Boing Boing Staging

Facebook's "shadow profiles": the involuntary dossiers of information you never provided, and can't opt out of

Gizmodo’s Kashmir Hill continues her excellent investigative work on Facebook’s mysterious “People You May Know” system, which has caused consternation among users by making seemingly impossible (and often disturbing) connections, such as “A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later.”

Facebook is well understood as being a major customer of third-party data-brokers, who compile huge dossiers on people based on their spending, internet and phone usage, employment history and so on. In addition, Facebook encourages users to upload their entire address books to the system to “find your friends,” and users generally don’t appreciate that they may be leaking sensitive information, including nicknames, private numbers, and connections to the system.


Facebook mines this data to create “shadow profiles” of its billions of users. These are profiles that are filled with data about you that you have never consciously provided to the system — data mined from third parties, including your friends, but also those spooky data-brokers. Facebook’s shadow profile system was first confirmed in 2013 when it accidentally leaked users’ shadow profiles to them along with their own data, something the company says it will never do again out of (ironic) respect for the privacy of the people who provided the data that goes into your shadow profile.

Facebook’s shadow profiles are involuntary and there’s no opt-out. Facebook has shadow profiles on people who don’t use the service. For example, even though I’m not a Facebook user, multiple people have uploaded their address books containing my email and phone number to the system, allowing Facebook to create a profile of my contacts by looking at who lists me as a contact.


What if you don’t like Facebook having this data about you? All you need to do is find every person who’s ever gotten your contact information and uploaded it to Facebook, and then ask them one by one to go to Facebook’s contact management page and delete it.

Just don’t miss anyone. “Once a contact is deleted, we remove it from our system—but of course it is possible that the same contact has been uploaded by someone else,” Steinfeld wrote in an email.

The shadow profiles, like the People You May Know system they feed into, can’t be turned off or opted out of. The one thing you can do to impede Facebook’s contacts-based connections is, through its Privacy Settings menu, keep people from finding your profile by searching your phone number or email address. (Yes, Facebook functions as a reverse phone-number look-up service; under the default settings, anyone can put your phone number into the search bar and pull up your account.)

“Let’s say you’ve shared your phone number [or email address] with a lot of people and don’t want strangers using it to search for you on Facebook,” Steinfeld wrote. “You can limit who can look you up on Facebook by that phone number [or email address] to ‘friends.’ This is also a signal that People You May Know uses. So if a stranger uploads his address book including that phone number [or email address, it] won’t be used to suggest you to that stranger in People You May Know.”

How Facebook Figures Out Everyone You’ve Ever Met
[Kashmir Hill/Gizmodo]


(via 4 Short Links)

Exit mobile version