Slashdot Mirror
Facebook Is Building Shadow Profiles of Non-Users
An anonymous reader writes "As noted previously, Max Schrems of Europe Versus Facebook has filed numerous complaints about Facebook's data collection practices. One complaint that has failed to draw much scrutiny regards Facebook's creation of Shadow Profiles. 'This is done by different functions that encourage users to hand personal data of other users and non-users to Facebook... (e.g. synchronizing mobile phones, importing personal data from
e-mail providers, importing personal information from instant messaging services, sending invitations
to friends or saving search queries when users search for other people on facebook.com). This means that even if you don't use it, you may already have a profile on Facebook.'"
Google's problem is that search engines can be easily fooled. Since the user indexes his or her own data by what is published to the web page, people tend to list all sorts of keywords which in turn create false results. Google's solution was PageRank, or picking the most popular sites. This doesn't work because all language is contextual, and as a result, a search term can mean many things.
What both Google and Facebook have realized is that unless they figure out who the user is, and what types of things they are looking for, there is no way to impose a type or context to the search. Without typed searching, search results become more irrelevant with the number of pages published to the web.
Both of them have hit on the same solution. Users aren't going to log in to a search engine, but they will log in to Gmail or Facebook, and that allows these companies to keep track of who you are (Google Plus is more an extension of Gmail than a separate app). Why else do you think both of them are manic about trying to get you to "validate" your account with a phone number?
Who uses adblock/noscript yet doesn't block those pointless facebook and twitter buttons?
Even if you don't care about the privacy angle, it really cuts down on useless traffic.
Here's a new one you may not have got around to adding yet: apis.google.com/js/plusone.js
In Soviet Russia, Facebook has profile on YOU.
I had a weird notification this morning. Facebook wanted me to confirm that someone else said my hometown was X city. So now if you don't list this information, they're asking others to rat you out, despite your best efforts to keep that information off of the web. I'm not sure you can opt out of other people's disclosures in the same way you can opt out of listing your city/state/employer etc.
moox. for a new generation.
I think you're right, but I've received creepy email invites from Facebook saying "You might know these people come join us" followed by 9 profile images some of close friends and some of acquaintances that happened to attend an event that I've gone to from time to time. It was creepy and is the main reason I want nothing to do with facebook.
So while everyone is taking issue at Facebook doing this, whats really needed is a Personal Information Control Act aimed at individuals rather than corporations?
Rather like (as i am in the UK) a Data Protection Law aimed at everyone, rather than just what businesses and organisations can do with data collected?
Or are we going to try and stick a band aid on it by limiting what companies can collect from people willing to offer?
I would say what needs to happen is people need to learn about the concept of "a matter of public record" and get used to the fact that while historically actually searching for public records was difficult it no longer is.
In short privacy is obsolete, our culture needs to adapt to this. Because ultimately all this information has always been available (high school yearbooks, for example have done much the same things as Facebook in the GP's example) the only thing that has changed is the barrier to accessing that information has lowered, with the automation of the collection and correlation of the data.
Surely someone better at programming than myself has either produced or is working on a simple set of software that will fill these databases with false information, rendering the whole thing unreliable. This actually seems like an appropriate task for an organization which refers to itself as anonymous .
Even if human interaction is needed (or better at than software) to create the accounts (answer captchas), once the couple million accounts are up and running they could randomly friend and unfriend each other, get involved in various groups, produce believable profiles, and become pollutants in the databases of companies such as Google and Facebook. Before long there rises the question, "is this profile real or fake? can't answer that? can't consider it real". The fakes could even base their profile on real profiles, altering things like school graduation year, and selecting a subset of contacts from various 'friends' of the real profile. With just a few 'friends' on Facebook an account rapidly begins receiving suggestions from Facebook itself on who might also be a known friend. It would be self propagating.
This may already be in action. I've had a few people/accounts that I did not know on Facebook send me a friend request, but were friends with several of my friends. Before accepting I asked our mutual friends if they knew who this person was. More often than not my friends said they didn't know them but since we went to high school together they didn't want to be rude. NO THANKS! Just as easily as this could be a data pollutant account it could also be a 3rd party mining Facebook for private information. Social engineering has always been a more powerful method than security hacking.
Anyway, I just think that rather than fighting for privacy the better approach is to corrupt their data through their own system. It seems more wicked.
No sig for you. YOU GET NO SIG!