If you have a Facebook account, now may be a good time to check the email address that is associated with it (located under “About” and “Contact Info”). Facebook has confirmed to TPM that it has begun automatically changing users’ default displayed emails to “@Facebook.com” email addresses, which Facebook provides for each user’s account.
As a Facebook spokesperson wrote to TPM: “As we announced back in April, we’ve been updating addresses on Facebook to make them consistent across our site.”
At the time, Facebook also displayed a reminder to users at the top of their accounts showing what their “@Facebook” email address was and offering them an opportunity to adjust it. Check out a Facebook image released in April showing the notification that users received:
But the actual implications of the change — and specifically, the fact that it would apply to the default email address on a user’s Facebook profile — caught some tech bloggers and Facebook users by surprise.
Mozilla programmer Gervase Markham went so far as to rail against the change as a ‘man-in-the-middle’ attack, or a type of cyber-subversion, by on his blog on Saturday. As Markham wrote upon noticing that his email address had been changed from his preferred one to the “@Facebook” one:
In other words, Facebook silently inserted themselves into the path of formerly-direct unencrypted communications from people who want to email me. In other contexts, this is known as a Man In The Middle (MITM) attack. What on earth do they think they are playing at?
Tech bloggers picked up on Markham’s observations on Monday and also criticized Facebook for making what they deemed a sneaky and unwanted change to user accounts, with several explaining how to switch the email back.
Some users haven’t reported the change yet on their accounts, but based on Facebook’s comments, it does seem that the change will impact all 901 million users eventually. Some users have seen a random number preceding their “@Facebook” email address, which should only be the case if the user hasn’t adjusted their Facebook URL, or address, to another name, which can be done here.
Facebook does not have its own separate email client per se, but the emails sent to a person’s “@Facebook” address appear in a user’s Facebook Messages section of his or her account.
To be clear, Facebook isn’t showing these new “@Facebook.com” emails publicly by default, but rather only to “Friends.” Facebook’s spokesperson told TPM that the change also included more granular sharing controls for the email address, either publicly — to the whole Internet, to Friends, or not displayed at all on a user’s profile. As Facebook’s spokesperson explained:
“In addition to everyone receiving an address, we’re also rolling out a new setting that gives people the choice to decide which addresses they want to show on their timelines.
Ever since the launch of timeline, people have had the ability to control what posts they want to show or hide on their own timelines, and today we’re extending that to other information they post, starting with the Facebook address.”
So while Facebook’s change might have come as an unwelcome shock to some users, the company steadfastly maintains that it is actually part of a new effort to give users more control, not less. At the least, Facebook seems to have picked a funny way of expressing that intent.