
  5. Select your own e-mail address as your primary e-mail address
  6. Next to your Facebook e-mail address, click Remove
  7. Enter your Facebook password and press Save Changes
Update: It seems Facebook have potentially exacerbated this problem further for smartphone users who have their phones set to automatically sync contacts with Facebook! Users, especially Android users, are reporting to Sophos that e-mail addresses for their contacts have been changed to @facebook.com addresses and contacts are missing e-mails being sent to them as a result! Facebook have said they will release a fix for this problem soon.
Help-Desk