Facebook, Instagram order users to email in passports

Just when you think that Facebook and Instagram could not do anything dumber, the outfits have started demanding users to break all the internet security rules in the book or lose their accounts.

You probably have received fake emails which demand you send you all your personal details, and you probably deleted them. After all, no sane company would ever ask you to send personal details, such as your ID card or passport, over mail. But, over the last week, a number of Instagram and Facebook users have been locked out of their accounts and prompted by both services to upload images of their government issued photo IDs to regain access.

The scheme is so bizarre that sites like Yahoo ask have been swamped with requests from users asking if the demands are real or just hacking attempts.

To make matters even more strange, those users who were dumb enough to send Facebook and Instagram the requested details have actually been rejected because they did not send enough information. Instead they have been told to send a different government-issued photo ID.

The information requested is all that Facebook or Instagram needs to pull off a complete ID theft. If you don’t give them your ID card you can send them your work or school ID, or a copy of an official document verifying your name and age like your birth certificate.

It suggests that the documents must be from a respected institution like a university and combined must show your full name, birthday and identification photo.

The companies claim they will permanently delete these documents after “we resolve your issue”. The question is why would you trust Facebook when you could be giving the same details to a Nigerian prince who promises £150 million from a frozen bank account.

The requests are in response to suspected violations of the two social networks’ distinct terms of service. As we have seen you can be in violation of your terms of service if you show a picture of a woman’s elbows, or make the grave mistake of using the company’s own address finding software to connect with your friends.

However, in our view, handing over such information to Facebook is plain stupid – and anyone who is ordered to do so should just walk away from their accounts. They should complain to the European Union about another blatant violation of their online privacy. After all, holding your personal data for ransom while demanding that you hand over more is just the sort of thing that gets EU ministers very upset.

TMP points out that this fiasco happened soon after Instagram updated its terms of service and privacy policy so the company had more discretion to advertise around user content and to manage its network. In the end the company had to back down.

However, Instagram’s new terms of service still have several additional bits of language that specifically give it the power to suspend a user’s account at will.