Heh, I didn't have a Facebook account until several years ago. At some point I heard some coworkers discussing about something posted on Facebook, a post was about me. So I decided I'd make an account.
One of the first screens was that list of suggestions for people to add as friends.
Guess what? Even though they had almost no info on me, from me, the list had almost everyone I knew, even neatly sorted by level of interactions across the time.
I had just activated the "shadow" profile they had on me from everyone else...
I decided to download Instagram the other day. I wanted to be somewhat anonymous so I created a profile with a generic username, didn’t attach my email, and didn’t allow it to download any contacts.
When I signed in, the whole suggested friend list included people I knew. Family, old coworkers, ex-girlfriends, people I haven’t spoken to in 10+ years...
The only explanation I can think of is that I had used my phone number to sign up, and they scanned all their users to see who has my phone number stored in their phones.
I got super creeped out and deleted my account. Funnily enough, I had the exact same experience with Twitter last year too.
Instagram’s suggestions are out of control. It recommended that I friend the receptionist at my old dentist’s office. I didn’t even have Instagram when I went to that dentist. I can’t even figure out how it would connect us. Even if she had my phone number in her phone and made the decision to share her contacts with Instagram, I didn’t share my number with the service. I used an email that she wouldn’t have. Maybe I browsed a website with Facebook tracking while in the office and it knew my location and made a guess, but I don’t believe that it recommended anyone else from that building. Strang
This is freaky for sure but it could've also just been a coincidence. If she worked at a local dentist's office it could be that she is friends with a friend of yours or something like that.
That's the thing, this account has NO friends. I follow random people who draw things or dress well. But it still recommends my son's friends' parents or people that I went to high school with two states away or even the woman who cleaned my house two years ago. I bet FB's friend matching algorithm is something special
> The only explanation I can think of is that I had used my phone number to sign up, and they scanned all their users to see who has my phone number stored in their phones.
Simple. Those services ask permission to access the contact list of their user so they can "check if they already have them in their system". And while they're at it, they just keep everything. Permission included so they can store new contacts when you add new ones.
I have denied that sort of request from LinkedIn many times, but due to the suggestions it's made, it's clear they scraped my email contacts at some point. Either I slipped up, or they found some oblique way.
This is where EU's data protection law comes into play. When someone agreed to letting the app look at their phone book, the person isn't giving the app permission to store that forever. In theory, this sort of action should be illegal under EU law.
I "deleted" my FB more than 8 years ago, but since it was not possible to actually delete the data it was only disabled. In January I decided to re-activate it to get in touch with old acquaintances. Surprisingly, all of my pictures, contacts, and other interactions were there. Even a pending friend request was pending for 8 years.
Maybe I shouldn't be surprised, though, because FB stated clearly that you cannot delete your data. I just didn't believe they would keep it for so long. It felt weird.
Edit: Just a fun addition, I also made a fake account to promote Youtube videos against FB's EULA. To get more viewers I thought it might be a good idea to make arbitrary friend requests and must have had a certain tendency to click on attractive women. Curiously, at least half of them accepted immediately. One week later I got spammed with friend request of two kinds:
(a) Asian manufacturing sites offering all kinds of machinery and services. Most of them from China, but also some in other countries.
(b) Women posting half-naked pictures of themselves on FB, apparently doing that for a living.
None of them were my target audience. I guess successful FB marketing is more complicated.
That's interesting because refusing to delete personal information is going to be directly contrary to GDPR in a few months, the penalty for which will be 4% of global turnover.
It is absolutely possible to delete your Facebook account and profile permanently. It is harder to find (I had to search the help section for "permanently delete" or something), and they give you two weeks to change your mind. Of course, they still have tons of information about you, but I am tired of hearing people claim that you can only deactivate your account.
I deleted mine two years ago, but not before downloading my data. I haven't ever gone through it, but now I am interested to see if they included call logs and stuff.
> I am tired of hearing people claim that you can only deactivate your account
I'm tired of FB (or anyone using similar tactics) hiding behind "but you can delete your account" while employing all manner of dark patterns and scare tactics to mess with people who want to do exactly that.
Maybe it's changed since you did it, but I walked a friend through it recently and it was painfully tedious (not just a bunch of "are you really, really sure"s, but a bunch of dark patterns trying to steer you away from or hide the option altogether).
I'd be surprised if even 1% of people who want to delete their account are successful.
Are you sure this was possible > 8 years ago? If I remember correctly, I researched this for quite some time then and didn't find any way of deleting the account and everything stored in it. But it's possible I overlooked the option, of course.
I believe in the past you had to open some kind of support request, as there wasn't an "automated" way to do it (and there was maybe still some kind of waiting period after having deactivated the account). It's certainly been made easier (they've gotten a lot of flack over the years oven this...)
When I deactivated my facebook account to see what happens, literally nothing changed. Everybody else still thinks I'm there, they can send me messages, etc. When I reactivated my account by logging in, it was as if I had merely logged out.
> I "deleted" my FB more than 8 years ago, but since it was not possible to actually delete the data it was only disabled. In January I decided to re-activate it to get in touch with old acquaintances. Surprisingly, all of my pictures, contacts, and other interactions were there. Even a pending friend request was pending for 8 years.
There's a bit of a mixed message here. When you reactivated your account, you wanted to get in touch with old acquaintances. Yet you expressed surprise when your contacts were still there, even though you presumably wanted them to be. Was that a pleasant surprise? Or you were reactivating your account only with the intention of starting from scratch 100%?
Remember how it asks you to upload your contact lists? You probably say no, but others say yes and do it. They got this "people you may know" from THOSE people uploading their contact lists. It's kind of weird to call it a "shadow profile" when it's simply connecting those dots.
It's considered a shadow profile because they create a profile that nobody can see that aggregates data about the user. It's more than just the mutual contacts.
When people upload their contacts to Facebook to "find friends by phone or email" Facebook takes the phone numbers and email addresses of people who do not have Facebook accounts and associates them with a shadow profile. If multiple people upload contacts and have this same phone number and email address of a person, they can associate any other data uploaded (obviously name, birthday, address, other social media profile URLs?) with the same shadow profile. When the person creates an account using an email address or phone number tied to the shadow account, they already have a reasonable amount of data on the peson, including every user who has them in their contacts and others on those social graphs so that they probably know what school the user went to and current/past employers.
> It's kind of weird to call it a "shadow profile" when it's simply connecting those dots.
Is it kind of weird to call a shadow a shadow when it's just connecting the dots from yourself to the ground? What do you mean it's weird to call it a shadow profile? Just because you know how they do it does not make it "in the clear" or something not-shadow-like.
A shadow profile is a profile unknown to the victim and likely unknown to their friends. Facebook creates huge datasets of information about people without those people ever signing up for Facebook or even hearing about it. That's a shadow profile and it's creepy.
Is weird to call it a shadow profile because mow people like yourself are talking about victims. They basically just ran an SQL query. They didn't abuse anyone.
That's super creepy, but you can see how they get there.
I had a moment some time ago when it started suggesting I connect with people that I know from a private listserv I've been on for years.
Except I'm subbed to that listserv with a different email address from the one I use for Facebook, and I have no real-world interactions with these people, or friends in common. It was surreal.
Once I realized that someone on that list probably used Gmail, and shared their Gmail contacts with FB, it made more sense. Different email addresses don't do much when your name isn't very common, and the addresses vary only in domain.
My only Facebook account has entirely fake data. I use it to coordinate events with a dozen real-life friends. Facebook still manages to suggest new friends that have no obvious relationship to anyone I am friends with. I've never put their apps on my phone and used an email address I created just for Facebook.
It is creepy, but I can't help but step back and marvel at the technical achievement.
I wonder what percent of that profile is 'fake' and what is 'real'. Sounds like your intent is for it to be 90%+ fake but, in actuality, it's probably a lot more 'real' than you expect.
My guess.. the friends you are coordinating with have your number in their contacts list, which they then allow FB to see. FB associates that number with that group of people, and also separately associates your 'fake' account with that same group of people, since you're using it to coordinate with them. Now, if anybody else has your number in their contacts, FB might decide to show them to the 'fake' account, since they know somebody associated with the group you associate with. Three degrees of separation from your friend -> your number -> your friend group -> your 'fake' account
I was referring to his real number, which isn't in his FB account, but is likely stored in his friends' contact lists on their phones, which they in turn give over to facebook. This lets FB create a shadow profile for him. Even if they don't associate that number and shadow profile directly with his fake profile, they will see that they have the same social circle, since the same group of friends will both have his real phone number in their contacts, and also be communicating with his fake profile through FB. At best, there's only two steps between his real phone number and his fake profile.
For me it's only a little creepy, but not surprising.
I constantly think of Snowden and just how much our completely (ostensibly) private data actually says about who we are and what we do.
And then we're creeped out that an app that we allow to monitor our lives can know so much about us.
And I love FB, because I know that being online means sharing information. If I wasn't okay with sharing it, why in the world would I put it online with some other party controlling it?
> And I love FB, because I know that being online means sharing information. If I wasn't okay with sharing it, why in the world would I put it online with some other party controlling it?
Do you love that they track your movements across the web using phone home beacons on large swaths of the web and third-party apps?
Yeah, our experience of the American presidency has certainly been improved :P
That was only half-serious.
But it's not only use for improvement, but also to manipulate us in ways that may not be in our best interest.
Of course, it's your information. If you are OK with sharing it, it's your right. I say the same about smoking: you hate your lungs? Smoke away! But when tobacco companies lie about the effects of tobacco, and make it seem normal and cool, that's when I get angry.
We shouldn't be ok with our lungs going to shit and with our lives being constantly spied. But we have a right to accept this things, if anyone doesn't agree with me they can do it and I respect them.
I don't respect those who misinform, lie or deceit us to make us OK with it though.
Don't get me started on our presidency. My party sold it's soul to win (of which I've now learned, it didn't have much to sell).
But when you say it's my information to share, is this somehow hidden from people? Is there some sort of system that hides that fact from people?
I feel like an alien because I truly don't get the people who are griping against their information being sold/distributed.
I don't mean people like my grandmother, who're just happy to purchase stuff online, but people sophisticated enough to make cogent arguments about privacy and data rights, but act as if they are taken aback by ad targeting.
It's either disingenuous or mentally incapacitated, but I'm struggling to find a third option here.
> a dozen real-life friends ... used an email address I created just for Facebook
Faking data doesn't work when they have a significant shadow profile with 'votes' from many of your friends. I imagine some of your dozen real life friends have your real email in their contact lists. You giving a fake one might just set a flag that your 'vote' is not to be relied on!
Correlating with a dozen people posting events, activities etc probably reveals rather a lot about time0ut.
As well, they (and Google) are tracking your movement across the web, through affilliates and embedded webbugs. Don't think for a moment they've not connected the dots. All it takes is one gstatic image load while you're bringing up hotmail or one clicked embedded link and they've got an identity.
"Social Media" is a nasty spy network in candy-coloured wrapping.
If you make a new friend(s) and visit them (before adding them on FB) and use their home wi-fi to access to FB, they will almost instantly appear on the "friend suggestions" list. I experienced this (and heard about from people I know) several times when I used to have a FB account.
Facebook can't know the MAC address of my router from my friend being here and using facebook. At MOST they could know my IP address, but everyone has Dynamic addresses nowadays and that's a useless data point.
Google _does_ know router's MAC addresses, because they mapped BSSIDs when doing streetview mapping.
Could it be people who searched for you before you made your account?
I've noticed something similar with a handful of people but always assumed they were people who searched for my name and couldn't find me at the time, so their search was put on hold until an account with the corresponding was created.
The people you interact with the most are probably also more likely to be the people that interact with each other. So FB can see everyone who has your email address in their list and then prioritize those people who are most connected with each other.
I am guessing, but it is quite amazing how freakily accurate simple statistics can be.
i deleted my facebook acc years ago, but people keep using my gmail when registring for facebook, i dont know how is facebook allowing that.
i though after some time without verifying the email facebook would disable the account, so i filtered those to not go to my inbox. but facebook never did that. so i had to contact them to disable the account and verify that this is my email address and not from the person that registered it. they removed then my email for that account. after half a year somebody else registered the email again, and im getting again emails from fb and now im filtering it to go to spam directly. it makes me angry.
The verified solution to this is to recover the password for that account, login, remove phone, change the password and the profile picture to that of an ass.
You will never be bothered since they can only use an email once, and it will nicely throw a wrench into any massive surveillance machine by associating your email with a completely foreign social graph. It's also what the original user probably intended - I mean, he did use your email address, did he not?
> It's also what the original user probably intended
You'd be surprised the number of clueless people that have no idea what their email address is. They might have the username@(att|aol|yahoo) and believe now it's @gmail.
It's more ignorance than malice in cases like these. FB, OTOH, is not forcing the email verification because they know that it's a friction and they don't want that.
Yep, I believe this is exactly what happened to me a few months ago.
Someone kept using <myuser>@gmail.com to register for a bunch of different things. Based on the human name attached to a couple of the accounts, I'm fairly sure it was twitter user @<myuser>, which isn't me.
I was able to contact one of the sites and they deleted the account believing I just didn't want it anymore (they didn't seem to comprehend that someone would register with the wrong email), but most of them I just ended up using the "lost password" feature.
> FB, OTOH, is not forcing the email verification because they know that it's a friction and they don't want that.
Here's the most annoying part: Apple iCloud sent me a "please verify your email address" confirmation email, which I never clicked on. But she was able to use the account anyway, with my email address still attached - I kept getting notifications about someone else repeatedly joining/leaving her "family" group.
Yep, I have the name of this account as a gmail account as well - and I get legitimately typo'ed e-mail from someone at least once a week.
As fun as the replying to shopping list e-mails is, the auto-responders for signup forms do get quite old after a while. And it is truly amazing how long accounts will last with bad e-mail addresses on them (looking at you, Netflix).
i did try that, but you know what, facebook had a protection where it said, you are logging form an unusual place, please verify that you are the owner of the account in that they trow you a bunch of your friends and ask information about them.
I've had this problem with multiple other services including Facebook, Skype, Dropbox and Snapchat and sometimes the service just assumes "yeah that's that guy's email, we don't need to verify it". Makes me angry too :)
> I had just activated the "shadow" profile they had on me from everyone else...
This is one of the reasons I created (and don't delete) my FB account. I'm not really adding information to the system, can have a view of what it thinks it knows about me, and can (foolishly) attempt to subvert and game it somehow using disinformation.
The Android Facebook messenger is pure cancer. It will hijack the default SMS application and scrape all available information to the mothership. I mostly stopped responding to Facebook messages and refuse to acknowledge it as a legitimate way to contact me.
But if you absolutely need to use the messenger, I recommend using a Hermit lite application, that hocks into the web version of the messenger and leaks no more info than any other web Facebook session.
You can use Hermit to replace many proprietary bloated apps, and even create pseudo "apps" for sites that don't feature one, like this site, with a nice icon on your desktop.
Not only that, but these apps are often installed by default on android phones and can't be removed by the user without rooting the phone. there is no guarantee Facebook is not scraping data even though the user doesn't have a Facebook account.
I think the issue is not the Android Facebook messenger. It's Android. Because you have a platform that not only permits apps to do this, but an app store that approves apps which does this.
I am hoping to get my own data from Facebook and check it against when I switched to Windows as a mobile OS. As it stands, only two built-in apps, People and Messaging, have access to my call history.
Android also has absolutely useless permission categories. Supposedly lots of apps legitimately ask for "read phone status and identity" just so they can e.g. pause a game when a call comes in. The same permission lets them scrape all kinds of info like phone # and IMEI. Which is the app doing?
The Play Store team should not be permitting apps in the store without extreme skepticism of the permissions they request, particularly in certain categories.
The Facebook app should be pulled from the Play Store until its permissions are reduced, but I doubt Google will do it.
The user can always refuse access to SMS, contacts and other sensitive features on Android.
I have Messenger on my Pixel, it's working fine without having access to all of that.
This is actually untrue for about half of all Android users. Being able to granularly adjust permissions is fairly new, and of course, if you aren't buying the latest phone every year, it'll be a long time until you get this.
The app store approves these apps, while at the same time denying other apps, like Adblock, that work directly against tracking. I have to void my warranty on a phone purchased at full price, with no plan, before I am allowed to install it from F-Droid.
Cue in the «soviet Russia / product sells you» jokes.
Thank you for telling me about hermit. I've spent about 10 minutes with it and I'm already considering replacing about 5 apps with hermit versions. It has the type of functionality that IMO should really be standard in Android.
EDIT:one thing I noticed which kills a lot of the appeal for me is cookies appear to be maintained between lite apps
> You can use Hermit to replace many proprietary bloated apps, and even create pseudo "apps" for sites that don't feature one, like this site, with a nice icon on your desktop.
Do you really need another "app" for that? Why not just use a browser and save links to your home screen for the sites you want to access directly? As a bonus, you can install plugins like uBlock Origin and Decentraleyes and prevent the browser from leaking data to Google Analytics and 500 other data harvesting centers every time you load your "apps".
I use Messenger Lite for a few years now. It's certainly not perfect, but it's… less cancer-y i guess. At least it's less bloated and doesn't hijack SMS.
Can the Hermit-wrapped web messenger send notifications?
Is there any difference between that and m.facebook.com? I do use the latter on my phone to avoid installing a Facebook/Messenger app. But its usability is... limited.
Here's how: Facebook requested those permissions on Android and scrapped them. Users (includes technical people like OP) just blindly click "Yes" on every pop up.
Even if you're super careful with your permission, Facebook can still construct a good profile of you via the people you're communicating with.
Android has not, until extremely recently, required apps to request permission for things at runtime. Android 5.1, which is what was in use here, I believe, did not. Installing Android apps for most of Android's lifetime required granting it all the permissions it asked for.
Yeah, I believe these two things are more or less part of the same major API change to how permissions are handled. Note that until like... this year, you could simply target older Android versions to prevent users denying your app's permissions.
It looks like Google's going to try to start forcing apps to comply with targeting requirements to get apps on the Play Store now. But this really is a "too little, too late" situation, IMHO. Billions of users, as Android team likes to brag about, are already compromised.
Maybe you can use the "THAT people on the continent have better protections than us"-argument to pressure your government Post-Brexit to introduce something similar. I wouldn't bet on it, but .. it's worth a try?
The question is, why does Facebook wants to know each bit of our lives and fetch details which might be harmless for us. For instance, Facebook might want to know how do I talk or walk or turn around and build a persona of mine? Ads, well that's obvious but ONLY Ads? I don't think so.
I don't know why people are down-voting you, you make an excellent point - what benefit could having phone and text meta-data possibly have for generating targeted advertising?
I agree, targeted ads are valuable but when you’re getting this granular the computation, network and storage costs start to exceed the marketing benefits. It’s unlikely to increase conversion by much, and almost all companies and brands that could take advantage of this at scale are going to really struggle to actually implement a campaign that does this (because it’s hard to figure out and test what to target).
They are more likely collecting this data to use it to convince CMOs to continue plowing money into Facebook ads, even though they’ll never actually use it. The power that comes with being able to control the population through government relationships is a long term strategy to avoid any government sanctions, nationalisation, taxation etc.
Not surprised. Facebook/Messenger Android App can read phone call log.
Somewhere in their Messenger Android app indicates they might be planning to provide a dialer and support voice calling. It makes the excuse of reading call log more justifiable /s
I haven't ever had a facebook. What I find more chilling is why would my phone be giving over all that meta data? I'm just wondering then what other apps are just collecting that data and what security setting can be enabled to say that data shouldn't be shared! wtf.
Android + Facebook is a bad combination at the moment. I don't believe this can happen on iOS which doesn't even have an option to allow an (external) app to view things like text messages or call history.
My "main" account has been disable for years. I have a secondary facebook profile that i used to use like once a month to keep in contact with maybe 4-5 friends (as in facebook friends) and many others via a group that we have in common.
Since I moved in my current city about 5-6 years ago, there was no connection to my previous city. Yet Facebook managed to understand who one of my cousins was and suggested I added it as friend. SCARY.
This! People think it's just a "Facebook problem". It's not. Many services work in a similar way, FB just one of the high-profile ones. After the initial enthusiasm, at least tech-savvy folks think well before installing a new app and giving your real name (or even an e-mail address that you actually regularly use) to any company on the internet.
I still use Moves App[1], since Facebook acquired it in 2014, last update in 2016. Is there alternative?
Moreover:
>>> We may share information, including personally identifying information, with our Affiliates (companies that are part of our corporate groups of companies, including but not limited to Facebook) to help provide, understand, and improve our Services.
>> You know, you're going on about the data that fb has... and yet you've just shared other peoples names all over the internet. (Unless you've changed them, as the font seems different in the photo?)
You just illustrated the main issue here. People's names are public, true. Those people using to have a relationship with the op, both the fact that there was a relationship at some point and that there is no relationship atm, is NOT public info. That's not OPs information to give away.
This is the problem I have with the #deletefacebook thing, deleting facebook and even facebook disappearing all together is not going to make the world more secure, as most people seem to believe. There are many more companies that have data about you, for example did you ever wondered how many websites you use are using jquery from code.jquery.org cdn?
The info shared by OP might not affect any of the parties involved. So does most of the crap facebook "leaked". But what if that info is affecting somebody?
You might be pointing out that laws could be enacted to prevent this from happening. It's a fact that laws cannot keep up with technology.
The solution is to educate yourself about how online works, about what data means and then educate the persons around you about this.
So it somehow linked that to your account, and they slipped up on showing it to you. I'm sure if they exported they'd find that they also have more calls.
I for one am happy as hell that they are including this, and I don't think we should be implying it was a mistake or that it's wrong. If you want them to export all their data about you, they should export all their data about you, and it looks like they are.
> they should export all their data about you, and it looks like they are.
I don't think they are exporting all their data about us.
Because the calls were not between that person, they were between two other people, that's kind of personal information that should only have been exported to the parties involved? Privacy and all that good stuff.
>Because the calls were not between that person, they were between two other people
I think one of us is misunderstanding the tweet here.
I read it as these calls are between OP and OP's Partner's mother. Meaning OP is a first-party in all of the calls. OP may not have been the source of the data, but OP was involved in the data, so the data was revealed to OP when he exported all of it.
There does not seem to be an option to link a WhatsApp account to a Facebook account (other than associating phone numbers). So it does not seem to be the case
One of the first screens was that list of suggestions for people to add as friends.
Guess what? Even though they had almost no info on me, from me, the list had almost everyone I knew, even neatly sorted by level of interactions across the time.
I had just activated the "shadow" profile they had on me from everyone else...