Slashdot Mirror
How Facebook Figures Out Everyone You've Ever Met (gizmodo.com)
"I deleted Facebook after it recommended as People You May Know a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email," an attorney told Gizmodo. Kashmir Hill, a reporter at the news outlet, who recently documented how Facebook figured out a connection between her and a family member she did not know existed, shares several more instances others have reported and explains how Facebook gathers information. She reports: Behind the Facebook profile you've built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you've never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections. Because shadow-profile connections happen inside Facebook's algorithmic black box, people can't see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up. Facebook isn't scanning the work email of the attorney above. But it likely has her work email address on file, even if she never gave it to Facebook herself. If anyone who has the lawyer's address in their contacts has chosen to share it with Facebook, the company can link her to anyone else who has it, such as the defense counsel in one of her cases. Facebook will not confirm how it makes specific People You May Know connections, and a Facebook spokesperson suggested that there could be other plausible explanations for most of those examples -- "mutual friendships," or people being "in the same city/network." The spokesperson did say that of the stories on the list, the lawyer was the likeliest case for a shadow-profile connection. Handing over address books is one of the first steps Facebook asks people to take when they initially sign up, so that they can "Find Friends." The problem with all this, Hill writes, is that Facebook doesn't explicitly say the scale at which it would be using the contact information it gleans from a user's address book. Furthermore, most people are not aware that Facebook is using contact information taken from their phones for these purposes.
LinkedIn Also does this.
It's just more in your face about it.
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
I disable the FB app that the cell provider baked into the Android rom so even though it spouts dire warnings about the system not working properly if that's done. I assume that's enough to prevent it from sucking out my info but who knows for certain anymore and what about people who don't disable it?
Time for new privacy laws, I guess.
Private companies should not be permitted to collect data on people not in a business relationship with them just because someone else shares it with them.
Let my sister mention my email address on her Facebook wall - Facebook shouldn't be able to do anything with it unless I am already a Facebook user and have provided that same email address.
Legislate them into purging any such mapped relationships from their databases, legislate them to ban rebuilding those relationship maps.
Just because privacy isn't important to someone else doesn't mean I should have to surrender mine.
I thought it was cool when I got my Star Trek communicator (flip phone) and trichorder (smart phone).
Not so much when I find that Hari Seldon's psychohistory and MAC III's predictive modeling (Sea of Glass, Barry B. Longyear) is in the hands of Facebook et. al.
And we still don't have flying cars!
Check your premises.
It serves you well.
Seems pretty obvious this should qualify as a privacy violation, especially in 2 party states where recording conversations requires the consent of both parties, no?
Only winning move is not to play.
Do not look into laser with remaining eye.
Film at 11.
The real question is:
When are people going to put to a stop to a company
a) collecting copious amounts of info about you,
b) not informing you _what_ exactly they DO know about you, and
c) profiting off of it
What's that? I can't hear you over the Capitalism propoganda ...
It must just use cellphone navigation devices (cell tower mapping or GPS) to find out who facebook users has been nearby each other at some point. This works only between those users who has also facebook account entered to cellphone.
That company is a monstrous surveillance engine... People don't use Facebook. Facebook uses people. Uses people to get data about other people.
--Richard M Stallman
When are people going to learn? Your privacy is worth something, and if you use so-called 'social media' and smartphones, you're giving that away for FREE to people and organizations that don't give two shits about what's good for you, only what makes them the most money. Nothing Facebook is 'giving' you is worth what you're giving up. Your 'smartphone' is just a mobile surveillance and data-collection platform, and you're paying through the nose to have one. Seriously, when are people going to wise up?
quite whining about loss of privacy and hijacking of democracy. fb/goog/amzn/twtr are offering free goodies for everyone. they should be worshipped and allowed to operate unfettered.
The info that you (and other Facebook users) provide voluntarily is certainly the primary source, but I think it's reasonable to speculate that it is by no means the sole source of Facebook's "connections" capabilities. Just like anyone else who wants to know something about someone, Facebook almost certainly Google's you. In this particular situation, it's worth mentioning that court cases are typically public record, and many of those records have been made available online. Therefore, a comprehensive search of the web would likely eventually turn up a record which includes the names of the two counsels on each side of any given case, as well as other people who were involved in that case. Cross-reference those names against the Facebook user list, and there you have it: several new potential connections.
reminds of that story where a father found out his teenage daughter was pregnant because Target sent her a coupon for baby powder or some such based on her purchase history. I understand it's a big problem in the closeted LBGTQ community and among sex workers because they'll have two FB profiles for their double lives and FB will constantly link the two.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'm expect that using the system tools to block access to the address book is probably sufficient on Android and iOS - so long as it's done before the app is ever launched.
What surprises me more is that people don't consider geolocation. Many many facebook users share their location with Facebook. It's then trivial for facebook to see that you are repeatedly in the same location at the same time as another person.
That lawyer might have met defense counsel at a couple of mediation hearings in a lawyer's office, then they went to the same court house at the same time every day for a week. It's easy to suppose they know each other.
Similarly for the sex worker who meets the same client at a handful of different hotels. Both their phones arrived at the hotel at the same time on the same days. Then they left together. Again, the connection is trivial.
At least with Google, you are paid for this data with better traffic reports and better directions. You can decide if that is worth it or not. With Facebook it seems you get nothing in return while they amass a huge amount of information you thought was private.
Orwell never thought that the noose that would go around peoples' necks would come from the private sector.
---- The above post was generated by the Turing Institute. Maybe.
"Person is Promoted Because of Facebook Post"
or
"Divorce Averted Because of Social Media"
I used Facebook but I had to use Firefox my browser being incompatible with Facebook.
My recommendations for friends were obvious gangsters.. I am not a gangster I do not know any gangsters.
2 months later they recommended a social worker from Taiwan I am not Taiwanese and I do not know any social workers from Taiwan.
They then recommended as a friend 2 black people from South Africa who were obvious small-time muggers! I do not know anybody from South Africa and I definitely do not know any muggers..
Based on Android, 100% open source, hardened for security and privacy.
https://copperhead.co/
If you cannot read on what you are using then you should not be using it, if you are dumb enough to link your personal info on social websites, then YEAH you should get profiled by them, it's not like they are using mind control, YOU gave them the right to your shit by clicking like a headless chicken on any pop-up or feature and THEN expected these companies to play fair.
After that, people say they know how to use software and social media, F....You imbecile
Nah, you're screwed if your friends or family or coworkers play.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Data is Facebookâ(TM)s revenue model. If you regulate away their revenue, you destroy the company.
People always want to run off to the government to supposedly solve things; it does not work. If you have a problem with Facebook, stop using it. Delete your account. Block their trackers. If everyone who complains all the time about Facebook privacy, who still is USING Facebook, took these steps then it would force the company to change or go under.
If you actually care, then be an adult and handle it yourself by not using Facebook and by blocking their scripts.
Years before Facebook even existed, I regularly used Lexis Nexis for work (journalism, although anyone can have an account), tracking down people, seeing who was "attached" to an address (connections determined through a secret algorithm), their phone numbers, their mortgage information, and lots of other public records data.
My point, I guess, is that this is nothing new, and that there are for-pay databases (like LN, but many others too) where ANYONE can get your info, see your connections, and find out about your life. FB certainly does it well (and more personally), but I'm sure these other companies have new and better technology than when I was using them.
The only winning move is never to play.
Fuck you slashdot for turning into a site Facebookers go to.
Some find it hard to believe. But you can socialize on the internet with yoru friends and family and coworkers without using Facebook. Without giving them a log of every word you ever say. Everywhwere you ever go. Every person you meet.
Really!
In fact, people were socializing online even before Facebook existed! Amazing, isn't it?
To determine whether the proximity effect is valid, you would need to see if others with the same profile would also be recommended as well.
It scanned some email account that the other party exposed to Facebook. Here's the thing: you never owned your metadata, or any data that you ever shared with anyone. The minute you communicated, you placed yourself in someone else's power. And of course degrees of separation exist in that data too, with the data rejoining in common acquaintances at times. Nothing nefarious here. Yes, the implications are significant. What else is new?
This happened to me with facebook when I had just started dating someone. We had been going out about a week, and she said that facebook kept recommending my profile to her, even though we had no friends in common, etc. The only connection I could see was that she was using the same phone to text me and access facebook. I thought maybe facebook accessed her contacts on her phone, saw a new contact that matched the phone number I have stored with facebook, and suggested me to her.
Of course she turned out to be rather stalker-ish, so maybe this didn't happen and she simply used her stalking abilities to find me on facebook.
http://github.com/gbook/nidb
"We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email."
Well, but the other person may have had this work email in his address book that Facebook pilfers completely. When I still had a Facebook account it often suggested people from which I knew they had my email address I used for my Facebook account.
It's hopeless, you may stay as far away from FB as you want: If you interact in any way with people who ARE Facebook users FB will learn a lot of you. Just as with WhatsApp: You may not use it and not upload all your contacts to WhatsApp, but other WhatsApp users do this (WhatsApp uploads all contacts) and so WhatsApp knows who has your address in his contacts, so they know who's connected to you even if you don't interact with WhatsApp in any way yourself.
They all may not see you, but they see a you-shaped hole in the network.
One does not simply delete someone else's website.
I think it's very likely that these amazingly-gullible people had been downloading and installing Facebook's application and they were running it on their own computers! The stuff about it accessing their contacts pretty much settles it. (How the fuck would a website find out about my contacts?!)
Regardless of whether you think Facebook is a good idea, whether or not you can tolerate its horrible UI. whether or not you think anyone/everyone should have access to who you know, whether or not you happen to like looking at ads all the time, and whether or not you think email is too hard to use, FUCK NO you shouldn't be running Facebook's code.
They're a website. They happen to be a shitty and threatening one, but they're still just some random website, unless you take the fucking stupid step of making them be More than just a website. If you're doing that, then don't just admit that you think Facebook is a good idea: admit that you rabidly think they're a good idea with overwhelming zealousness, such that you would run their code so that they have access to more than what a website normally has access to (which is a lot).
Anyone who is running Facebook's code on their own computer, ought to be ready with lots of good explanations for that. Because, holy crap, WHAT THE FUCK?!?
Start spamming. Posting Porn. Look like a bot.
If you don't have a Facebook account, and create one, start to fill it with spam, porn, advertisements, etc. Facebook, LinkedIn, OKCupid, etc will mark your data as spam and non-valuable, and no longer populate your information with hidden information.
Enough people do this and the value to advertisers goes down.
Stalking, spying and harrassing people are illegal things if they are done for "creepy" reasons, where creepy is defined as.. uh, I don't know.
But "creepy" does not include trying to sell something to someone.
I can put a hidden camera inside your toilet bowl, if the purpose of that is to tell you the exact moment that you should consider buying Cajun Bowl (TM), the only toilet bowl cleaner that 7/10 focus group members said smells a bit like Jambalaya.
I can put a microphone in your bed, if the purpose is to gather your sex frequency so that I can sell you Cajun Lube (TM), the lube that tastes like hot sauce.
These aren't creepy intriusions; I just want your money. Next time you think you feel my cold hand on your ass, remember: that asscheek is where you hold your wallet. I'm just money-grubbing. Now let me give you a little squeeze. Mmmmmm, yes, I feel some 100s in there. You rich! Might I interest you in a Cajun Cask (TM), the only coffin proven to not float away in a flood?
"Believe me!" -- Donald Trump
Here are some of the cited links:
http://mashable.com/2013/06/26/facebook-shadow-profiles/
http://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/
http://www.zdnet.com/article/firm-facebooks-shadow-profiles-are-frightening-dossiers-on-everyone/
https://splinternews.com/facebook-recommended-that-this-psychiatrists-patients-f-1793861472
Well, when I got on Facebook, some years ago, I didn't do so to connect with people. Well, technically, I did. I was trying to track down the person whose tax forms I'd received. To make a long story short, you couldn't search for someone on FB without being on it, so I joined, didn't find them, and tried to find the person through other methods.
Within a half-hour of creating my FB account, I decided, "I'm not really going to use this, am I?" and went to delete it.
I already had over a dozen friend requests from people who knew me, including a couple relatives.
Yes, I had to put in some personal information about where I lived. But it's damn spooky how quickly it can make associations and provide that information to their userbase.
Mr. Hu is not a ninja.
Adds no value and creates more work for me to have to manage my reputation.
....FB has suggested I may know people I've met in a swinger club!
That's my solution. I don't use it and I won't use it. I had linkedin for awhile, ditched it as well.
I'm not a socialist so I don't put any importance in their networks.
Corporatism != Free Market
Another excellent reason to be off Facebook. The three year anniversary is to happen soon. : )
Jewish xkeyscore
Get rid of Jews. Period.
We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email,"
Or they were scanning the other guys email account that he had allowed Facebook into? With email, it takes two to tango.
I'm sorry, but how does Facebook get my email? They're completely fucking separate. Do they somehow magically have my IMAP login credentials? This makes no god damn fucking sense.
There is a movie with Tom Hanks and Emma Watson called "The Circle" which is about this very issue.
It's about what others share about YOU.
With how people carelessly sign-up for services that politely ask you if they can scour your contacts to see if they can find someone who also uses said service so they can link you both; why is it surprising to anyone that you eventually become known despite never actually having shared anything yourself?
We have the ability to compute a LOT of information in this day and age. Think of what Facebook, et al, are doing as detective work on super-steroids.
My 2 cents. I'm probably full of shit, surely?
I tend to rant.
Maybe we can create a new slap face organization. A monument to what they've done to your privacy.
As many commenters have already noted, not using FB is not sufficient to avoid the shadow profiling. I am a socialist, but I put even less value on their networks than you do.
The world is small. And Facebook knows many of its connections. It probably mostly suggests friends based on your connections, favoring people that are connected to you through multiple paths, not just through friends of friends but also through communities and events. Often, such connections are not that easy to find due to blocked friend lists and you not wanting to scan through 200x200 peoples lists of friends, but Facebook can easily find such paths. I don't believe it does anything more spooky than that. They could do super spooky stuff, but they don't because it would probably scare people away.
What it might do, though, is suggest you friends based on what those people looked at, your profile for example.
0x or or snor perron?!
I have never been a Facebook user. I have never owned a cell phone. I go as far as to alter my /etc/hosts file to block Facebook, Twitter, Google Ads, and other domains. I've never even created a Slashdot account.
Yet Facebook sends me e-mails which are typically (5/6 friends) accurate.
Years ago I deleted the Facebook app due to excessive battery drain. Judging by how hard they have been trying to get me to install it since, I made the right decision. Besides the access to Contacts touched on in TFS, it is also tracking your location constantly, so it is just as likely that the match to the defense attorney came from them being in the same courthouse at the same time on a number of occasions, perhaps combined with other factors such as social class, and perhaps some shared friends of friends.
If you are stupid enough to be a Facebook "customer" or user then you deserve everything you get in the form of blowback. You are NOT Facebook's customer; you are a free, self-stocking, self-promoting, self-refreshing product that Zuckerberg sells over and over and over again to his ACTUAL CUSTOMERS (the ones PAYING him BILLIONS of dollars).
Same for Linked In and all the other soul-sucking, privacy-eliminating, political-manipulation and propaganga-shovelling "free" services on the web.
NOTHING prevents the zuck and his pals from selling everything they know about you to criminals, hackers, and gangsters of all sorts. Same for sites like ancestry... which give you the opportunity to sell-out all your friends and relatives too. It may well be stupid that banks in the US like to use things like your mother's maiden name for accessing bank accounts, but that's the way it is and when you allow these internet outlets to aggregate that stuff on you and all your friends and relatives you are just pinning a gigantic "kick me!" sign onto the back of yourself and everybody you know.
"social media" is the single most anti-social thing on planet Earth; it encourages people to communicate impersonally through machines to large numbers of pseudo-friends around the world, rather than face-to-face with REAL human friends in-person, with eye-contact and full attentiveness.
Everybody who is stupid enough to sign up for a Facebook account is agreeing to all this. Are you imagining that the billionaires running these outfits have not spent a little time and money tasking lawyers to make sure every use case is properly covered in the fine print of all those click-through agreements most people never READ?????
If you do social media garbage, then you have already agreed to all this stuff and you have consented to them owning all the info they gather and selling it to whomever they please for whatever purpose and at whatever price. You probably also consented to an agreement that allows them to keep doing it to you even if you quit their "service" which is not really a service to you at all but rather is a paid service for their actual paying customers (the prople how BUY stuff from them). It's actually possible that they have more legal ownership of the data they have gleaned about you than you do and they could some day sue you for copyright infringement if you publish certain combinations of data about yourself.
People were perfectly sociable and living just fine, including using the internet, for many years before Facebook, LinkedIn, etc even existed. Facebook seems to be nothing more than the new AOL - society's morons thought AOL was the Internet back then and now these same sorts cannot even imagine the net without Facebook.
Facebook is all about data mining, It is not a non-profit organization. This should not be a surprise.
This will probably be an illegal practice within the EU come next year. You will not be able to store information on users that they have not consented to. Email addresses and many other pieces of information are considered as personally identifiable and you will need permission from the person identified by it to store it. This will of course cause lots of problems for email and other uses of information but it will probably stop the big companies' misuse of information.
Do not feed the trolls. Do not give Facebook any information.
If the government did this we'd be screaming loud and clear to our lords and masters in our Legislature to put an end to it. We've already done this, repeatedly.
Why in hell should I trust Facebook more than the government? Why in double plus hell should I trust Facebook to never ever under any circumstance share the data with the government?
I always figured there was a good reason to avoid Facebook, twitter, and such while I fudge, a lot, with linkedin. It's not paranoia when you know "they" are out to get low lying fruit and you happen to be low lying fruit for their picking.
{^_^}
That people don't know the "scale" contacts data is being used to find their friends is not the right problem to identify here.
Problem one:
Some people might be so self-involved they don't realize "help me find my friends" includes "help my friends find me," so they become astonished when Facebook facilitates someone else's taking a minor action that displeases them.
Problem two:
My friends agree to hand over the data because they want their friends found. They don't care about the "scale." They are making a decision for themselves, and they want their own friends found, all of them. But my friends' decision affects me. When I gave my phone number to my friend, I didn't want it used to add my friend's phone number to my "shadow profile." If my friend knew I didn't want that and knew it would happen anyway if they turned on "help me find my friends," it probably wouldn't change their decision, and definitely wouldn't change the fact that I'm not making it.
This is similar to Google location services. It maps wifi SSIDs to GPS coordinates. It also maps IP addresses to GPS coordinates, which then gets used for cookieless location hints in Google Search and DRM enforcement on Youtube. I don't agree to Google Location on my phone, but my friend comes over, says "what's your wifi password?" and promptly updates the GPS coordinates of my IP address in Google's database, possibly undermining my VPN, if any. I never agreed to it. My friend agreed to it for their own benefit. My friend doesn't really care how it affects me and can easily hide behind, "oh, so complicated. I don't have control of any of my computers, wheeee, can't possibly figure this out, but nobody is 'after me' so it's fine I don't care."
This is similar to people who don't use GMail because they don't want Google to "read all their email." Half of the email, and basically all of the mailing lists, goes to Google anyway, and can be used to build shadow profiles like this.
Shadow profiles are a serious problem not because of find-my-friends but because they can be used to collapse pseudonymous identities. Based on shape of graph it's almost impossible to hide that two accounts belong to the same human when you can see all their friend or copresence connections.
The only way to privately social network is to apply privacy decisions to the network as a whole, and then each person chooses whether they use it or not. Even that doesn't solve the Google Location problem.
I had a problem with LinkedIn suddenly wanting to invite hundreds of email address I never gave them.I have only ever used LinkedIn via a desktop web browser and always refused to give them access to my email accounts despite the weekly requests they send. Then suddenly they had all sorts of obscure email address they wanted it invite. Doing some research I found the email address in question were present in my imap inbox on my private mail server. This all happened around the time I brought an AT&T phone while in the USA and gave it access to my email account, so that has to be the prime suspect.
The real problem came when I challenged LinkedIn to tell me where they got the email addresses from. They simply refused. So what can I do? Who can you actually lay a complaint against them with? I want them to explain where the information came from and to delete it but there seems to be no way to do that with a USA based company.
Square also does this. Hire a cab in city XYZ, pay via credit card and they want to send a recipt to your cell phone number as a text message. Open the text message, click on the link and Square has your credit card number, date, time of purchase, ip address, location of your ip address, type of service bought, amount paid,...
A restaurant started send me emails and TEXT messages after I used the same credit card without giving them permission to do so or giving them my phone number or email address
I did not ever give square my email address.
Face book mobile app requires access to your contacts list to install. Don't have it don't want it.....
Don't use linked in app also....