| Well as far as legal protections go, nothing definitive, and they can always argue their statements about enhancing user experience would cover this. Check westlaw on it
https://content.next.westlaw.com/6-502-0467?transitionType=D... I think the real issue, is people think they are doing one thing, but doing another. depending on the age of your account, you'll notice that the notifications for SMS maybe defaulted on, this didn't matter if you didn't have a phone number associated with your account. When you add a phone number to your account, its not "solely" 2FA, you add the number to your account, and 2Fa is enabled, just like all the other default setting that apply to phone numbers. which is why when people are responding to the SMS its posting on their wall, its because what their settings are set to do. see the settings below where they can disable this.
https://imgur.com/a/6pOHH It's another case of people screaming to the heavens about evil megacorp. when in reality they can't be bothered to check their own settings. |
Facebook's settings are often opaque and unintuitive, and some of the stuff around notifications qualifies as dark patterns. Also, as you mentioned, Facebook has a history of using selfishly-chosen defaults which are often not what a user would likely want or expect.
I'm not going to fault people for complaining about getting tricked into settings they didn't want.