Skip to content
Naked Security Naked Security

Facebook’s Friend Finder found unlawful by Germany’s highest court

The court said that Facebook's use of users' contacts to do its marketing violates laws on data protection and unfair trade practices.

In its younger days, a fear spread through Facelandia: friend requests were popping up, from people who Facebook said had suggested friendships but who protested that in actuality, they’d done nothing of the kind.

Many wondered, was it a computer virus?

No, it was just Facebook trying to be helpful by automatically scanning an assortment of data crunchables: mutual friends, work and education data, and contacts imported using the company’s Friend Finder, be they from Outlook, Gmail, Hotmail, Yahoo, or what have you.

Helpful, and self-serving, useful as it is for growing the network and bolstering Facebook’s advertising market.

Now, Germany’s highest court has said “nein!” to all that.

Reuters reports that a panel of the Federal Court of Justice has ruled that Facebook’s Friend Finder feature, used to encourage users to market the social media network to their contacts, constituted advertising harassment in a case that was filed in 2010 by the Federation of German Consumer Organisations (VZBV).

Friends Finder asks users for permission to snort the e-mail addresses of their friends or contacts from their address books, thereby allowing the company to send invitations to non-Facebook users to join up.

Earlier decisions from two lower courts had in 2012 and 2014 deemed Friend Finder a deceptive marketing practice, saying that Facebook had violated German laws on data protection and unfair trade practices.

The federal court upheld those decisions, adding that Facebook hasn’t adequately informed consumers about what it’s doing with their contacts.

Reuters quoted a spokeswoman for Facebook in Germany, who sent a statement saying that the social network was at the time waiting to receive the formal decision and would study the findings “to assess any impact on our services”.

The VZBV is pleased.

The organization, which is an umbrella for 41 German consumer associations, doesn’t know yet what’s to become of Friend Finder, but it does suspect this decision will have implications for other services.

Reuters quotes Klaus Mueller, head of the VZBV:

What the judgment means exactly for the current Friends Finder, we now have to find out.

In addition to Facebook, other services use this form of advertising to attract new users. They must now probably rethink.

Image of German flag and gavel courtesy of


I don’t use FaceBook (FB) much, but I do use LinkedIn (LI). And, LI has asked me many times for … get this … my email passwords, so they can find if any of my email contacts might want a connection.

I sure hope nobody is stupid enough to give their password to anybody, let alone an entity whose stated intent is to broadcast the information they obtain all around the world.

Does FB also ask for passwords?


Interestingly, I also found out that Linkedin also sometimes tells me which of my contacts have given over their email password, in order to convince me it’s okay.

So that’s another reason not to do it. Not only is it bad security practice, but everybody knows you have bad security practices.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!