I created a Twitter account to test setting up 2FA using the new authenticator app I’m working on. After the initial setup, turning on 2FA (my app worked!) and sending a tweet, twitter told me I might be a robot and had me complete a captcha and enter my phone number so it could send a verification text.
I didn’t see any indication that the phone number would be used for anything besides this verification but I immediately noticed that Twitter was recommending people to follow based on that phone number (I’m certain the email address I signed up with couldn’t be associated with those people in any way.)
I’m not surprised that Twitter wants phone numbers and uses them to build their social graph but requiring your phone number and not making it clear what it’s going to do with it strikes me as especially creepy, Facebook-level creepy.