In a recent bug fix, Facebook inadvertently revealed that it’s creating dossier-like profiles on its users based on third-party information. This applies even if you never signed up for a Facebook account. But what does that mean exactly? When someone “connects” to Facebook using their Gmail, Yahoo, Twitter, Outlook, or whatever account, Facebook will ask for permission to access your contacts to “find your friends on Facebook.” While Facebook may actually be trying to find their friend’s profiles on Facebook, Facebook is also harvesting all of that contact data and using it to create “shadow profiles” based on name and email address information. Ouch… And before you ask if Facebook notifies anyone about this process, apparently, this page which is ambiguous at best is an attempt. Unfortunately, this isn’t the first time this month that Facebook flagrantly invaded user privacy without permission.

What is a Facebook Shadow Profile?

Have you ever tried using Photoshop, Paint.net, or another image editing software that uses ‘layers’? A shadow profile is like an invisible layer that isn’t normally visible on the Facebook front-end but is still there on its servers. These profiles contain additional information which you likely didn’t submit to your Facebook account yourself through the automated methods mentioned earlier. It’s visible only to Facebook. For a while, this information was available to people using the “download my data” feature due to a bug in the Facebook system, which has now been corrected. Although this information is no longer publicly available, it is still being collected by Facebook. And, these profiles may store information on people who don’t even have a Facebook account.

The part where this becomes scary is when you consider that Facebook is pulling information from various sources, but worst of all: smartphones. When you install the Facebook app on your phone, it requires permission to read your contacts, call log, location, accounts, and application data. Let’s also consider that many Android phones now come with Facebook pre-installed or baked into the operating system.

How can you protect your privacy?

The short answer is, you can’t. The responsibility relies on others not to upload contact data to Facebook, which includes you. Even when security company Packet Storm questioned Facebook, they received the following response from Facebook:

We were basically met with the same reasoning as above and in their wording they actually went as far as claiming that it would be a freedom of speech violation.”

Conclusion

Facebook is mapping the human population one social connection at a time with or without your help. Although Facebook is unlikely to be the only corporation among its peers involved in mapping the population, perhaps Facebook should note how one of its peers provides a solid opt-out process for its users.

Anything I can do? Also, what do you mean about Google? Are they doing something I should worry about. Your credit card company, your super market, the movie’s, search engines, EVERYONE! Every business on the planet it tracking its customers so I guess I’m not overly freaked out about Facebook doing it. I kinda already assumed they were doing it but I would wager Google has 10x the data that Facebook has on most ppl. Yes, exactly. Every business tracks its customers. Fine, I can avoid using the credit card, use cash instead, IF I WANT. I can choose not to use wallmart, IF I WANT. My choice. I’m in charge. Now, I’m not a facebook customer, I never created a facebook profile. But they are still tracking me, and I have no way on Earth to opt out of it. My personal information, given personally to people that I trust, and never published online, are now irrevokably stored by a company without my consent. I gave my phone number to my friends, NOT to facebook! Do you see the problem? I’m not sure how this is different to Google having your phone and email if someone you know uses gmail and has added you as a contact into Google Contacts – it’s the same inherent problem, as it isn’t you who is authorising access to this information. One thing Facebook could do, and perhaps they do do, is hash the phone number and email address so you can ONLY use it for what they use it for (https://www.groovypost.com/news/facebook-shadow-accounts-non-users/#comment-365948) as they wouldn’t be able to tell someones email address from their name but when someone opens an account it would be possible to find all users who had them in their contacts. Let me guess, you work at Facebook? ‘Only’? Dude, what planet are you from? Probably from the same planet as Barack it-just-meta-data-Obama. If it’s no big deal like you’re implying why are big-data and the government so keen on collecting it? Yea, what else is ever needed to perfectly identify a person? Once you have identity, you have everything there is. Does FB pay your salary or what? It’s a Roach Motel (TM) for your data. It checks in but never checks out. Ryan Comment Name * Email *

Δ  Save my name and email and send me emails as new comments are made to this post.

You Might Have an Invisible Facebook Account Even if You Never Signed Up - 13You Might Have an Invisible Facebook Account Even if You Never Signed Up - 71You Might Have an Invisible Facebook Account Even if You Never Signed Up - 59You Might Have an Invisible Facebook Account Even if You Never Signed Up - 28You Might Have an Invisible Facebook Account Even if You Never Signed Up - 57You Might Have an Invisible Facebook Account Even if You Never Signed Up - 12