Facebook Shadow Profiles: What You Need to Know
2013-06-28 0:00

By Kevin Morris | Mashable

Facebook shadow profiles. You may have seen the term crop up on tech news sites this week, and it may given you the feeling it’s a nefarious privacy violation — or the first fun feature that Facebook has introduced in years.

But, seriously: Are shadow profiles real? Do I have one? Are they bad?

If you use Facebook, then the answer to all three of those questions is "yes." Let’s take a trip into the shadowy recesses to learn more.

Why Are Shadow Profiles in the News?

Last Friday, just as most journalists were preparing to head home for the weekend, Facebook released some embarrassing news. A bug had exposed the private email addresses and phone numbers of 6 million users.

Though Facebook tried to downplay the significance of the bug, journalists forced to work on a weekend quickly realized there was more to the story than just another data leak: Many of the users whose email addresses and phone numbers were exposed had not knowingly shared that personal information with Facebook.

Instead, their contact information had been collected on the sly — stored in Facebook’s secret behind-the-scenes scaffolding, where it collects troves of data on you that you never knew about. That information comprises what’s known as your "shadow profile."

Who Has a Shadow Profile?

Well, potentially everyone who has a Facebook account. They contain a certain amount of information you’re not surprised Facebook knows about you: your name, your interests, your relationship status, how many times you’ve liked your friends posts. But at the same time, Facebook has been able to sneakily collect other data about you. Even if you never told Facebook your phone number, for instance, it might have a record of it. As well as your second and third and fourth email addresses.

Where Did Facebook Get This Data?

Your friends! Or maybe even friends of friends. You can thank anyone who allowed Facebook to scan their mobile phone contacts through the "Find Friends" feature.

When someone uses this feature, Facebook downloads the phone’s entire contact book to its servers. This mostly includes emails and phone numbers. At the same time, Facebook is also collecting harder-to track data on how you and your friends (and friends of friends) are connected to one another. That’s how it finds people to recommend for its "people you may know" feature.

Facebook’s mobile app even provides the following message:

"Find Friends uploads contacts from your device and stores them on Facebook’s servers where they may be used to help others search for people or to generate friend suggestions for you and others."

Do Non-Facebook Users Have Shadow Profiles?

It makes sense that, with all the contact lists uploaded to its servers every day, Facebook would be able to learn a whole lot of information about people who don’t even have Facebook accounts. But while it has stayed mum on shadow accounts as a whole, the company has asserted it does not collect information on people who don’t actually use Facebook.

Is That Legal?

In the United States, probably. Facebook mentioned collecting phone contacts in the Terms of Service that all users must agree to before using the site, so unless the company is collecting additional undisclosed information, users have already given consent.

But Europe’s data protection laws are much stronger. Max Schrems, the privacy rights advocate who founded activist group Europe v. Facebook, launched a complaint against Facebook’s European offices, headquartered in Ireland, citing seven different instances in which shadow profiles potentially violate the country’s Data Protection Act (read the PDF here). Schrems asserts that the profiles gathered "excessive amounts of information about data subjects without notice or consent by the data subject. In many cases these information might be embarrassing or intimidating for the data subject."


Read the full article at: mashable.com

Firm: Facebook’s shadow profiles are ’frightening’ dossiers on everyone
By Violet Blue | ZDNet

The security researchers who found Facebook’s ’shadow profiles’ bug have rung the alarm that Facebook is compiling "frightening" dossiers on everyone possible.

Facebook’s shadow profile data collection activities came to light Friday when the social network disclosed a bug fix.

The security researchers who found the vulnerability, Packet Storm Security, say Facebook is compiling "frightening" dossiers on everyone possible, including people without Facebook accounts.

Last week, Packet Storm discovered Facebook’s vulnerability and contacted Facebook.

After extended dialogue with Facebook the researchers were compelled to reflect that, "The issue itself was not built with malice in mind it was simply an oversight. The significance of what it unearthed is the real problem that still remains."

Since 2012, Facebook had unintentionally combined user’s shadow profiles with their Facebook profiles and shared it with those users’ friends who used Facebook’s Download Your Information (DYI) tool.

If only Facebook had explained the bug as clearly as Packet Storm in its post Facebook: Where Your Friends Are Your Worst Enemies:

When you open the downloaded archive, there is a file inside called addressbook.html. This file is supposed to house the contact information you uploaded.

However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided you had one piece of matching data, effectively building large dossiers on people.

In our testing, we found that uploading one public email address for an individual could reap a dozen additional pieces of contact information.

It should also be noted that the collection of this information goes for all of the data uploaded, regardless of whether or not your contacts are Facebook users.

Most people who found out they have a ’shadow profile’ with contact info they never gave to Facebook - such as telephone numbers - were surprised and angry.

Facebook responded Sunday pointing to a page on its address book email collection policy and emphasizing that the data is uploaded voluntarily by people the users know.

The real alarm rose when Packet Storm began to comprehend what this meant for the individual user - and what happened when the security researchers approached Facebook with its concrete fears:
The fact that I have no control over additional email addresses and phone numbers added to their data store on me is frightening. The questions we asked were very to the point but carefully constructed to reflect an equal balance between usability and user safety.

(...) Our first question asked that, in the name of common decency and privacy, would Facebook ever commit to automatically discarding information of individuals that do not have a known Facebook account? Possibly age it out X days if they don’t respond to an invite due to a friend uploading their information without their knowledge?

Their response was essentially that they think of contacts imported by a user as the user’s data and they are allowed to do with it what they want.

To clarify, it’s not your data, it’s your friends. We went on to ask them if Facebook would commit to having a privacy setting that dictates Facebook will automatically delete any and all data uploaded about me via third parties ("friends") if it’s not in scope with what I’ve shared on my profile (and by proxy, is out of band from my privacy settings)?

We were basically met with the same reasoning as above and in their wording they actually went as far as claiming that it would be a freedom of speech violation.

Facebook policy in this area is that your data is not yours; it belongs to your friends, and by its rules your friends - or merely peple you know - have more control over your data than you do.


Read the full article at: zdnet.com

Related Articles
Facebook’s ’shadow profiles’ put personal info out in the open
Facebook Now Collecting Photo IDs
’Quit Google, Facebook’ suggests tech expert as surveillance scandal deepens
Is Facebook smartphone just a new way to collect data about you?
Regret Facebook? Here’s an escape route.
Face The Truth: Facebook Acquires ’Largest, Most Accurate’ Facial Recognition Software

Latest News from our Front Page

ISIS to France: "We will be coming. Victory has been promised to us by Allah"
2015-11-26 3:33
Homegrown French ISIS fighters have issued a chilling threat of new attacks on France just 24 hours after the terrorist group used movie footage of the Eiffel Tower's collapse in another video.  A balaclava-clad militant is seen warning 'we will be coming, we will come to crush your country' in footage posted on Twitter earlier today. It is unclear where the film ...
ISIS teenage 'poster girl' Samra Kesinovic 'beaten to death' as she tried to flee the group
2015-11-26 1:07
She appeared in social media images for the group carrying a Kalashnikov and surrounded by armed men A teenage girl who ran away from her Vienna home to join Isis in Syria has reportedly been beaten to death by the group after trying to escape. Samra Kesinovic, 17, travelled to Syria last year with her friend Sabina Selimovic, 15. The two became a ...
The Right Stuff's flagship podcast "The Daily Shoah" has been censored by Soundcloud
2015-11-25 22:56
Editor's note: The PC corporate moral police strike again. Just as Radio 3Fourteen & Red Ice Radio were censored from iTunes, The Daily Shoah was pulled from Soundcloud today. As per usual, there is a double standard, they allow any kind of anti-White material: No counter culture humor making fun of the genocidal mainstream garbage is allowed! ... From: therightstuff.biz Soundcloud took it upon ...
Merkel Welcomes A Million More: Vows To Stand By Refugee Policy Despite Security Fears
2015-11-25 21:05
Chancellor Angela Merkel vowed on Wednesday to stick to her open-door refugee policy, defying criticism at home and abroad which has intensified due to growing fears about a potential security risk after the Islamist attacks in Paris. Conservative Merkel faces splits in her right-left coalition and pressure from EU states, including France, over her insistence that Germany can cope with up ...
Paris Terrorist Was Gay 'Rent Boy', On The Run From Islamic State And Police
2015-11-25 20:16
The elusive eighth Paris attacker and one of three brothers implicated in the atrocity reportedly frequented gay clubs before the attack. He may have backed out of his mission at the last minute, and is possibly on the run from Islamic State as well as authorities. “We had him down as a rent boy, he was always hanging out with that ...
More News »