Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Is Giving Advertisers Access To Your Shadow Contact Information (gizmodo.com)

Posted by msmash on from the god-damn-it-facebook dept.

Kashmir Hill, reporting for Gizmodo: Last week, I ran an ad on Facebook targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn't work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove's office, a number Mislove has never provided to Facebook. He saw the ad within hours.

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a "custom audience." You might assume that you could go to your Facebook profile and look at your "contact and basic info" page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it's going about it in a less transparent and more invasive way.

[...] Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper [PDF]. They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks. Officially, Facebook denies the existence of shadow profiles. In a hearing with the House Energy & Commerce Committee earlier this year, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it.

130 comments

  1. Kavenaugh - Republican GANG RAPE Nominee by Anonymous Coward · · Score: -1

    Republicans are such disgusting fucking pedophiles and rapists that they nominated a rapist to degrade America from the supreme court.

    Lock him up!

    Lock up all the republican rapists and pedos!

    1. Re:Kavenaugh - Republican GANG RAPE Nominee by Anonymous Coward · · Score: -1

      Naw, homeboy just liked to party, back in the day. It's all good.

    2. Re:Kavenaugh - Republican GANG RAPE Nominee by Anonymous Coward · · Score: -1

      Lock 'em all up. I don't care what their politics are; just because Bill Clinton signed welfare reform didn't mean it was right that he got away with what he did to Juanita Broaddrick.

    3. Re:Kavenaugh - Republican GANG RAPE Nominee by Anonymous Coward · · Score: -1

      Agree and lock up Corey Booker, Al Franken, Bill Clinton as well. All Democrat and Republican pervs go to jail.

    4. Re: Kavenaugh - Republican GANG RAPE Nominee by Anonymous Coward · · Score: 0

      Why stop there? Why not just lynch everyone who is accused of anything? How about starting with proven sexual predator William J Clinton? Why stop with Clinton, after all if the head democrat is that evil you must rid the world of all democrats, and after that wipe out his entire bloodline.

      Translation... youâ(TM)ve replaced your humanity with something less than human.

  2. shadow contact my asshole by Anonymous Coward · · Score: -1

    tickle my intestines where the sun dont shine

  3. Simple fix by PopeRatzo · · Score: -1

    Don't give Facebook your phone number. It's not required. Every few months they ask, "Do you want to give us your phone number to help us secure your account?" and I answer, "Fuck off, Facebook", as I click the "No" button and move on.

    --
    You are welcome on my lawn.
    1. Re:Simple fix by Lab+Rat+Jason · · Score: 3, Funny

      It's interesting to me that you believe they don't already have it. I genuinely believe that they're asking for your number so they can help protect your account... which said data is kept separate and compartmentalized from the data they know about you for advertising purposes.

      --
      Which has more power: the hammer, or the anvil?
    2. Re:Simple fix by Anonymous Coward · · Score: 0

      Found Zuckerberg!

    3. Re:Simple fix by Anonymous Coward · · Score: 0

      Not so fast.

      Your friends have your number in their Contacts. Messenger/FB asks to scrape your contacts every so often under the guise of "keeping your account secure." I wouldn't be surprised if some of my friends blindly click "Accept" just to get rid of the popup.

    4. Re:Simple fix by Anonymous Coward · · Score: 0

      Not even close. FB knows you much you make, they know where you live, they know any about the cars and real estate you own, they know the jobs you've held, they know who your parents, kids, sisters, brothers, friends are, even some who you have not spoken to for 20 years (long before FB). Aside from some of the relationship links, they know all of this without you even having a FB account.

      No need to give them anything, they already know it.

    5. Re:Simple fix by commodore64_love · · Score: 4, Interesting

      I guess you didn't read the fucking summary: "I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove's office; a number Mislove has never provided to Facebook. He saw the ad within hours."

      So Facebook already had the phone number, even though Mislove didn't provide it..... probably extracted from the white pages (phonebook).

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    6. Re:Simple fix by Anonymous Coward · · Score: 0

      Do you even read, bro? That's why the summary says: I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove's office, a number Mislove has never provided to Facebook. He saw the ad within hours.

    7. Re:Simple fix by Aighearach · · Score: 1

      Unless you gave it to them back when they only let students sign up, you didn't give it to them. At most you confirmed it.

      What actually happened was they got it from somebody who had your phone number in their contact list, either on their computer (email), or on their phone.

      When people create a facebook account, facebook already had their phone number. When they ask you for it, they're just trying to confirm that it is still current.

      Your naivete would be cute, except that you purport to be a nerd. Naive nerds are not cute.

    8. Re:Simple fix by Anonymous Coward · · Score: 0

      And how do you keep everyone else from giving Facebook your phone number? Don't think for a second that they aren't mining the shit out of every possible source of personal contact information. How do you think they got the number mentioned in the summary? Someone, either a personal contact, a business, or a third party specializing in selling personal information gave it to Facebook. Enjoy telling Facebook to fuck off, they already have your phone number anyway.

    9. Re:Simple fix by Anonymous Coward · · Score: 0

      Don't give Facebook your phone number. It's not required.

      .

      You were almost smart, except you still use Facebook, so you're still an imbecile.

    10. Re:Simple fix by Obfuscant · · Score: 4, Insightful

      which said data is kept separate and compartmentalized from the data they know about you for advertising purposes.

      Why would you ever think that any data that they have about you is "compartmentalized" away from the advertising side of the operation? Are you really that naive?

      As for TFA claiming that giving Facebook a number you think is private is helping other people you don't want to find you, to find you -- the person who targeted the ad had to GIVE THEM THE NUMBER for it to target the recipient. In other words, Facebook did not help anyone find this elusive professor, the person trying to "find him" already had his private phone number.

      Had it been Facebook saying, "I recognize that name, would you like his private phone number?" that would be something different.

    11. Re:Simple fix by PopeRatzo · · Score: 0

      so you're still an imbecile.

      You sound like my wife. Honey, is that you?

      --
      You are welcome on my lawn.
    12. Re:Simple fix by Anonymous Coward · · Score: 0

      Simpler fix. Convict Mark Zuckerberg of lying to Congress.

      As for you incorrect statement, if you at least read TFS, you would see that

      [Kashmir Hill] directed the ad to display to a Facebook account connected to the landline number for Alan Mislove's office, a number Mislove has never provided to Facebook. He saw the ad within hours.

      Idiot.

    13. Re:Simple fix by JMJimmy · · Score: 1

      It's almost like that 2 factor authorization tied to your phone... wasn't for security.

    14. Re:Simple fix by Anonymous Coward · · Score: 1

      Don't give Facebook your phone number. It's not required.

      Which clearly indicates you didn't RTFA, so let me help you out here.

      If one of your idiot friends signs up for Facebook, is stupid enough to say "oh, sure, here's my contact list you can slurp up" ... (or even worse gives them the fucking password to their email like a complete fucking moron) ... then that information about you is provided by a third party, and you have no control over it:

      The researchers also found that if User A, whom we'll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we'll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call "shadow contact information," about a month later. Ben can't access his shadow contact information, because that would violate Anna's privacy, according to Facebook, so he can't see it or delete it, and he can't keep advertisers from using it either.

      So all of those dumb fucking idiots you know (and you know who they are) who will let Facebook scrape their email contacts ... they are why Facebook has your number, and why you can do nothing about it.

      "People own their address books," a Facebook spokesperson said by email. "We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them."

      Because everyone who works for Facebook is a fucking asshole, and it behooves the rest of society to aggressively hack, doxx, swat, or otherwise go out of our way to ruin their lives.

      Facebook is literally saying any information they get about you through other sources is fair game. Fine, so is the address, school, and banking information of every fucking Facebook employee, their families, their lawyers, their families children ...

      Anybody who is saying the contact information about you which is uploaded and used without your consent isn't something you have control over has just signed themselves up for a beating as far as I'm concerned, starting with the shit stain that was the Facebook spokesperson.

      I sincerely hope the EU gets wind of this shit, and smacks down Facebook with a huge fine ... not to mention Zuckerfuck being hauled in front of a Congressional committee who demand to know why they were lied to by a CEO of a major corporation.

      Facebook employees, be warned ... if this is your stance on our privacy, you aren't entitled to any either.

      Facebook is a douchebag company ran by assholes and douchebags. I just hope this is enough for a couple of governments to realize this and stand on their necks for a while.

    15. Re:Simple fix by PopeRatzo · · Score: 2, Informative

      As for TFA claiming that giving Facebook a number you think is private is helping other people you don't want to find you, to find you -- the person who targeted the ad had to GIVE THEM THE NUMBER for it to target the recipient. In other words, Facebook did not help anyone find this elusive professor, the person trying to "find him" already had his private phone number.

      Younger people don't realize that there used to be these books published, and given to everyone for free known as "phone books", and they listed your name, address and phone number. Anybody could look you up in these free books and know your location and how to call you. There are still "criss-cross directories" available at every public library where you can look up a street and get the phone number of people who live on that street. They're probably a lot less useful now that people are giving up land lines, but still...

      How did we even survive the 20th century?

      --
      You are welcome on my lawn.
    16. Re:Simple fix by PopeRatzo · · Score: 0

      connected to the landline number

      Landline numbers have been available in criss-cross directories since WWII. That information is public. I mean, it's the guy's office for chrissake. He's in the damn Yellow Pages.

      --
      You are welcome on my lawn.
    17. Re:Simple fix by Anonymous Coward · · Score: 0

      And you had to pay the phone company money if you didn't want to appear in the phone book! Makes Zuckbook sound benign by comparison.

    18. Re:Simple fix by PopeRatzo · · Score: 0

      What actually happened was they got it from somebody who had your phone number in their contact list, either on their computer (email), or on their phone.

      Or, as in this specific case, sine it's an office number of a landline, it's available in any of dozens of public databases. Like the phone book.

      I'm all for privacy, but are people too young to remember phone books? Let's not get hysterical. "Facebook figured out that I'm in California from a photo of me and my car with California license plates in front of Disneyland! OMG! Whatever shall we do?"

      --
      You are welcome on my lawn.
    19. Re:Simple fix by jittles · · Score: 1

      Don't give Facebook your phone number. It's not required. Every few months they ask, "Do you want to give us your phone number to help us secure your account?" and I answer, "Fuck off, Facebook", as I click the "No" button and move on.

      You don't even have the option to opt-in or out of them having your phone number. Someone with your phone number syncs contact info with Facebook and they populate your data. Where do you think Facebook gets this data? Did you even read the summary?

    20. Re:Simple fix by PopeRatzo · · Score: 0

      Simpler fix. Convict Mark Zuckerberg of lying to Congress.

      I'm all for that, but he's going to have to get in line behind at least one current nominee for the Supreme Court and over a dozen members of the Trump administration.

      --
      You are welcome on my lawn.
    21. Re:Simple fix by PopeRatzo · · Score: 0

      Which clearly indicates you didn't RTFA

      No shit. Do you know which website you're on?

      --
      You are welcome on my lawn.
    22. Re:Simple fix by fluffernutter · · Score: 3, Interesting

      It's interesting to me that this answer seems to come from someone every time someone else advises not to give Facebook your information. The message always seems to be "well they probably already have it anyway". Maybe they DON'T have it. If I give it to them, then i know they have it. If I don't give it to them there is still a chance they don't.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    23. Re:Simple fix by Rick+Zeman · · Score: 4, Informative

      SInce when are businesses/universities desk lines in either the white OR yellow pages?

      They're not, and have never been.

    24. Re:Simple fix by Anonymous Coward · · Score: 0

      If you believe that Fakebook has not ALWAYS collected every bit of data on everyone that they can (user or not) to sell to advertisers, you are EXTREMELY STUPID!!! Fakebook is all about data mning! And selling all the data that they get their grubby fingers on to anyone that will pay for it!!! PERIOD!!!! Suckerberg only cares about the money that he can make selling your data, not about people at all! Suckerberg and Fakebook are not about people, they are about extracting maximum profits from people's data and thats all!!

    25. Re:Simple fix by Aighearach · · Score: 1

      Your point seems to only be, "I didn't want privacy, why did anybody else want any?"

    26. Re:Simple fix by Rick+Schumann · · Score: 1

      LOL no. The 'simple fix' is to not have a Zuckerbook account at all. Please do try to catch up, will you?

    27. Re:Simple fix by Anonymous Coward · · Score: 0

      It's interesting to me that you believe such idiocy.

    28. Re:Simple fix by Anonymous Coward · · Score: 0

      No shit. Do you know which website you're on?

      LOL .. um .. WhatFaceTaGramAppDotTube, of course .. Am I in the wrong place? :-P

    29. Re: Simple fix by Anonymous Coward · · Score: 0

      Ha! Joke's on them, I don't have a phone number!!

    30. Re:Simple fix by Anonymous Coward · · Score: 0

      There's other ways of securing an account without requiring a user to confirm personally identifying information. Google Authenticator anyone?

    31. Re:Simple fix by PopeRatzo · · Score: 0

      SInce when are businesses/universities desk lines in either the white OR yellow pages?

      Even better. They're on the fucking campus directory which is on the fucking website.

      And if you were to give me a name and a company, I could come up with a desk extension in about five minutes, without subterfuge or resorting to Facebook.

      Please. The guy probably gives out business cards with his office phone number to random girls (or boys) at the bar. If you have a business and your phone number is a super double top secret, you're probably not going to stay in business long.

      --
      You are welcome on my lawn.
    32. Re:Simple fix by PopeRatzo · · Score: 1

      Your point seems to only be, "I didn't want privacy, why did anybody else want any?"

      No, my point is "I do want privacy, but hysteria over a publicly-available phone number being publicly-available doesn't help us get there."

      --
      You are welcome on my lawn.
    33. Re:Simple fix by mrbester · · Score: 2

      Except that still doesn't work. I'm pretty sure I've got a fairly comprehensive shadow account. For example, I've never given Facebook my phone numbers or email / real addresses, but I'm pretty sure they have my name attached to them thanks to at least one recruiter who uses Facebook and had those details in their contact lists. One might have a landline, another a mobile, a third an address, etc., but all had my name.

      Point being, it isn't necessarily your friends who have inadvertently released the data, it's anybody you've had contact with. Or anyone they've had contact with. Or anybody they've had contact with, because you can be sure that the trifling problem of n degrees of separation and probabilistic determinism that this data record has a common key to that data record was solved years ago.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    34. Re:Simple fix by Narcocide · · Score: 1

      Doesn't that just give your personal information to Google instead?

    35. Re:Simple fix by farble1670 · · Score: 1

      I genuinely believe that they're asking for your number so they can help protect your account...

      Did you read TFA? It's somewhat related to your belief.

    36. Re:Simple fix by Rick+Schumann · · Score: 1

      Well, set your adblocker and NoScript to block Facebook domains as well as bailing out of Facebook, and over time any data they have on you will go stale and be essentially worthless. I think that's the best damage control you can do, aside from burning every Facebook server to the ground (which would be about as easy as deleting something off of USENET, when USENET was still relevant). I'd think that stale data on a person isn't worth anything to marketing types.

    37. Re:Simple fix by i.r.id10t · · Score: 1

      Nope, but they are often available on public web pages

      --
      Don't blame me, I voted for Kodos
    38. Re:Simple fix by Rick+Zeman · · Score: 1

      SInce when are businesses/universities desk lines in either the white OR yellow pages?

      Even better. They're on the fucking campus directory which is on the fucking website.

      And if you were to give me a name and a company, I could come up with a desk extension in about five minutes, without subterfuge or resorting to Facebook.

      Please. The guy probably gives out business cards with his office phone number to random girls (or boys) at the bar. If you have a business and your phone number is a super double top secret, you're probably not going to stay in business long.

      Yeah, and they get from the fucking campus directory or the business cards into Facebook...how? Facebook doesn't fucking send out fucking bots to scrape fucking campus directories, nor is there a fucking VP of Typing In Fucking Business Cards, although that might be a good job for you with your fucking critical thinking skillz.

    39. Re:Simple fix by PopeRatzo · · Score: 1

      Yeah, and they get from the fucking campus directory or the business cards into Facebook...how?

      Public information is public. Who cares how Facebook got this guy's phone number if it was already public?

      --
      You are welcome on my lawn.
    40. Re:Simple fix by stoborrobots · · Score: 3, Informative

      I think we're missing the key point of TFA - Facebook knows stuff that it claims not to know.

      Here's the scenario they played out:

      Alice and Bob have an offline transaction, and as some part of it, Alice gives Bob her landline phone number.

      Alice has a Facebook profile, but never links her landline phone number to it.

      Bob buys a Facebook ad, targeted to Alice's landline.

      Alice sees the ad.

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    41. Re:Simple fix by stoborrobots · · Score: 3, Informative

      Actually, no, "Google Authenticator" is just an app which implements the OATH TOTP protocol (a.k.a. RFC 6238). There are several other implementations out there, and they're pretty much all compatible.

      It's possible (although I don't know if Google's app does so) for the generator application to be a purely offline app with no external access whatsoever.

      It functions essentially like one of the old RSA SecurID tokens - an offline token generating 6 or 8 digit time-based id numbers.

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    42. Re:Simple fix by Obfuscant · · Score: 1, Informative

      I think we're missing the key point of TFA - Facebook knows stuff that it claims not to know.

      They didn't claim not to know contact information of Facebook users. From the /. article linked to as evidence that "Facebook denied doing this":

      Lujan: Facebook has detailed profiles on people who have never signed up for Facebook, yes or no? ... Lujan: So these are called shadow profiles, is that what they've been referred to by some?

      So, these "shadow profiles" are for people who have never signed up for Facebook. Alan Mislove IS A FACEBOOK USER, and is signed up to that service. The profile that Facebook has on him is not a "shadow profile".

      Also, in the previous article, if you read carefully, you'll note that Zuckerberg never denies having information on people who do not have Facebook accounts, he denies knowledge of what "some people" call such profile information. The question is "So, these are called 'shadow profiles' ...?" You are a FOOL if you answer anything but the specific question you were asked when testifying anywhere. Zuck ain't no fool.

      Alice has a Facebook profile, but never links her landline phone number to it. Bob buys a Facebook ad, targeted to Alice's landline. Alice sees the ad.

      The study being reported on says "They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account". How can you claim the issue is one where the user never gives Facebook the number? They gave it to Facebook but not through the normal settings pages for entering contact information.

      What do you think entering a phone number for 2FA means, if not "this number is mine"? How can you possibly imagine that this is not linking that phone number to you?

      Yes, it is a problem that your friends are giving your super-secret personal information to Facebook or other data aggregators. It's a problem with your friends. And yes, I've had family members give such people my email addresses and phone number. It's a bitch.

    43. Re:Simple fix by Obfuscant · · Score: 1

      Yeah, and they get from the fucking campus directory or the business cards into Facebook...how?

      I cannot access "Alan Mislove" on Facebook. All I find are links to this story. HOWEVER -- Google is your friend. If you google his name, the FIRST link provided is to his college webpage, which provides his name, address, telephone number, and a link to his "personal" website, which includes similar information PLUS a link to a map showing where he works. The college page is even helpful enough to list the office phone number with a "tel:" link so it is trivial to identify it as such.

      The second and third links returned on a search of his name are to his "personal" page. One is via a vanity domain, the other direct to the college. It lists his email address, which makes it trivial to link to the college directory page.

      Now, I expect that at some point someone who is so prolific in handing out his super secret office phone number has probably given Facebook his web page information for his profile. Maybe not. Maybe Facebook googled him just like I did -- that's a highly likely thing for them to do to seek more information -- and then they would find the PUBLIC information that Mislove provides freely and without limitation to the public. And Facebook.

      And, even if not, then it is highly likely that someone who he has friended on Facebook has him in their contact list, with phone number, so it was even more trivial to link it to him.

      If you want to prove how intrusive Facebook is, try doing it with information that doesn't take 0.35 seconds of a Google search to retrieve, using information that was almost certainly provided to Facebook by the owner.

    44. Re:Simple fix by commodore64_love · · Score: 2

      My university published a "white pages" listing every professor's desk phone. It was also published online, so Google/others could easily gain access to it.

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    45. Re: Simple fix by Anonymous Coward · · Score: 0

      Yes, it is purely offline. It's a soft implementation is of an RSA token fob.

    46. Re: Simple fix by Anonymous Coward · · Score: 0

      They can just subscribe to updated information about you and keep it in your shaddow profile. Of course this hits everyone, even deleted accounts. Why else would these corps buy and sell private info?

    47. Re: Simple fix by Anonymous Coward · · Score: 0

      Yellow Pages, White Pages, wtf are those?! I haven't seen that shot in over 15 years! -king fucker chicken

    48. Re:Simple fix by terrycarlino · · Score: 1

      And worse than that the phone companies actually sold books of private "unlisted" numbers for a higher price to a select group. We had one when I worked at a newspaper. We also had a Reverse lookup phone book that let you look up a number and get the name and address of the customer, even if the number was unlisted. That one wasn't cheap either. Every Private Investigator office, newspaper, government office and political party office bought that one. Along with the list of license plates registrations. You know in those old '80's PI shows the private dick always needs a contact at DMV to get a trace on a plate? BS. States use to sell that stuff to anyone willing to pay the high price. (typically a couple of grand.) TV used the dodge because they were colluding with the states that didn't want people to realize that.

    49. Re:Simple fix by terrycarlino · · Score: 1

      For what possible reason are you convinced that Facebook doesn't send out bot to scrape data from not just campus directories, but everywhere on the net?

      I surely expect they do. As well as any IOT devices, public records posted online, and Google's database besides.

      This is their business. They collect data on individuals and sell it.

    50. Re:Simple fix by terrycarlino · · Score: 4, Insightful

      Actually it won't, unless you live a hermit's life in a cabin in the woods.

      Do you ever buy on line? Facebook knows about it. As does Amazon and Google.

      Remember the equifax data breach? Does anybody with a brain actually believe that Google, Facebook, the NSA et all hasn't scraped all of that data? Purely for their own protection of course.

      Do you have friends? Family? You can bet Facebook has gotten data from them on you. Plenty of recent data.

      Burning Facebook's servers to the ground being impossible you're right about that.

      As someone who knows history I know that when human populations were smaller and people mostly lived in villages privacy was non-existent. Faster transportation and bigger urban populations gave humans the illusion of privacy for a couple of centuries, but we're pretty much back to the everyone knows your business village now, except it's a global village.

    51. Re: Simple fix by Anonymous Coward · · Score: 0

      True dat, except I don't actually believe Fuckerberg was lying when he said those things in front of Congress. I'm willing to bet the truth is even stranger, as in he actually has no f'ing clue what's really going on within his own company. Just as in Linus and Bill Gates don't know what every line of code is in their own OS, neither does Marky Mark and the fucker bunch. Whole lot of VP's, C level managers, and office politics can easily come into play here. Much like the US govt, one hand doesn't necessarily know what the other is doing, and no one person knows it all. Clusterfuck waiting to happen, or likely already has; shit will trickle down to the public in due time. Tune in next week, same bat shit channel...

    52. Re:Simple fix by q_e_t · · Score: 2

      I own a small bit of woodland and have lost the deeds. Can I just ask FB for a copy? That would be really handy.

    53. Re:Simple fix by stoborrobots · · Score: 1

      There were two different scenarios called out in the article, and the summary:

      1. Information which Facebook has on people who are Facebook users, which they have not provided to Facebook and is not shown on their profile (but which Facebook may have gathered as part of a shadow profile for the user) but is targetable by advertisements

      2. Information which users have provided to Facebook for purposes other than updating their profile, which is not shown on their profile, but is still targetable by advertisements

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    54. Re:Simple fix by Anonymous Coward · · Score: 0

      From what I can tell, the point is that Facebook has been claiming to not be Googling or otherwise scraping information about you--that the only info it has on you is what you have chosen to give it.

      Therefore, it should not matter if it's public information easily accessable to humans. What matters is if Faceook could have gotten this information by any of the means it says it uses to gather information about people.

    55. Re:Simple fix by Anonymous Coward · · Score: 0

      Nah. Trump will get the praise that you wanted to give Hillary. He won't be punished because he didn't do anything wrong, just like Hillary and Bill the rapist right?

    56. Re:Simple fix by FictionPimp · · Score: 1

      Just stop using facebook. I know it seems like going vegan as a meat eater, but honestly after about 2 weeks you will love it. Social media software such as facebook and twitter serve no useful function. They bring noise, angry, hate, and fear and little else. They are helping us destroy our society. I guess if you want to see the fall of man, keep using social media.

    57. Re:Simple fix by Spamalope · · Score: 1

      I tracked it to stealing my number from the phones of people who had it when the FB app was installed. I'd used a rooted android with software that blocked and monitored access to the contact list. And yup, that version of the FB app tried to take the entire contact list as part of the installation. Maybe you could turn off sharing contacts after they'd taken them, per FB's normal friendly privacy conscious style.

    58. Re:Simple fix by FictionPimp · · Score: 1

      I assume Alan has friends. I think it's also safe to assume that Alan has friends who know his office phone number. I'm going to make a risky assumption here, but I'm going to assume some of those friends use facebook. Now some of those friends also probably use messenger and have upload their contact list....

      Googling not required for facebook.

    59. Re:Simple fix by Spamalope · · Score: 1

      Also information FB has taken from users about other users via methods such as exfiltrating info from phones. I had lots of email address aliases at one point I used to determine which online partners were selling my info to spammers. (I'd been getting up to 10,000 emails a day just to me, with less than 20 legit - recent notable catch - Comcast selling my info to T-mobile) FB was sending me tons of emails to sign up to FB to those aliases, I wonder if they acquired and used spammer lists. Anyhow, I had someone with the FB app add those aliases under my name in their contacts and those would stop getting emails from FB, presumably because they'd be added to my personal shadow profile.

    60. Re:Simple fix by Spamalope · · Score: 1

      Haven't they claimed they don't? Isn't that exactly what this is about?

    61. Re:Simple fix by Anonymous Coward · · Score: 0

      On Android, you can use Authy, which is an open implementation. Works for to authenticate on Google without the Google app.

    62. Re:Simple fix by Anonymous Coward · · Score: 0

      the weren't using his public phonenumber for the purpose it's public for, i.e. to call his phone

    63. Re:Simple fix by nitehawk214 · · Score: 1

      I genuinely believe that they're asking for your number so they can help protect your account... which said data is kept separate and compartmentalized from the data they know about you for advertising purposes.

      You may be the stupidest person on slashdot.

      The entire point of Facebook existing is to collect data. Why would they keep anything compartmentalized?

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    64. Re:Simple fix by Lab+Rat+Jason · · Score: 1

      Wow... are you leading with an insult to distract from your ignorance, or is this how you start every conversation? They keep it compartmentalized, because some of what they are doing is illegal! And it undermines their business model if the law is changed to make more of what they do illegal. If they simply started using your phone number (which they already have) to secure your account, then people would realize how much Facebook knows about them, and then pressure would increase on politicians to protect user data more. By the way, they keep it compartmentalized from YOU, not internally, I'm sure that for high paying advertisers, it's a full orgy of intermingled user data.

      --
      Which has more power: the hammer, or the anvil?
    65. Re:Simple fix by Lab+Rat+Jason · · Score: 1

      Wow... so many people misread my comment. They keep it compartmentalized from YOU. They know your phone number, so the most convenient user interface design would be to simply ask "do you want to secure your account with your phone number " and not even bother asking you to type it in. They let you type it in to maintain the appearance that they don't really know all that much about you.

      --
      Which has more power: the hammer, or the anvil?
    66. Re:Simple fix by nitehawk214 · · Score: 1

      This is the same as Echelon. "USA: We don't spy on our citizens. Hey UK, here is all of the data on our citizens, please spy on them. UK: We don't spy on our citizens. Hey USA, here is all of the data on our citizens, please spy on them."

      I don't care who provided my personal details, they are still mine. The fact that facebook is knowingly trying to make an end-run around privacy laws means they are complicit. Zuck and friends should be sitting in jail.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    67. Re:Simple fix by Lab+Rat+Jason · · Score: 1

      I did... perhaps my comment was too subtle. I meant to imply that they already know full what your phone number is... they're asking so they can maintain the illusion of privacy while they add protection (for what it's worth) to your account. Or stated another way, they maintain the illusion of privacy while adding the illusion of security. Thus, the only reason to ask you that question, is in fact to add two factor security, and could just as easily been done by asking "do you want to protect your account with your phone "

      --
      Which has more power: the hammer, or the anvil?
    68. Re:Simple fix by AmiMoJo · · Score: 2

      How did we even survive the 20th century?

      We opted out of the public phone book. In fact the phone company used to ask you if you wanted to opt out when you signed up for service.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    69. Re:Simple fix by Mr_Silver · · Score: 1

      So Facebook already had the phone number, even though Mislove didn't provide it..... probably extracted from the white pages (phonebook).

      I'd wager the answer is even easier simpler than that - someone else has Alan's office number in their contacts list and it was uploaded to Facebook.

      FWIW this isn't anything to do with a shadow account (which is an account created by Facebook for someone who has never joined Facebook) since Alan was already on Facebook. It's more about Facebook storing additional information about a user based on data provided by other users.

      --
      Avantslash - View Slashdot cleanly on your mobile phone.
    70. Re:Simple fix by AmiMoJo · · Score: 1

      Yes, it is a problem that your friends are giving your super-secret personal information to Facebook or other data aggregators. It's a problem with your friends.

      To be fair, when the Facebook app asks for permission to access your contacts in order to look for your friends, it doesn't say "and also to fill out their shadow profiles and target ads at them". I don't know if there is anything in the ToS that they didn't read but either way it's not what most people expect to happen.

      Go ahead, call them naive. It's still Facebook being deceptive.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    71. Re:Simple fix by PopeRatzo · · Score: 1

      We opted out of the public phone book. In fact the phone company used to ask you if you wanted to opt out when you signed up for service.

      I remember the phone company used to charge for the privilege of having an unlisted number.

      --
      You are welcome on my lawn.
    72. Re:Simple fix by Rick+Schumann · · Score: 1

      Am I supposed to take the word of some random anonymous person on the Internet, or should I apply some critical thinking of my own, with a likewise judicious application of Occam's Razor, and a generous dollop of common sense, and use what strategies I think are most reasonable to protect what's left of my privacy? Or do you, like others, expect me to throw up my hands, say "Oh, well, nothing I can do about it!" and allow Facebook and others free reign over anything and everything I do, like a yellow-bellied coward? On the latter, I think not. I am no hermit, I buy little online, I pay cash for things bought in person, and I do not participate in so-called 'social media' because it is a cancer on our civilization, as you well know, and I strongly refute any claims that the only way I can prevent any and all data collection of my person is to abstain entirely from use of the Internet and/or withdraw from society in general. Do you, for instance, actually believe my real name is 'Rick Schumann'? It's a character from a book. I never use my real name online anywhere like this. What few occasional purchases I make online are only with reputable companies that respect the privacy of their customers (Yes, Virginia, there are some of those in the world still). I'll put down good cash money that says what some shit company like Facebook has on me is minimal, at best, and more than likely completely stale and outdated, therefore useless. Stop being a victim and start taking back your life, friend, it's possible and it's worthwhile.

    73. Re:Simple fix by Obfuscant · · Score: 1

      1. Information which Facebook has on people who are Facebook users, which they have not provided to Facebook and is not shown on their profile (but which Facebook may have gathered as part of a shadow profile for the user) but is targetable by advertisements

      Facebook users DO NOT HAVE SHADOW PROFILES. By definition. Mislove is a FACEBOOK USER, and Facebook could have linked his super secret office phone number to his account via any number of means that he wasn't aware of, but that data is not a shadow profile.

      2. Information which users have provided to Facebook for purposes other than updating their profile, which is not shown on their profile, but is still targetable by advertisements

      And to that I say "do'h". They provided data to Facebook and expect Facebook not to have the data. It's not shown in their profile because it wasn't made visible to the public. But advertisers being able to target using that data is NOT revealing anything to the advertisers. The advertisers are NOT being given access to "shadow contact information" by Facebook. They have to already KNOW the contact information. The guy who bought the ad and targeted Mislove through his super secret office phone number already knew the super secret office phone number. He didn't ask Facebook to target "Alan Mislove" and Facebook didn't respond with "do you mean the Alan Mislove whose super secret office phone number is (XXX) YYY-ZZZZ?"

      The biggest problem exposed by this whole brouhaha is that even professional computer science researchers don't understand how trivially easy it is for someone to link together information about them when they themselves make that information freely available to the public on their own websites. When your super secret office phone number is on the first page Google returns for your name, with a "tel" tag so automated software can trivially scrape it, then your super secret office phone number isn't very much of a secret. Failing to expect that a corporate data aggregator where you have handed over some of your personal data would not be able to aggregate that bit of data too is just ignorance of an unbelievable degree.

      But everyone is triggering on the false claim that Facebook is "giving advertisers access to your shadow contact information", which is not what happened here at all. You should be looking at the ignorance of people who think Facebook doesn't link the phone number they provide for 2FA to their account. It's really pretty simple: when you tell Facebook that your phone number is X when they ask for it for 2FA, then YOU are telling them that your phone number is X. There is no magic involved when you later find out that Facebook knows your phone number is X. It should be no surprise to anyone. And if GOOGLE can find it so easily, how can you be surprised when Facebook finds it, too?

    74. Re:Simple fix by Obfuscant · · Score: 1

      To be fair, when the Facebook app asks for permission to access your contacts in order to look for your friends, it doesn't say "and also to fill out their shadow profiles and target ads at them".

      Can you explain in simple terms how Facebook targets non-users for ads?

      And why it is Facebook targeting them for ads when it is advertisers buying the advertising and providing the contact information being used to target them?

    75. Re:Simple fix by Anonymous Coward · · Score: 0

      Google's app will work offline just fine.

      To use Google Authenticator on your Google account, I believe they want your phone number.

    76. Re:Simple fix by Rick+Zeman · · Score: 1

      Google crawls the internet. Facebook doesn't. (and, of course, just because it's online doesn't mean that its in a search engine.

  4. Yep by Anonymous Coward · · Score: 0

    Even though they stated they have removed the ability to target people based on race, age, income, sex, etc, they still do. You just have to take a list of known people you do want to target, upload that and then "target similar people" or something like that.

    So if you only want to target rich, white, males to exclude other demographics it is still relatively easy to do. They have not really changed anything. They have not stopped collecting this "shadow" information, nor have they removed it. It's way to damn valuable to them.

  5. FFS people haven't you had enough of Zuckerbook? by Anonymous Coward · · Score: 1

    Come on, people, it's time to delete yourself from Facebook, wean your actual friends off it, and set your adblockers and NoScript to prevent Facebook from tracking you even if you aren't on Facebook anymore. Do yourself a favor, do it today.

  6. RTFGLT by Anonymous Coward · · Score: -1

    Read the Fscking Green Link Text

  7. Re:FFS people haven't you had enough of Zuckerbook by Lab+Rat+Jason · · Score: 2

    I haven't had a Facebook account for years... this morning after reading the story about the Founder of WhatsApp, and a few days ago reading the articles from the founders of Instagram, I decided to delete my Instagram and WhatsApp accounts as well. The thing that disturbed me was that Instagram kept prompting me to follow users, claiming they were in my contacts list... but I had NEVER given Instagram permission to my contact list... so how did they know? Too creepy for me. I'm out. Instagram was a giant time suck anyway.

    --
    Which has more power: the hammer, or the anvil?
  8. Re:FFS people haven't you had enough of Zuckerbook by Opportunist · · Score: 5, Funny

    Friends don't let friends facebook.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Simple answer ... by Anonymous Coward · · Score: 1

    when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it

    The answer to this is Mark Zuckerberg is a greedy, lying sack of shit, who has now apparently lied to Congressional comittees.

    This is precisely why my ad blockers block everything related to Facebook, and any other ad/analytics company I can.

    I don't trust their "privacy policies", so I have my own .. which boils down to "most third party stuff on any webpage is shit that I block, and don't feel even slightly bad about".

    1. Re:Simple answer ... by reboot246 · · Score: 1

      Call Zuck back in to testify under oath. Lying under oath to a Congressional committee can be punished with jail time.

    2. Re:Simple answer ... by Rick+Zeman · · Score: 1

      Sure, but then he'll play the clueless card "Oh, I didn't know" or "I meant 'didn't' not 'did'" or somesuch.

      Besides, I always thought the shadow profiles were what they built to track those people who are not part of Facebook.

  10. FB didn't give the guy the # by i.r.id10t · · Score: 1

    Umm... FB didn't give the "advertiser" the number or access to it. The advertiser said "target this phone number". Wonder what would happen if you were to do similar for all of the area code combos (other than toll/toll free numbers) and 867-5309 ?

    Heck, almost wish I didn't have to worry about money just so I could do it, and run an ad asking for Jenny...

    --
    Don't blame me, I voted for Kodos
  11. We need new blood by four20_BlzItFgt · · Score: -1

    I really want Google, Facebook, Amazon, Microsoft and Apple to completely fall. We need something new. These companies have become just a giant suck on innovation, and they are just sort of there by default because there's nothing better.

    1. Re:We need new blood by UnknownSoldier · · Score: 1

      Sadly the masses don't care.

      The data breaches and selling of their data isn't enough.

      I don't know what will be the catalyst where they finally go "I'm mad as hell and I'm not going to take it anymore."

      Ideas anyone?

    2. Re:We need new blood by four20_BlzItFgt · · Score: 0

      I don't even care about the data breaches. They aren't doing anything worth wile. They have access to the best engineers in the world and they do this, make shitty products. We need new people at the top, cause what I'm seeing from silicon valley is mediocre.

  12. At least read the summary before commenting by MobyDisk · · Score: 1

    ...a number Mislove has never provided to Facebook...

    The article explains how Facebook got the phone number indirectly because another company had the phone number.

  13. Reading comprehension by Anonymous Coward · · Score: 0

    The advertiser said, "Target this phone number," which Facebook claims not to have if you didn't give it to them.
    They targetted the right guy on Facebook. That's way creepy and contradicts Zuck's congressional testimony.

    1. Re:Reading comprehension by i.r.id10t · · Score: 1

      I don't have any Earl Grey Tea in my house right now, but if you show up on my door step and offer me $50 to make you a cup of it, I *do* know where I can go look to find it.

      Lots of places have info on you (and me, and everyone else) that you've never given them, but you have given others.

      How many times have you gotten spam email or one of the outlook virus emails from someone because some 3rd party had your address in their contact list? That is basically what happened here...

      --
      Don't blame me, I voted for Kodos
    2. Re:Reading comprehension by Anonymous Coward · · Score: 0

      Not all that creepy, it's no different than an advertiser sending you a piece of mail. BUT the big issue is that FB's advertising platform allows advertisers to discriminate. Meaning, if you want only rich, white guys seeing your ads for loans, then could have very easily done that before, and now with very little effort you can still do the same.

      FB only removed some filter options. They have no removed data. If you compile a list of people with a known set of demographics (doctors, lawyers, etc) and upload that list, then tell FB to target "like people", you just sent your ad to other doctors and lawyers and excluded other professions and wage scales.

    3. Re:Reading comprehension by Anonymous Coward · · Score: 0

      it's no different than an advertiser sending you a piece of mail.

      If you ask the Post Office to deliver a letter to the person associated with a given office phone number, they can't and won't deliver it to the person's house. That would be creepy, just like what Facebook cheerfully does.

    4. Re:Reading comprehension by rtb61 · · Score: 2

      Except it is happening on a mass basis with Facebook constructing profiles on all people, as privacy invasive as possible (now probably to skirt investigation, they are contract it out to an off balance sheet company owned by Facebook executives, so Facebook isn't doing oh no, company Facebook owns is doing it, naughty, naughty people that they are, here is a list https://en.wikipedia.org/wiki/..., take your pick of participants in the lie, Facebook ain't doing absolutely not, some company on this list is though). Google paid for credit card purchases information which the credit card issuers in the most corrupt fashion imaginable provided. I'll be Facebook will be chomping at the bit to do the same.

      Everyone knows the reality, Facebook, Google, Twitter, M$ have all proved to be bad actors and you should stop using them as much as possible and you should strive to get others to do the same. It is nothing about what power we want and all about how they have abused the power we allowed through insatiable greed.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:Reading comprehension by Anonymous Coward · · Score: 0

      What if someone shows up at your door and offers you $50 for info on the whereabouts of Jenny? Would you still gladly accept their $50 and give them her new address up the block, or would you be creeped out and call the Police?

    6. Re:Reading comprehension by Anonymous Coward · · Score: 0

      No, I'd just give them her number. I got it on the wall.

    7. Re:Reading comprehension by nitehawk214 · · Score: 1

      But, if you testify to congress that you don't have any Earl Grey, and you suddenly show up with a cup of Tea, Earl Grey, Hot; you can bet your ass is going to be hauled in front of congress again.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    8. Re:Reading comprehension by Anonymous Coward · · Score: 0

      They already had her old number. That's why they knocked on your door.

  14. What did Mr. Z know, and when did he lie about it? by Anonymous Coward · · Score: 0

    That Mark Zuckerberg wouldn't claim to "know" about the concept, notion, or actual presence of shadow profiles is absolute bullshit and, if he were under oath at the time, would clearly be guilty of lying under oath. We knew about shadow profiles when MySpace was still a thing. It's time to start targeting some of these guys with prison time.

  15. What a twisted sense of "privacy" by SlaveToTheGrind · · Score: 4, Insightful

    FTFA:

    The researchers also found that if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later. Ben can’t access his shadow contact information, because that would violate Anna’s privacy, according to Facebook, so he can’t see it or delete it, and he can’t keep advertisers from using it either.

    The lead author on the paper, Giridhari Venkatadri, said this was the most surprising finding, that Facebook was targeted ads using information “that was not directly provided by the user, or even revealed to the user.”

    So informing me that someone else has revealed a piece of my personal information to Facebook (and particularly one that I've not revealed to Facebook myself) is somehow a violation of the other person's privacy?

    Give me a break.

    1. Re:What a twisted sense of "privacy" by AmiMoJo · · Score: 1

      This is clearly illegal in the EU. I hope they get the maximum fine, currently 4% of global turnover if I'm not mistaken.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:What a twisted sense of "privacy" by SlaveToTheGrind · · Score: 1

      I hope they get the maximum fine, currently 4% of global turnover if I'm not mistaken.

      Yes, and the world has been waiting for a good test case to see how that theoretical penalty plays out in the real world. This would be a doozy.

    3. Re:What a twisted sense of "privacy" by AmiMoJo · · Score: 1

      Looks like their 2017 turnover was $40bn. So $1.6bn maximum fine.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  16. Zuckerberg denied knowledge of it? by Anonymous Coward · · Score: 0

    Just means that he does not know what the fuck is going on in his "own" company.

    1. Re: Zuckerberg denied knowledge of it? by Anonymous Coward · · Score: 1

      Or he's a lying sack of shit.

    2. Re:Zuckerberg denied knowledge of it? by nitehawk214 · · Score: 1

      I am pretty sure "I'm a big dummy that has no idea what goes on in my company worth billions of dollars" is not a valid defense in court.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  17. Oy vey! by Anonymous Coward · · Score: 0

    Who would have ever thought Faceberg, of all companies, would let advertisers access things it has figured out about you without your consent! What craziness!

    And a bit of a nit to pick with the headline: I doubt Faceberg is giving it to them.

  18. That isnt a shadow profile by 110010001000 · · Score: 0

    That isn't a shadow profile. What they are describing is an existing Facebook account which has a phone number tied to it that the user never provided to Facebook but was presumably attached by other sources. It seems amazing to me that people think that Facebook (and other companies) aren't attaching tons of data about you from multiple data sources and partners. There are entire companies devoted to building profiles of you and have been for many decades.

    1. Re:That isnt a shadow profile by azcoyote · · Score: 4, Insightful

      That isn't a shadow profile. What they are describing is an existing Facebook account which has a phone number tied to it that the user never provided to Facebook but was presumably attached by other sources.

      I see what you mean, but that's probably precisely the kind of word game that allowed Zuckerberg to deny the practice. It's not technically a shadow profile in terms of a profile belonging to a person who has never signed up. However, it is shadow data attached to a voluntary profile, or in other words, hidden data scraped from online shadow profiles but associated with a non-shadow profile so that the claim can be made that it is not, in fact, a shadow profile. But this is mere semantics. Not only can this be understood as a shadow profile hiding underneath a voluntary profile, but it's even possible that the shadow data is actually stored separately and only probatively associated with the voluntary profile, in which case only this loose and volatile association would ground the pretense that it is not a shadow profile.

      --
      Incipiamus, fratres, servire Domino Deo, quia hucusque vix vel parum in nullo profecimus.
    2. Re:That isnt a shadow profile by Aighearach · · Score: 0

      That isn't a shadow profile. ... the user never provided to Facebook but was presumably attached by other sources.

      So, you're saying it is not a True Shadow Account, because it is only a Shadow Data Related To An Account.

      That seems to submarine your blathering, without even getting to the part where you say, "Golly, somebody else might be doing it too, so it can't be wrong. Bad things can only happen once."

    3. Re:That isnt a shadow profile by Anonymous Coward · · Score: 0

      This shadow "data" business makes the spy games of parallel construction and plausible deniability come to mind.

      Is it companies that resemble the US government more and more, or is that the other way around?

  19. If you believe for a second... by Anonymous Coward · · Score: 1

    That giant social media doesn't already know exactly who you are, who you associate with and what your habits are... I have a lovely bridge for sale.

    Even if you don't have an account, your friends do, your spouse does, your organization/company does. They may not necessarily know your name definitively, but you can be damn sure they have, thru data scraping and aggregation (including combing thru other users uploaded contact lists, their posts, their pictures, their location history, etc...), have compiled a profile of you. I don't care what you call it, "shadow account" or otherwise, it absolutely exists (to think otherwise is to be naive in the big data world). When these social media giants ask you to enter a phone number or other data all it does is verify the data they already had about you is indeed accurate. They use your responses to more effectively tune their algorithms and data sources to increase overall accuracy because ultimately the more data that have on their users and the more accurate that data is the more they can charge for targeted advertisement.

    JUST SAY NO to social media.
       

  20. Or.. They just Googled it by rjr162 · · Score: 1

    Granted I don't know the number called, but the Facebook system may have just asked Google and parsed the results, nothing shadow about it..

    I mean I asked Google and one of the many pages I received was https://www.ccis.northeastern.edu/people/alan-mislove/ which contains a phone number...

    1. Re:Or.. They just Googled it by rjr162 · · Score: 1

      Sorry, meant number they used not called

  21. Not if you don't use them! by Anonymous Coward · · Score: 0

    They aren't sharing your info, if you don't have an account. Delete Facebook.

  22. Standard Internet Protocol and Common Carrier by Anonymous Coward · · Score: 0

    The way most people use social media (and search), it should be a standard internet protocol implemented at the ISP level. ISPs should then be given common carrier status, that would solve most our problems with privacy.

  23. Probably not by Anonymous Coward · · Score: 1

    It was scraped from Kashmir Hill's phone. HE had the number in his contacts. It was probably typed in as Alan Mislove. By default, contacts autosync to Facebook. Since Hill's FB app was on his phone and so was that contact, FB could assume it's a legit name and number. So Hill posts the same name and number into FB ads and the app just goes, "oh you want to talk to that dude on your phone". I don't know if any of that is legal or not but FB knows who is in your contacts list, even if you don't allow it access. It just pretends it doesn't know.

    Have you not made a fake trolling profile and told it not one damned thing about you nor added friends but within about 2 weeks it knows where you live, where you work, and just happens to suggest every person your real FB profile knows? Go ahead and try it. Try to be super stupid paranoid about it too. Keep your android permissions set to deny, turn off GPS, don't add a single friend, etc. You might make it a few more weeks than I have managed, but some way, some how, your phone/the app will "have a technical difficulty" and it'll scrape every bit of info off the phone.

  24. Key problem with 2-factor authentication by joe_frisch · · Score: 2

    This is my strongest (but not only) objection to 2 factor authentication as it is frequently used. The 2nd factor is usually a phone, and nothing seems to keep the company from selling that very valuable information.

    The claims about security are largely bogus as the many social hacks around 2 factor authentication have shown.

    1. Re:Key problem with 2-factor authentication by Anonymous Coward · · Score: 0

      This is my strongest (but not only) objection to 2 factor authentication as it is frequently used. The 2nd factor is usually a phone, and nothing seems to keep the company from selling that very valuable information.

      Your phone is still a physical thing. Unless someone disables your phone account and co-opts your number, they won't be able to use the second factor. And they also need the passphrase or whatever the first factor is. That's a *lot* of effort, and visible effort too.

    2. Re:Key problem with 2-factor authentication by AmiMoJo · · Score: 1

      Text message is just the worst form of 2 factor auth. Using time based codes with an app or a security token is pretty secure.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  25. Idiotic friends give FB their email credentials by Anonymous Coward · · Score: 0

    Prior to the existence of the facebook "Messenger" mobile app which we should assume steals the users' contact list, there was (and may still be) a practice by facebook of asking for the user's email address and password - and this was requested overtly to scan through the messages and build up a list of contacts.

    I'm sure a large fraction of the "shadow profile" comes from this source: damned idiotic friends with zero comprehension of privacy issues who nonetheless use technology.

  26. Illegal is new normal by thsths · · Score: 1

    All the big internet companies operate illegally. Facebook keeps lying to us, Slashdot keeps harassing me for "consent" to monetise my data, everybody is in on it, everybody does it. I nearly prefer the sites that just do not give you access if they cannot set cookies, or you have an ad blocker. At least that is honest (or I am too optimistic there, too?).

  27. Spearphishing / Stalking by Anonymous Coward · · Score: 0

    Just imagine someone using this for spearphishing or stalking someone; sending them targeted ads that are designed to trick or offend. This could also be used to target politicos by phone number...
    On the less creepy side, someone could use it as a strange marriage proposal hint or high school promposal (except kids don't use Facebook now). But edge-cases for weird good uses don't make the practice good in general.