Facebook Shadow Profiles: You Probably Have One Too [Weekly Facebook Tips]

Ads by Google

You think you’re not on Facebook? Think again. Facebook no doubt has a shadow profile made just for you.

You may recall that recently Facebook found a bug exposing personal details of 6 million user accounts. What you may not have realised is that this led users to know more about how Facebook stores our data, and shows us clearly that Facebook does indeed have shadow profiles on most of us.

Scary stuff? Well, yes. It’s now clear that NSA and other government spying agencies use tools like PRISM to get data from sites like Facebook, and there is nothing we can do about it. Add to our worries the fact that Facebook may be sharing details about us with spying agencies that we never even shared with Facebook in the first place… Big Brother knows more about you than you may think.

How Can Facebook Have A Shadow Profile For Me?

How does Facebook have this information about you? Well, it’s all thanks to their automatic harvesting of information from email accounts and phones. Yes, all you need is one friend to search for friends using their email account or one friend to install an app on their phone. Bingo! There’s your Facebook shadow profile with your phone number and email addresses kept together to identify you later.

If you have a Facebook account using your email or phone number, they will be linked together with information Facebook already has about you. Your public and semi-private information is stored alongside all of these details you never knew Facebook knew about you.

Ads by Google

This is what’s known as your “Shadow Profile” and it explains why you probably have one whether you use Facebook or not. Oh yes, Facebook says they don’t collect information about non-users. Do we believe that? Not really. And besides, with the amount of people who do have Facebook accounts, it’s already enough to worry about.

I Still Don’t Get It

Have you ever seen an old work colleague show up as one of the “People you might know”, only to wonder how on earth Facebook knew this? This colleague certainly doesn’t know your current email address or phone number, so it’s not just a simple match made by them using the “Find Friends” feature. And they don’t know any of your friends, so how did Facebook make this connection? This is your shadow profile at work.

To make this match, a third party must have also used the “Find Friends” tool, but this third party also had details of your old work email address or the phone number you used at the time you worked there. Facebook stored all those old details away in your shadow profile, just waiting to make more connections for you. When your old colleague showed up, the old address they had for you matched one in your shadow profile.

“Find Friends uploads contacts from your device and stores them on Facebook’s servers where they may be used to help others search for people or to generate friend suggestions for you and others.” — Facebook

Facebook just suggests the friend and lets you both prove the connection is right. What’s really scary is that now that you two are connected, Facebook can start suggesting “friends” that neither of you know. You may have just both emailed the same person, who happened to have a Gmail account. I’ve stopped being surprised when Facebook suggests I might be friends with someone who collects feedback for a web service or store.

How Is This Legal?

If you are a Facebook user, you probably gave Facebook permission to do this after you read the terms of service (or like most users, didn’t). As for non-users, it seems it is not legal to collect this information in Europe, but may be legal elsewhere. Who would be surprised to find that any Europeans accidentally had their information harvested? Not me.

“We receive information about you from your friends and others, such as when they upload your contact information, post a photo of you, tag you in a photo or status update, or at a location, or add you to a group. When people use Facebook, they may store and share information about you and others that they have, such as when they upload and manage their invites and contacts.” — Facebook

My Friends Are Doing This? How Can I Stop Them?

Given that this information is being collected from both your Facebook friends and anyone you know in real life, the only way to stop Facebook getting this information is if none of your friends know the information, store it electronically, or use Facebook. Given that your email address is also harvested by the Gmail account of any Gmail user you email (and likely most other web email accounts too), no doubt someone will have shared your email address with Facebook at some point.

How Can I Keep My Details Private?

If you were to try to keep a phone number or email address private from Facebook, you would need to:

  • Limit the number of people you gave it to strictly the people you could trust.
  • Never phone or email anyone who isn’t one of those people you can trust.
  • Make sure your friends know not to enter it into a smartphone that uses the Facebook application.
  • Ensure your friends never entered it into email contact details that were harvested by Facebook.
  • Make your friends promise not to share the number or email address with any other friends.
  • Ensure your friends never allow your number or email address to be stolen.
  • Then trust that your friends have managed to do all of these things, and don’t ever accidentally have a lapse in judgement and install the Facebook app.

That’s a lot of things to trust in that you can’t directly control. Which means we can only wish you the best of luck trying to keep the details private. You’d be better off just starting a new throw-away email address and getting a new phone number every few months using a disposable number service.

What Can I Do?

Well, if it really worries you, you could create a read-only Facebook account with a new email address, or avoid using Facebook at all and hope that they are telling the truth about not collecting non-user data. However, as an ex-Facebook-user, Facebook may have some loophole to hold on to that information. It seems the only way to maintain your privacy completely is to avoid the Internet and not use a phone at all. No doubt that would put you on someone’s radar too.

In the meantime, it’s still worth maintaining your privacy settings on Facebook in order to attain some control over your Facebook privacy generally. Here is a guide to maintaining privacy with the Facebook Timeline and a guide on your privacy with the new Facebook Graph Search.

How do you feel about Facebook Shadow Profiles? Will this cause you to delete your Facebook account?

Image Credit: Man On Phone By Shutterstock, Silhouette by Shutterstock

Ads by Google

22 Comments - Write a Comment

Reply

Angel

Why fear the government for complete access on our lives? It’s not like we do anything of mayor interest for them to do anything about it, on the contrary, with this they can pinpoint pedophiles, pirates and other criminals out there. Now, the real danger is if someone takes advantage of this and uses it against you which in that case the government should strengthen security and make sure no one besides them access that information. So with that set, be my guest government and spy on me all you want and make sure no one else does.

fsdf dsfjkdfdkj

You act as if the government acts in our best interest without a doubt…

Anonymous

“They can pinpoint pedophiles pirates and criminals”

You support that because you think piracy is a crime. When the government arrests you because you don’t agree with their practicies then you’ll say otherwise.

Reply

likefunbutnot

This completely disgusts me. My cell phone number isn’t public information. It’s one thing to compile a directory of names and addresses from public records but it’s entirely different for a corporate entity to collect and store information about me as someone who has explicitly denied that service access in any service that I can directly control.

No computer or mobile device that I am responsible for is even capable of communicating with Facebook servers or any part of its content delivery network. As a non-user, there’s nothing more that I can do to withhold information from it.

In an ideal world, I should somehow be able to communicate to Facebook that I want to opt out of its databases entirely, but of course the US doesn’t have the sorts of privacy laws that Europe does so my wishes in the matter are entirely moot.

I’m willing to tolerate Google, but I am very careful with what information Google is allowed to extract from my activities. I do that with a combination of software selection, partitioning personal data to non-Google devices and services and by using my own encryption to minimize what Google can actually access even for data I have stored on its servers. Facebook largely doesn’t give users those sorts of options.

Angela A

Quite. I’m open about a lot of things, but I don’t like anyone having access to something that can beep at me unless I want them to have it.

Reply

bben

I find it interesting that so many people who are screaming about the evil NSA collecting info on them are perfectly OK with a corporation doing the same thing.

I do not use FB, and resent them collecting anything about me. I want my privacy back.

LongIsland Steven

The difference is FB has no power to arrest, prosecute, and or imprison you.

Reply

Dee W

As soon as you have a social security number, enroll in almost any school, buy or rent property, have utilities in your name, have a library card, have a bank account, credit card, or one of those so-called shopper loyalty cards…what, you thought they were giving you a “discount” from the goodness of their hearts?…your life is an open book for anyone with a computer who wants to read it badly enough. Any security any of us has thought we had for the last several decades exists only in our own minds. There are ways to drop out, but they’re either illegal or they involve moving to a remote cave somewhere and never using technology again.

Reply

Nash J

Wow. This wow. Soon all we will need is our embedded chips and voila end of the world.

Reply

Kim

Hii!
I was wondering something:
If you have the facebook app on your tablet and you also use your tablet for net-banking. Does it mean facebook can also get into your bank account info?

likefunbutnot

It’s… unlikely. Your banking app probably doesn’t store anything locally on the device that another application could use and communication between your device and the banking service is undoubtedly secured.
The most that an intrusive app might be able to tell is that you’re possibly a customer of XYZ bank because you have the XYZ bank app on your device.

On the other hand, if you’re specifically concerned about Facebook, it’s quite probable that there’s an interaction between Facebook’s all-pervasive “like” buttons on the bank’s web site and either your Facebook account or the set of unique browser cookies associated with your desktop or notebook’s current web browser setup such that Facebook is FULLY aware that unique user (who has an account or not) is capable of logging in on Bank XYZ’s web site. That information gets thrown in to Facebook’s data mining and Facebook’s demographic picture of that unique ID (whether it has an account or not) becomes that much more valuable. That you actually click “Like” or not isn’t particularly relevant. If the buttons show up your your screen the scripts associated with them have already run and information gathering has already taken place.

The fix is to use tools like Adblock Plus, Ghostery and NoScript to prevent as much communication with Facebook (and other services) as possible. You’re somewhat out of luck on mobile devices, unfortunately.

Angela A

What LikeFuneButNot said. This is about information that you or your friends have in your contact details on phones etc.

Reply

Lavender

@ Angel: Seriously? You’re NOT afraid of the US govt? Umm . . . may I ask what planet you’re living on? Yeah, the pedophiles, pirates, etc you mention are worrisome. But the entity that can destroy your life just because it feels like doing so via property confiscation, bank account seizures, search & seizures w/o probable cause, imprisonment without recourse (they just have to call you a “terrorist” and its pretty much over for you), and on and on and on — now THAT entity is something to fear. And the only entity w/those kinds of powers, leaving you with NO legal recourse, is our (speaking for Americans here) Federal government.

NO pedophile, pirate, terrorist, or other criminal can do the damage to you that your own government can do. And they’ll call it “legal” and leave you without ANY — I repeat, *ANY* — recourse.

So, go ahead. Give ‘em complete access. See what it gets you. Loss of all rights and private property? Huge, un-payable fines? 10 to 15 in Leavenworth? Maybe death row? Who knows? Depends on their mood.

Oh, I forgot. We don’t have a choice. They already have complete access. Welcome to Prison Planet. Angel, read some news once in awhile, huh?

Angela A

This x1000. Don’t forget what happens when previously acceptable things become illegal or in some way punishable. Look what happened to the Jews – governments all over the place used data they had to let certain people know who the Jews were.

Reply

Robert

I have actually deleted my FB account a couplle times, and then reactivated and its like i have never abandoned my profile or something. Almost its like people can keep on sending me emails.. and the picture, and the tags,,, it creeps the shit outta me.

Reply

Buffet

I never have, and never will, use facey space. I value my privacy and am likely to become EXTREMELY angry if it’s infringed upon!!
Trust me, they don’t want that.

Reply

hyron liverpool

for all shall come hither to receive the mark of the beast and they shall all be one being. embracing the past technology and chance has its place in our future for but a time, till all mind end.

Reply

QuantumPCSupport

aahhhhh! Never knew something like this. Thanks for throwing light on this aspect of Facebook.

Reply

Eric B

I deleted my account on facebook a while back (the full delete that takes a week or 2, not the disable one) and for some reason or other I ended up making a new account with a different email address. Even though facebook had “deleted” all of my old profile data, the first thing I saw when logging in my new account was 10 or so of the people I had as friends before I had deleted it. People like my mom, wife, church members, and other friends.

I have no doubt at all that facebook keeps shadow accounts.

Angela A

Yep, they probably connected the dots using your phone number.

Your comment