Social Media

Facebook Shadow Profiles: You Probably Have One Too [Weekly Facebook Tips]

Angela Randall 20-08-2013

You think you’re not on Facebook? Think again. Facebook no doubt has a shadow profile made just for you.


You may recall that recently Facebook found a bug exposing personal details of 6 million user accounts. What you may not have realised is that this led users to know more about how Facebook stores our data, and shows us clearly that Facebook does indeed have shadow profiles on most of us.

Scary stuff? Well, yes. It’s now clear that NSA and other government spying agencies use tools like PRISM What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More to get data from sites like Facebook, and there is nothing we can do about it. Add to our worries the fact that Facebook may be sharing details about us with spying agencies that we never even shared with Facebook in the first place… Big Brother knows more about you than you may think.

How Can Facebook Have A Shadow Profile For Me?

How does Facebook have this information about you? Well, it’s all thanks to their automatic harvesting of information from email accounts and phones. Yes, all you need is one friend to search for friends using their email account or one friend to install an app on their phone. Bingo! There’s your Facebook shadow profile with your phone number and email addresses kept together to identify you later.

If you have a Facebook account using your email or phone number, they will be linked together with information Facebook already has about you. Your public and semi-private information is stored alongside all of these details you never knew Facebook knew about you.

This is what’s known as your “Shadow Profile” and it explains why you probably have one whether you use Facebook or not. Oh yes, Facebook says they don’t collect information about non-users. Do we believe that? Not really. And besides, with the amount of people who do have Facebook accounts, it’s already enough to worry about.


Facebook Shadow Profiles: You Probably Have One Too [Weekly Facebook Tips] shadow shutterstock 77495599

I Still Don’t Get It

Have you ever seen an old work colleague show up as one of the “People you might know”, only to wonder how on earth Facebook knew this? This colleague certainly doesn’t know your current email address or phone number, so it’s not just a simple match made by them using the “Find Friends” feature. And they don’t know any of your friends, so how did Facebook make this connection? This is your shadow profile at work.

To make this match, a third party must have also used the “Find Friends” tool, but this third party also had details of your old work email address or the phone number you used at the time you worked there. Facebook stored all those old details away in your shadow profile, just waiting to make more connections for you. When your old colleague showed up, the old address they had for you matched one in your shadow profile.

“Find Friends uploads contacts from your device and stores them on Facebook’s servers where they may be used to help others search for people or to generate friend suggestions for you and others.” — Facebook

Facebook just suggests the friend and lets you both prove the connection is right. What’s really scary is that now that you two are connected, Facebook can start suggesting “friends” that neither of you know. You may have just both emailed the same person, who happened to have a Gmail account. I’ve stopped being surprised when Facebook suggests I might be friends with someone who collects feedback for a web service or store.


Facebook Shadow Profiles: You Probably Have One Too [Weekly Facebook Tips] Facebook phone privacy

How Is This Legal?

If you are a Facebook user, you probably gave Facebook permission to do this after you read the terms of service (or like most users, didn’t). As for non-users, it seems it is not legal to collect this information in Europe, but may be legal elsewhere. Who would be surprised to find that any Europeans accidentally had their information harvested? Not me.

“We receive information about you from your friends and others, such as when they upload your contact information, post a photo of you, tag you in a photo or status update, or at a location, or add you to a group. When people use Facebook, they may store and share information about you and others that they have, such as when they upload and manage their invites and contacts.” — Facebook

My Friends Are Doing This? How Can I Stop Them?

Given that this information is being collected from both your Facebook friends and anyone you know in real life, the only way to stop Facebook getting this information is if none of your friends know the information, store it electronically, or use Facebook. Given that your email address is also harvested by the Gmail account of any Gmail user you email (and likely most other web email accounts too), no doubt someone will have shared your email address with Facebook at some point.

Facebook Shadow Profiles: You Probably Have One Too [Weekly Facebook Tips] man on phone shutterstock 110390648


How Can I Keep My Details Private?

If you were to try to keep a phone number or email address private from Facebook, you would need to:

  • Limit the number of people you gave it to strictly the people you could trust.
  • Never phone or email anyone who isn’t one of those people you can trust.
  • Make sure your friends know not to enter it into a smartphone that uses the Facebook application.
  • Ensure your friends never entered it into email contact details that were harvested by Facebook.
  • Make your friends promise not to share the number or email address with any other friends.
  • Ensure your friends never allow your number or email address to be stolen.
  • Then trust that your friends have managed to do all of these things, and don’t ever accidentally have a lapse in judgement and install the Facebook app.

That’s a lot of things to trust in that you can’t directly control. Which means we can only wish you the best of luck trying to keep the details private. You’d be better off just starting a new throw-away email address Need a Disposable Email Address? Try These Great Services Need to send or receive an email without using your real address? Here are some great services that let you do just that. Read More and getting a new phone number every few months using a disposable number service Use Hushed To Create Disposable Phone Numbers In 40 Countries [Android/iOS] There are many situations in life where you need someone to be able to contact you reliably, but do not want them to permanently have your phone number. Consider these situations: dating or selling goods... Read More .

What Can I Do?

Well, if it really worries you, you could create a read-only Facebook account with a new email address Sick Of Facebook? Set Your Account To Read-Only Mode [Weekly Facebook Tips] Even if you hate Facebook, there are some very compelling reasons to have an account. Like, for instance the fact that most of your friends probably have accounts. It's tempting to have an account simply... Read More , or avoid using Facebook at all and hope that they are telling the truth about not collecting non-user data. However, as an ex-Facebook-user, Facebook may have some loophole to hold on to that information. It seems the only way to maintain your privacy completely Can You Escape Internet Surveillance Programs Like PRISM? Ever since Edward Snowden blew the whistle on PRISM, the NSA's no longer secret surveillance program, we know one thing with certainty: nothing that happens online can be considered private. Can you really escape the... Read More is to avoid the Internet and not use a phone at all. No doubt that would put you on someone’s radar too.

In the meantime, it’s still worth maintaining your privacy settings on Facebook in order to attain some control over your Facebook privacy Make Sure You're Secure With Facebook's New Privacy Settings: A Complete Guide Facebook also means two other things: frequent changes and privacy concerns. If there’s one thing we’ve learned about Facebook, is that they’re not really concerned about what we like or our privacy. Nor should they... Read More generally. Here is a guide to maintaining privacy with the Facebook Timeline How To Control Your Privacy With The Facebook Timeline While the new Facebook timeline looks fantastic, there are a few privacy concerns worth keeping in mind. For most people, certain things will need adjusting before you can be completely sure that your posts aren't... Read More and a guide on your privacy with the new Facebook Graph Search Prepare Your Account Privacy For Facebook Graph Search [Weekly Facebook Tips] Every time Facebook releases a new feature to learn more about our friends, many people realise that their privacy settings are not adequate anymore. Their latest new feature, Facebook Graph Search, is no exception -... Read More .


How do you feel about Facebook Shadow Profiles? Will this cause you to delete your Facebook account How To Permanently Delete Your Facebook Account [Weekly Facebook Tips] For whatever reason you may have, one day you might find yourself wanting to delete a Facebook account. Perhaps you had a few accounts and want to delete the extra ones. Maybe you want to... Read More ?

Image Credit: Man On Phone By Shutterstock, Silhouette by Shutterstock

Related topics: Facebook, Online Privacy.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jacquelyn
    January 19, 2017 at 11:31 pm

    new york yanmkees jerseyts cheap authentic stitched nfl jerseys

  2. Eric B
    September 13, 2013 at 3:16 am

    I deleted my account on facebook a while back (the full delete that takes a week or 2, not the disable one) and for some reason or other I ended up making a new account with a different email address. Even though facebook had "deleted" all of my old profile data, the first thing I saw when logging in my new account was 10 or so of the people I had as friends before I had deleted it. People like my mom, wife, church members, and other friends.

    I have no doubt at all that facebook keeps shadow accounts.

    • Angela A
      October 27, 2013 at 4:32 am

      Yep, they probably connected the dots using your phone number.

  3. QuantumPCSupport
    September 3, 2013 at 12:45 pm

    aahhhhh! Never knew something like this. Thanks for throwing light on this aspect of Facebook.

  4. hyron liverpool
    September 2, 2013 at 12:36 am

    for all shall come hither to receive the mark of the beast and they shall all be one being. embracing the past technology and chance has its place in our future for but a time, till all mind end.

  5. Buffet
    September 1, 2013 at 2:26 pm

    I never have, and never will, use facey space. I value my privacy and am likely to become EXTREMELY angry if it's infringed upon!!
    Trust me, they don't want that.

  6. Robert
    August 22, 2013 at 7:40 pm

    I have actually deleted my FB account a couplle times, and then reactivated and its like i have never abandoned my profile or something. Almost its like people can keep on sending me emails.. and the picture, and the tags,,, it creeps the shit outta me.

    • dragonmouth
      April 24, 2018 at 6:24 pm

      Just remember one thing - the Internet NEVER FORGETS ANYTHING.

      When you "delete" your FB account, all that happens is that FB no longer allows you access to it. The account in all its splendor still exists and always will. Even if FB ceases to exist, someone will wind up with its servers and whatever is on them. Pleasant dreams!

  7. Lavender
    August 22, 2013 at 6:26 pm

    @ Angel: Seriously? You're NOT afraid of the US govt? Umm . . . may I ask what planet you're living on? Yeah, the pedophiles, pirates, etc you mention are worrisome. But the entity that can destroy your life just because it feels like doing so via property confiscation, bank account seizures, search & seizures w/o probable cause, imprisonment without recourse (they just have to call you a "terrorist" and its pretty much over for you), and on and on and on -- now THAT entity is something to fear. And the only entity w/those kinds of powers, leaving you with NO legal recourse, is our (speaking for Americans here) Federal government.

    NO pedophile, pirate, terrorist, or other criminal can do the damage to you that your own government can do. And they'll call it "legal" and leave you without ANY -- I repeat, *ANY* -- recourse.

    So, go ahead. Give 'em complete access. See what it gets you. Loss of all rights and private property? Huge, un-payable fines? 10 to 15 in Leavenworth? Maybe death row? Who knows? Depends on their mood.

    Oh, I forgot. We don't have a choice. They already have complete access. Welcome to Prison Planet. Angel, read some news once in awhile, huh?

    • Angela A
      September 11, 2013 at 12:45 pm

      This x1000. Don't forget what happens when previously acceptable things become illegal or in some way punishable. Look what happened to the Jews - governments all over the place used data they had to let certain people know who the Jews were.

  8. Kim
    August 21, 2013 at 11:17 pm

    I was wondering something:
    If you have the facebook app on your tablet and you also use your tablet for net-banking. Does it mean facebook can also get into your bank account info?

    • likefunbutnot
      August 22, 2013 at 12:41 pm

      It's... unlikely. Your banking app probably doesn't store anything locally on the device that another application could use and communication between your device and the banking service is undoubtedly secured.
      The most that an intrusive app might be able to tell is that you're possibly a customer of XYZ bank because you have the XYZ bank app on your device.

      On the other hand, if you're specifically concerned about Facebook, it's quite probable that there's an interaction between Facebook's all-pervasive "like" buttons on the bank's web site and either your Facebook account or the set of unique browser cookies associated with your desktop or notebook's current web browser setup such that Facebook is FULLY aware that unique user (who has an account or not) is capable of logging in on Bank XYZ's web site. That information gets thrown in to Facebook's data mining and Facebook's demographic picture of that unique ID (whether it has an account or not) becomes that much more valuable. That you actually click "Like" or not isn't particularly relevant. If the buttons show up your your screen the scripts associated with them have already run and information gathering has already taken place.

      The fix is to use tools like Adblock Plus, Ghostery and NoScript to prevent as much communication with Facebook (and other services) as possible. You're somewhat out of luck on mobile devices, unfortunately.

    • Angela A
      September 11, 2013 at 12:42 pm

      What LikeFuneButNot said. This is about information that you or your friends have in your contact details on phones etc.

  9. Nash J
    August 21, 2013 at 7:35 pm

    Wow. This wow. Soon all we will need is our embedded chips and voila end of the world.

  10. Dee W
    August 21, 2013 at 7:13 pm

    As soon as you have a social security number, enroll in almost any school, buy or rent property, have utilities in your name, have a library card, have a bank account, credit card, or one of those so-called shopper loyalty cards...what, you thought they were giving you a "discount" from the goodness of their hearts?...your life is an open book for anyone with a computer who wants to read it badly enough. Any security any of us has thought we had for the last several decades exists only in our own minds. There are ways to drop out, but they're either illegal or they involve moving to a remote cave somewhere and never using technology again.

  11. bben
    August 21, 2013 at 11:40 am

    I find it interesting that so many people who are screaming about the evil NSA collecting info on them are perfectly OK with a corporation doing the same thing.

    I do not use FB, and resent them collecting anything about me. I want my privacy back.

    • LongIsland Steven
      August 27, 2013 at 1:32 pm

      The difference is FB has no power to arrest, prosecute, and or imprison you.

  12. likefunbutnot
    August 21, 2013 at 5:17 am

    This completely disgusts me. My cell phone number isn't public information. It's one thing to compile a directory of names and addresses from public records but it's entirely different for a corporate entity to collect and store information about me as someone who has explicitly denied that service access in any service that I can directly control.

    No computer or mobile device that I am responsible for is even capable of communicating with Facebook servers or any part of its content delivery network. As a non-user, there's nothing more that I can do to withhold information from it.

    In an ideal world, I should somehow be able to communicate to Facebook that I want to opt out of its databases entirely, but of course the US doesn't have the sorts of privacy laws that Europe does so my wishes in the matter are entirely moot.

    I'm willing to tolerate Google, but I am very careful with what information Google is allowed to extract from my activities. I do that with a combination of software selection, partitioning personal data to non-Google devices and services and by using my own encryption to minimize what Google can actually access even for data I have stored on its servers. Facebook largely doesn't give users those sorts of options.

    • Angela A
      September 11, 2013 at 12:40 pm

      Quite. I'm open about a lot of things, but I don't like anyone having access to something that can beep at me unless I want them to have it.

  13. Angel
    August 21, 2013 at 2:49 am

    Why fear the government for complete access on our lives? It's not like we do anything of mayor interest for them to do anything about it, on the contrary, with this they can pinpoint pedophiles, pirates and other criminals out there. Now, the real danger is if someone takes advantage of this and uses it against you which in that case the government should strengthen security and make sure no one besides them access that information. So with that set, be my guest government and spy on me all you want and make sure no one else does.