Top Nav

You Might Have an Invisible Facebook Account Even if You Never Signed Up

Facebook archives your personal information provided by third party sources

Previously we covered how to protect your privacy by preventing people from tagging your photos in both Facebook and Picasa. Consider this a follow-up as it looks like Facebook is a bit more involved in privacy intrusions than anyone had previously thought.

In a recent bug fix, Facebook inadvertently revealed that it’s creating dossier-like profiles on its users based on third-party information. This applies even if you never signed up for a Facebook account. But what does that mean exactly?

When someone “connects” to Facebook using their Gmail, Yahoo, Twitter, Outlook or whatever account, Facebook will ask for permission to access your contacts to “find your friends on Facebook”. While Facebook may actually be trying to find their friend’s profiles on Facebook, Facebook is also harvesting all of that contact data and using it to create “shadow profiles” based on name and email address information. Ouch… And before you ask if Facebook notifies anyone about this process, apparently this page which is ambiguous at best is an attempt. Unfortunately this also isn’t the first time this month that Facebook flagrantly invaded user privacy without permission.

What is a Facebook Shadow Profile?

Have you ever tried using Photoshop, Paint.net, or another image editing software that uses ‘layers’? A shadow profile is much like an invisible layer that isn’t normally visible on the Facebook front-end but is still there on its servers. These profiles contain additional information which you likely didn’t submit to your Facebook account yourself through the automated methods mentioned earlier. It’s visible only to Facebook.

For a while, this information was available to people using the “download my data” feature due to a bug in the Facebook system, which has now been corrected. Although this information is no longer publicly available, it is still being collected by Facebook. And, these profiles may store information on people who don’t even have a Facebook account.

facebook shadow profiles

The part where this becomes scary is when you consider that Facebook is pulling information from a large variety of sources, but worst of all: smartphones. When you install the Facebook app on your phone it requires permission to read your contacts, call log, location, accounts, and application data. Let’s also consider that many Android phones now come with Facebook pre-installed or baked into the operating system.

facebook app in google playandroid facebook permissionsapp permissions

How can you protect your privacy?

The short answer is, you can’t. The responsibility relies on others not to upload contact data to Facebook which includes you. Even when security company Packet Storm questioned Facebook they received the following response from Facebook:

“they think of contacts imported by a user as the user’s data and they are allowed to do with it what they want. To clarify, it’s not your data, it’s your friends. We went on to ask them if Facebook would commit to having a privacy setting that dictates Facebook will automatically delete any and all data uploaded about me via third parties (“friends”) if it’s not in scope with what I’ve shared on my profile (and by proxy, is out of band from my privacy settings)?

We were basically met with the same reasoning as above and in their wording they actually went as far as claiming that it would be a freedom of speech violation.”

how to know if you have a facebook shadow profile

Conclusion

Facebook is mapping the human population one social connection at a time with or without your help. Although Facebook is unlikely to be the only corporation among its peers involved in mapping the population, perhaps Facebook should take note how one of its peers provides a solid opt-out process for its users.

, ,

20 Responses to You Might Have an Invisible Facebook Account Even if You Never Signed Up

  1. Steve Krause August 1, 2013 at 10:25 am #

    Big data = big money…. Forget the front-end, this data is the true treasure for Facebook stock holders.

  2. Alice L August 2, 2013 at 9:34 am #

    This is really scary and sad. I never created a facebook account because I read here on groovy how bad the privacy was. so this is just crazy.

    Anything I can do? Also, what do you mean about Google? Are they doing something I should worry about.

  3. pmview August 2, 2013 at 9:48 am #

    thank you for your insightful analysis and great detective work! the expectation for any sort of privacy has long since been lowered to the famed, ‘least-common-denominator’ so as to maximize the data’s market-value while promising the highest degree of selective connectivity among all devices, all social media and all real-time interactions.

  4. Jackson Taylor August 3, 2013 at 11:07 am #

    favorite part of the article for me was the last paragraph. EVERYONE is doing this… that’s just the way it is in the world we live in.

    Your credit card company, your super market, the movie’s, search engines, EVERYONE! Every business on the planet it tracking its customers so I guess I’m not overly freaked out about Facebook doing it. I kinda already assumed they were doing it but I would wager Google has 10x the data that Facebook has on most ppl.

    • mjohn August 13, 2013 at 4:07 am #

      @Jackson Taylor
      “Every business on the planet it tracking its customers so I guess I’m not overly freaked out about Facebook doing it.”

      Yes, exactly. Every business tracks _its customers_. Fine, I can avoid using the credit card, use cash instead, IF I WANT. I can choose not to use wallmart, IF I WANT. My choice. I’m in charge.

      Now, I’m not a facebook customer, I never created a facebook profile. But they are still tracking me, and I have no way on Earth to opt out of it. My personal information, given personally to people that I trust, and never published online, are now irrevokably stored by a company without my consent. I gave my phone number to my friends, NOT to facebook! Do you see the problem?

      • Daniel Chatfield August 14, 2013 at 11:17 am #

        But they aren’t ‘tracking’ you.

        I’m not sure how this is different to Google having your phone and email if someone you know uses gmail and has added you as a contact into Google Contacts – it’s the same inherent problem, as it isn’t you who is authorising access to this information.

        One thing Facebook could do, and perhaps they do do, is hash the phone number and email address so you can ONLY use it for what they use it for (http://www.groovypost.com/news/facebook-shadow-accounts-non-users/#comment-365948) as they wouldn’t be able to tell someones email address from their name but when someone opens an account it would be possible to find all users who had them in their contacts.

  5. Daniel Chatfield August 12, 2013 at 12:11 pm #

    Nice article, a little OTT though – the only things stored in the shadow profiles are email addresses, phone numbers and names. The reason is so that if someone signs up to facebook then any of their friends who have used the ‘find friends’ feature can be suggested this new person as a friend.

    • Gloria Schmitt August 12, 2013 at 12:19 pm #

      Yeah, I’m sure that’s the only reason — NOT.

      Let me guess, you work at Facebook?

    • Choi August 13, 2013 at 2:38 am #

      ‘…the only things stored in the shadow profiles are email addresses, phone numbers and names.’

      ‘Only’? Dude, what planet are you from? Probably from the same planet as Barack it-just-meta-data-Obama. If it’s no big deal like you’re implying why are big-data and the government so keen on collecting it?

      • Daniel Chatfield August 16, 2013 at 10:22 am #

        Do you know someone with an Android phone? Or someone who uses gmail? Then Google has that data through Google Contacts. If you think you can keep your email completely private you are bonkers – that isn’t how email works. If you send an email to someone using gmail then Google will have your email address.

  6. Ryan August 12, 2013 at 12:50 pm #

    You should probably add, “Have you ever visited a website with the FB LIke button on it, while allowing third party cookies,” to your chart.

  7. Thomas August 12, 2013 at 1:37 pm #

    “the only things stored in the shadow profiles are email addresses, phone numbers and names”

    Yea, what _else_ is ever needed to perfectly identify a person?

    Once you have identity, you have _everything there is_.

    Does FB pay your salary or what?

  8. Toby August 13, 2013 at 1:00 am #

    Well said. It is frightening and that’s why it’s so important to control the access apps have to your private info. You can actually opt out of the “connect with Facebook” at any time with MyPermissions app and browser extension. It’s quite easy. Check it out… let me know what you think about it.

    • Anno NymouseNot August 14, 2013 at 10:10 am #

      Toby,
      The whole point here is that even though the data is about you, Facebook doesn’t consider it to be yours. In their mind, it belongs to your friends, acquaintances or even total strangers who happen to put your name, email address or phone number into their FB enabled device. You can’t opt out.

      It’s a Roach Motel (TM) for your data. It checks in but never checks out.

  9. Hugh August 13, 2013 at 6:38 am #

    Facebook is always collecting information about you even if you are not a user and never visit the site. Try using http://www.mozilla.org/en-US/collusion/ for a bit to see how you are tracked across the web.

  10. dvd shultz August 16, 2013 at 8:07 am #

    It is interesting that many “liberal” news sites that allow comments now require a Facebook account to post. Fortunately this site is one of the few that does not. If “enlightened” readers started focusing on sites like GroovyPost maybe the others would get the message. But even the cranks and the propeller heads still pay FOX news to be beam propoganda to their cable boxes while blaming the corporations for everything.

    • Phil Cooper August 16, 2013 at 1:40 pm #

      For those greedy sites I always use one of several alternate Facebook profiles that are NOT my real profile.

  11. Phil Cooper August 16, 2013 at 1:37 pm #

    A way to mess Facebook up real good is to create several accounts, the more the better, using disposable email addresses from Yahoo!, Gmail, and others. Populate the various profiles with bogus data and use them freely. Eventually, when Facebook has more user accounts than there are people on the planet, they’ll realize their database is so hopelessly polluted with garbage that it’s useless to them, to the government, and to the corporations that want to perform data mining for marketing purposes.

  12. Faith marie August 17, 2013 at 7:17 am #

    I never signed up cant get in my ex stalks me. My old computer yes not on iPhone didn’t sign up for face book but states my name and number are in use can’t sign in really gives no other choice also on pull down on my iPhone can send instant message?? Too who??

  13. Ryan Biddulph August 20, 2013 at 5:04 am #

    Wow, kinda crazy Austin. FB does what it has to do on the sly lol! Thanks for sharing!

    Ryan

Leave a Reply

 

×

Subscribe to our free newsletter and have our tips delivered to your inbox. Free Signup