Slashdot Mirror
Facebook Is Building Shadow Profiles of Non-Users
An anonymous reader writes "As noted previously, Max Schrems of Europe Versus Facebook has filed numerous complaints about Facebook's data collection practices. One complaint that has failed to draw much scrutiny regards Facebook's creation of Shadow Profiles. 'This is done by different functions that encourage users to hand personal data of other users and non-users to Facebook... (e.g. synchronizing mobile phones, importing personal data from
e-mail providers, importing personal information from instant messaging services, sending invitations
to friends or saving search queries when users search for other people on facebook.com). This means that even if you don't use it, you may already have a profile on Facebook.'"
See this is why I don't use facebook..... er...damn it!
Flexible bare-metal recovery for Linux/UNIX
Google's problem is that search engines can be easily fooled. Since the user indexes his or her own data by what is published to the web page, people tend to list all sorts of keywords which in turn create false results. Google's solution was PageRank, or picking the most popular sites. This doesn't work because all language is contextual, and as a result, a search term can mean many things.
What both Google and Facebook have realized is that unless they figure out who the user is, and what types of things they are looking for, there is no way to impose a type or context to the search. Without typed searching, search results become more irrelevant with the number of pages published to the web.
Both of them have hit on the same solution. Users aren't going to log in to a search engine, but they will log in to Gmail or Facebook, and that allows these companies to keep track of who you are (Google Plus is more an extension of Gmail than a separate app). Why else do you think both of them are manic about trying to get you to "validate" your account with a phone number?
Who uses adblock/noscript yet doesn't block those pointless facebook and twitter buttons?
Even if you don't care about the privacy angle, it really cuts down on useless traffic.
Here's a new one you may not have got around to adding yet: apis.google.com/js/plusone.js
What the article is in part talking about is what a lot of people have been saying for years now.
People say if you don't want facebook to know anything about you, then you shouldn't post there.
So others reply that it doesn't matter that you didn't give the data to facebook, one of your friends might.
So now the statement is that if you don't want facebook to know anything about you, then you shouldn't tell your friends, colleagues, etc. anything - after all, they may enter it on facebook.
But this still makes the presumption that you actually gave that information, knowingly and willingly, to that person - and that it it's reasonable to assume that facebook will then collect it as well.
Let's say you went to Slashdot High. So did some other person. That other person tells facebook to look for MikeB0Lton who attended Slashdot High. Now facebook has a reasonable assumption that you went to Slashdot High.
You didn't give facebook that data. And you didn't really give that data to that person - it's just information that accumulates simply by existing. You could fo for a "well you could have chosen to be homeschooled" sort of retort, but setting aside that most people here went to highschool long before facebook even existed, that's of course asking for ridiculous steps to take just to prevent anybody from collecting data about you.
Now obviously pandora's box on this was opened a very long time ago and there's really no way that it'll ever change. Even if facebook were to be forced to kill all collected data beyond that required for direct facebook operations, there's plenty of companies and shady organizations who are not targeted and who will gladly not even bother with waiting for users to provide the data and instead crawl sites and official records for it.
But the suggestion that facebook only has data on you because you gave it to them - and now that it has it because you gave it to somebody else - seems to be putting some level of blame with people when really they needn't even do/say anything.
In Soviet Russia, Facebook has profile on YOU.
Go on various people search websites, like Spokeo, and search for yourself. Go ahead, I'll wait.
You're probably already on the web. And tracking companies like DoubleClick already know all about your browsing habits. If you're paranoid about privacy, then you better stay off of the internet, don't use cellphones, credit/debit cards, shopper discount cards, etc, because profiling you is what makes companies extra money nowadays.
If you think they're going to pass up the opportunity to make money just for the sake of your privacy, when there's no law to stop it, you're sadly mistaken.
I think that went out the window when they became a registered sex offender.
You'd be surprised what could get you on the registered sex offender list. When I purchased my house, I checked the list. Apparently, a guy down the street had a physical relationship with a 17 year old when he was 20. He's now on the list for life because of a vindictive parent, bad breakup, etc.
As a former Facebooker, I already block all Facebook domains to keep the stupid Like buttons and other debris off of the websites I do visit. This is just another reason to do so.
It's amazing how much faster it is to load pages when there are no calls to Facebook.com or their content delivery domains.
It's about non-users who HAVE NEVER USED THE DAMN THING and yet are being profiled and harrassed by FB. (like "Hey, these guys are on FB, we know they're your friends, why don't you join ? Oh, and we know where you live and what school your kids go to. Just saying.")
In Soviet Russia, our new overlords are belong to all your base.
When you install FB onto your smart phone, you are allowing FB access to every nook and cranny about your phone, its data, etc, even if you opt-out to not 'connect' with people in your contacts.
What FB is essentially doing, is they are looking at your contacts, the names you have of them, their number and email, and creating a 'profile' if that person doesn't already exist.
The problem here is that those persons did not give consent to FB (ie. installing FB on their phone or creating a profile). Another major problem is that FB could be alreay selling that shadow profile's info to marketers... that's not right.
Because ignorance and refusal to follow simple rules of grammar are just as inborn and innate as one's race or sexuality.
But how about those French people?
They use a different word for EVERYTHING!
IMHO, Facebook passed MS a long time ago. And that's saying something. At least MS is primarily evil because of their thirst for money and control -- Facebook sees that and raises them the desire to know absolutely everything about everyone on earth, then sell it to anyone who wants it. If Zuckerberg were CEO of MS, registering Windows would be mandatory, and would require everything down to your underwear size and medical history. And there'd be text ads on the start menu that would be chosen based on what websites you visited last night or what medications might appeal to you.
Well, you certainly can't put it back in the box, but governments could always criminalize it with destructive fines so that if a company is discovered doing it, they have to pay, and pay big.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I had a weird notification this morning. Facebook wanted me to confirm that someone else said my hometown was X city. So now if you don't list this information, they're asking others to rat you out, despite your best efforts to keep that information off of the web. I'm not sure you can opt out of other people's disclosures in the same way you can opt out of listing your city/state/employer etc.
moox. for a new generation.
Your labwork just came back. You might want to sit down for this...
You got trolled. Hard.
How is this not a violation of the data protection act? I quote from Wikipedia (http://en.wikipedia.org/wiki/Data_Protection_Act_1998)
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- [...]
Personal data should only be processed fairly and lawfully. In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data (Schedule 2).
The data subject (the person whose data is stored) has consented ("given their permission") to the processing;
Processing is necessary for the performance of, or commencing, a contract;
Processing is required under a legal obligation (other than one stated in the contract);
Processing is necessary to protect the vital interests of the data subject;
Processing is necessary to carry out any public functions;
Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).[8]
Is any of the above true? I certainly did not consent for my data to be processed when I am not on Facebook. Also note, it is not important who has given the data to Facebook, the DPA talks about the data subject -> The person the data is about.
I have. But you shouldn't need to secure it.
A thief is no less of a thief just because the car was unlocked.
Dilbert RSS feed
That doesn't wash under UK law, nor in most of Europe. It is against the DPA for a business to hold data on you unless there is a mutually agreed reason for them to do so between the two of you or unless they fall under one of the specific exemptions provided by the act such as for law enforcement, or health provisioning. Facebook falls under none of this, so without a doubt is in breach of British law and similar laws in much of Europe.
Whether anything will be done is a different story, our ICO is a toothless waste of space, so I imagine they'll be able to get away with it regardless.
So this got me thinking...
Start a FB Profile, which is to assume you are taking ownership of your profile (and subsequently personal info). The delete your FB, and request they remove your profile and information from their servers.
99% sure this won't work, but 1% of me had the idea.
Something witty.
Even without Facebook selling it, it's already in some unscrupulous hands.
FTFY
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Good to see this is getting some wider exposure! They used to send a courtesy mail to tell you they had your information and suggest you get an account so you can see it. Do they not still do that?
That was the classmates.com people, sending weekly if not daily emails, if I recall correctly. Nothing a little spam filter can't clean up.
I keep getting prods from FB, I have updates. To heck with them, I don't care. I'm not here to enrich these people.
I also found the source of the little pop-ups which want me to finish filling in all my personal information or when they want me to take a tour of something they've added or changed. FB is about as annoying as Windows with all those damn balloons popping up. Sure-fire way to drive me out, keep bugging me.
A feeling of having made the same mistake before: Deja Foobar
4-5 years ago, my friends were always asking me to stop inviting them to facebook, because they were already members. It was funny because I wasn't even a member myself. Yet, somehow they were getting invited by me to join. Cut to a few years later, I joined facebook only because I wanted to see how well integrated it worked with my palm pre. It integrated really well. A few days into my membership, I got an friend request from a college buddy. There was a shadow profile, but I had figured that he hadn't filled his profile out yet. So I accepted. The next day he told me he said f*ck it and joined on my invitation. So, he wasn't a member and hadn't done a friend request. I felt so stupid for falling for it. My acceptance of his friend request generated an invite to join FB from me. I should have known better. Needless to say, I researched how to delete my account. Funny enough, there's still a shadow profile of me naturally. My buddy, on the other hand, lives on the site. I guess he can blame me once he wakes up from his FB daze.
Where's my sock? There it is...
I think you're right, but I've received creepy email invites from Facebook saying "You might know these people come join us" followed by 9 profile images some of close friends and some of acquaintances that happened to attend an event that I've gone to from time to time. It was creepy and is the main reason I want nothing to do with facebook.
Sign up for facebook and fill it with lies. Soon their information won't be worth jack shit.
I very carefully avoid giving Facebook information [like my cell phone numbers and most of my email addresses, etc] that I don't want them to have [or by subsequent TOS change, share with the world]. But I can't prevent my gullible sister-in-law from uploading it all to them anyway through her careless use of Facebook's iPhone app or her blithe acceptance of having her address book vacuumed up in the alleged search for alleged friends. So even if I don't give it to them, it's too late. They have it already. And as we all know, once they have it they are never deleting it. Facebook can't be the only one guilty of this, Google and Microsoft must do it as well. Unfortunately, it would seem that if you’ve ever told anyone anything about yourself that they might have put in their address book [and that includes the note field] it is probably on the cloud now.
So while everyone is taking issue at Facebook doing this, whats really needed is a Personal Information Control Act aimed at individuals rather than corporations?
Rather like (as i am in the UK) a Data Protection Law aimed at everyone, rather than just what businesses and organisations can do with data collected?
Or are we going to try and stick a band aid on it by limiting what companies can collect from people willing to offer?
The only way to ensure anything stays secret is to Nottell it to anyone else. Otherwise, it's not longer a secret. Then you have to Nuke them From Orbit to ensure the prompt and complete removal of that secret.
Mod me up/Mod me down: I wont frown as I've no crown
Facts aren't copyrightable. You don't need a license to store them.
Besides, even if they accessed copyrighted content (let's say, a text you sent someone using email and they copied to their FB wall) the liable person would probably be the people who posted it, not Facebook.
Dilbert RSS feed
For heaven's sake, get it into your head: You do not "own" facts about yourself. You never did. It has never been, and will never be, illegal for someone to look at you in the bus queue and observe what clothes you're wearing, what your height is, what your hair colour is, or what number bus you're queuing for. Nor is it illegal for someone to listen to you chatting to your friend and hear your name or where you live.
Even before the widespread use of computers, people were compiling databases about individuals. In the Victorian and Edwardian era there were still card indexes of potential customers' names and addresses.
What is different here is the *interconnectedness* . I don't mind people complaining about interconnectedness - I mean, it's pointless and they've missed the boat by at over 20 years, but it is at least a valid argument. The ability of this information to spread at lightning speed between billions of people using thousands of databases, yes, that is relatively new. But complaining about somebody else knowing facts about you, that's dumb.
In England we've had this for well over 950 years, since the Domesday Book in 1089AD which listed every landowner in the country. Most likely the Roman empire kept a similar directory over two thousand years ago.
If you visit a company's website and they record the facts of your visit, that is NOT illegal. It's not even immoral. It only becomes controversial when they pass this information on to an entity which was not otherwise involved with your visit.
Andrew Oakley - www.aoakley.com
It was Facebook telling me I'd been tagged in some photos. They solicited the information from the users they already had and then sought to widen their net even further. I'd been shown Facebook months before that happened and until then had happily avoided it. Now there are 'Like' buttons on as much of the internet as Google's Ads.
Leela: "Is all the work done by children?" Alien: "No, not the whipping."
I would say what needs to happen is people need to learn about the concept of "a matter of public record" and get used to the fact that while historically actually searching for public records was difficult it no longer is.
In short privacy is obsolete, our culture needs to adapt to this. Because ultimately all this information has always been available (high school yearbooks, for example have done much the same things as Facebook in the GP's example) the only thing that has changed is the barrier to accessing that information has lowered, with the automation of the collection and correlation of the data.
Surely someone better at programming than myself has either produced or is working on a simple set of software that will fill these databases with false information, rendering the whole thing unreliable. This actually seems like an appropriate task for an organization which refers to itself as anonymous .
Even if human interaction is needed (or better at than software) to create the accounts (answer captchas), once the couple million accounts are up and running they could randomly friend and unfriend each other, get involved in various groups, produce believable profiles, and become pollutants in the databases of companies such as Google and Facebook. Before long there rises the question, "is this profile real or fake? can't answer that? can't consider it real". The fakes could even base their profile on real profiles, altering things like school graduation year, and selecting a subset of contacts from various 'friends' of the real profile. With just a few 'friends' on Facebook an account rapidly begins receiving suggestions from Facebook itself on who might also be a known friend. It would be self propagating.
This may already be in action. I've had a few people/accounts that I did not know on Facebook send me a friend request, but were friends with several of my friends. Before accepting I asked our mutual friends if they knew who this person was. More often than not my friends said they didn't know them but since we went to high school together they didn't want to be rude. NO THANKS! Just as easily as this could be a data pollutant account it could also be a 3rd party mining Facebook for private information. Social engineering has always been a more powerful method than security hacking.
Anyway, I just think that rather than fighting for privacy the better approach is to corrupt their data through their own system. It seems more wicked.
No sig for you. YOU GET NO SIG!
When both users are registered, Facebook is able to extract relationship data from somewhere. I have received friendship suggestions for people who once sent a single email to an alternate email account I used years ago, which I never put on Facebook. Even assuming all these people are fucking idiots who gave Facebook access to their email accounts, this shows Facebook harvests far more data than it lets on.
In this case, it firstly stores your email contact lists even if you decline to manually send these people contact requests. It secondly is able to form (from other sources, maybe other people's email accounts) a link between different email addresses you have used.
FWIW I prefer "Let's eat grandpa!" as my commas being important sample sentence.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
I'm MikeB0Lton too. We should have beers and stuff.
Let's say you went to Slashdot High.
People visit Slashdot when they're high? That'd explain a lot of comments! ;-)
Is that you, Steve Martin*?
* Thought nobody would remember, eh Tsingi? http://www.brainyquote.com/quotes/quotes/s/stevemarti163457.html
Nah, it's OK. I'm not embarrassed to say that I rip off humour. It's still funny.
Mind you it is a little embarrassing to get caught ripping off Steve Martin.
You've certainly secured that arrogant cock up your ass.
Facebook wouldn't allow such an application. To export the data, you'd need a Facebook application. To make a Facebook application, you have to agree to their Terms of Service (Facebook likes to call it a "Statement of Rights and Responsibilities").
3. Safety ...
We do our best to keep Facebook safe, but we cannot guarantee it. We need your help to do that, which includes the following commitments:
3.2. You will not collect users' content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our permission.
Believe me, it's been tried. Facebook is quick to respond and threaten a lawsuit if you continue.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
What is unfortunate, Facebook might be willing to sell this data to 3rd parties without your consent... as your friends/coworkers/family have already consented to releasing the contact information for you. Even without Facebook selling it, it's only a data breach away from some the unscrupulous hands.
I don't know that there's anyone more unscrupulous than facebook. The mobsters and fraud rings out there really just want to use your identity to take money from banks. They're annoying but not really that dangerous to ordinary people (nor to the banks, who treat low-level activity as a cost of doing business). The law is also firmly entrenched against them, and they are occasionally caught and punished. Facebook and their ilk, however, sell humans as products to thousands of corporations around the world, and they do so with impunity. They are a direct and real threat to every individual person alive today and countless unborn yet to come. If you put a gun to my head and told me I had to give all my personal information to either Mark Zuckerberg or a Russian gangster, I'd give it to the gangster every time. Then I can go file a police report, close all my accounts, and start over with no loss but a few hours of my time. Eventually the gangsters will be caught and imprisoned or perhaps killed in a war with other gangsters. There's no such happy ending possible if facebook gets its hands on my data; even if I change my name, move to a different state, and start a new career, sooner or later facebook will get my new data too. There's apparently nothing I can do about it, and the law won't help me.
Bottom line: a "facebook data breach" would mean nothing to us, since everything in their database was already for sale; it would only harm facebook, who will have given away what they were previously selling.
Who's data is it? While it may be your phone number and your birthday, it is really just the data of the user who entered it. You gave it to the person without restrictions.
Nope the data do not belong to the provider (at least in the EU). It comes down to who's being personally identified by that data. If I upload your contact details to Facebook, they will be obliged to disclose that to you if you should make a subject access request. They're obviously they are not required to tell you who owns the address book in which your details are found. In theory you could even ask that your details be removed from my account. Of course removal may be refused, but Facebook would be obliged to explain why, and risk legal action if they can't provide a good reason for why they would need to retain your data.
I'm not sure how this works across Europe, but even data given to individuals may be subject to protections. Restrictions could be based either on a legal agreement or the expected norm for the use of the data. For example, if I post my data on your Facebook Wall it would then be difficult to argue that I wanted it kept secret. If on the other hand I send it privately I would have more of a basis for a complaint if you should then post it on your wall. Data protection gets kind of murky at the individual level or when the data controller is little more than some guy running a forum.
I'm not a lawyer and I welcome corrections here. It's based on some limited exposure I've had to data protection compliance in the EU.
-- Using the preview button since 2005
I have come to peace with microsoft long ago.
They just want my money. I can live with that. Google and facebook, otoh, give me stuff "for free" in order to sell me.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
but is it really worth derailing a thread just to mock someone's mistake?
Derailing?
Mock?
This. Is. SLASHDOT!!!!
Linux, you magnificent bastard, I read the fucking manual!
Playing along:
You got trolled. Hard.
Is it still being trolled if I troll back?
Most of Microsoft's evil was directed at their competition. They were rarely evil to their customers, lock-in aside, just incompetent. With things like lawsuits over FAT patents and demanding $15 for every Android phone sold, they're still just as evil to their competitors, but they seem to be a lot less incompetent to their customers (I've not used it, but I've heard good things about Windows 7).
In contrast, Facebook is evil to its users.
I am TheRaven on Soylent News
You do not "own" facts about yourself. You never did. It has never been, and will never be, illegal for someone to look at you in the bus queue and observe what clothes you're wearing, what your height is, what your hair colour is, or what number bus you're queuing for.
Yes, but it's also true that if a creepy man staked out a bus stop for months on end recording data about people, the police could get him to "move along sir". And if that creepy man was following you around all day, day in and day out, you could get a restraining order against him. Somehow I think getting a restraining order against FaceBook, Google, etc. will be a little more difficult despite the fact that they are stalking the entire world. What's needed is for the legislature to come to the rescue.
-1, Too Many Layers Of Abstraction
Well, the issue was that in the past security by obscurity actually worked (or maybe we should call it privacy by obscurity). Your photo in a yearbook didn't make identifying you in a photo array on the other side of the country any easier, and your fingerprint on a card in Memphis didn't make you a suspect for a crime in Seattle.
Today databases are becoming so ubiquitous that it is getting to the point that if anybody knows anything, then anybody else who is determined can find it out unless it is kept very carefully controlled.
I think that privacy ultimately will just have to go away. It isn't unlike what has happened with weapons - once upon a time unless you were Zorro your chances of slashing up a whole crowd of people with your sword before being incapacitated were remote, but today anybody can buy a gun or improvise explosives. Perhaps some day somebody will invent the Star Trek replicator and anybody can make their own nuclear bombs. Technology marches on and all we can do is cope...
What, and stifle innovation?
I swear to God...I swear to God! That is NOT how you treat your human!
So if i sign up i need to agree to their TOS.... and that enables them to sell my information... If i dont sign up and agree to their TOS they distribute my information in whatever way they seem fit....
Seems fair...
I don't think Facebook should be merely fined, I think it should be fined so vastly that it's very existence is put in doubt. I think CEOs, boards of directors and shareholders should be absolutely terrified to the point of pissing their pants if they create an aggregate database of people who have not given explicit permission to be in such a database. I want them to wake up in the middle of the night in cold sweats at the very thought that anyone in their data centers might even be doing it. I want them to spend a fair portion of every day worrying about it.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Somehow I think getting a restraining order against FaceBook, Google, etc. will be a little more difficult despite the fact that they are stalking the entire world.
No need for an order against Google. Go look at Google's privacy tools page (there's a link on the bottom of the search page). You can see everything Google is tracking about you and Google provides ways to opt out of all tracking and even tools to ensure that your opt-outs don't get lost. Try it. You'll see that you start seeing more generic advertising and your search result quality will decline a little.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.