You Might Have an Invisible Facebook Account Even if You Never Signed Up

Are you one of the few people that aren’t interested in having a Facebook account? As it turns out, you might not have a choice in the matter.

Previously we covered how to protect your privacy by preventing people from tagging your photos on both Facebook and Picasa. Consider this a follow-up as it looks like Facebook is a bit more involved in privacy intrusions than anyone had previously thought.

In a recent bug fix, Facebook inadvertently revealed that it’s creating dossier-like profiles on its users based on third-party information. This applies even if you never signed up for a Facebook account. But what does that mean exactly?

When someone “connects” to Facebook using their Gmail, Yahoo, Twitter, Outlook, or whatever account, Facebook will ask for permission to access your contacts to “find your friends on Facebook.” While Facebook may actually be trying to find their friend’s profiles on Facebook, Facebook is also harvesting all of that contact data and using it to create “shadow profiles” based on name and email address information. Ouch… And before you ask if Facebook notifies anyone about this process, apparently, this page which is ambiguous at best is an attempt. Unfortunately, this isn’t the first time this month that Facebook flagrantly invaded user privacy without permission.

What is a Facebook Shadow Profile?

Have you ever tried using Photoshop,, or another image editing software that uses ‘layers’? A shadow profile is like an invisible layer that isn’t normally visible on the Facebook front-end but is still there on its servers. These profiles contain additional information which you likely didn’t submit to your Facebook account yourself through the automated methods mentioned earlier. It’s visible only to Facebook.

For a while, this information was available to people using the “download my data” feature due to a bug in the Facebook system, which has now been corrected. Although this information is no longer publicly available, it is still being collected by Facebook. And, these profiles may store information on people who don’t even have a Facebook account.

facebook shadow profiles

The part where this becomes scary is when you consider that Facebook is pulling information from various sources, but worst of all: smartphones. When you install the Facebook app on your phone, it requires permission to read your contacts, call log, location, accounts, and application data. Let’s also consider that many Android phones now come with Facebook pre-installed or baked into the operating system.

facebag app

How can you protect your privacy?

The short answer is, you can’t. The responsibility relies on others not to upload contact data to Facebook, which includes you. Even when security company Packet Storm questioned Facebook, they received the following response from Facebook:

“they think of contacts imported by a user as the user’s data and they are allowed to do with it what they want. To clarify, it’s not your data, it’s your friends. We went on to ask them if Facebook would commit to having a privacy setting that dictates Facebook will automatically delete any and all data uploaded about me via third parties (“friends”) if it’s not in scope with what I’ve shared on my profile (and by proxy, is out of band from my privacy settings)?

We were basically met with the same reasoning as above and in their wording they actually went as far as claiming that it would be a freedom of speech violation.”

how to know if you have a facebook shadow profile


Facebook is mapping the human population one social connection at a time with or without your help. Although Facebook is unlikely to be the only corporation among its peers involved in mapping the population, perhaps Facebook should note how one of its peers provides a solid opt-out process for its users.



  1. Steve Krause

    Big data = big money…. Forget the front-end, this data is the true treasure for Facebook stock holders.

  2. Alice L

    This is really scary and sad. I never created a facebook account because I read here on groovy how bad the privacy was. so this is just crazy.

    Anything I can do? Also, what do you mean about Google? Are they doing something I should worry about.

  3. pmview

    thank you for your insightful analysis and great detective work! the expectation for any sort of privacy has long since been lowered to the famed, ‘least-common-denominator’ so as to maximize the data’s market-value while promising the highest degree of selective connectivity among all devices, all social media and all real-time interactions.

  4. Jackson Taylor

    favorite part of the article for me was the last paragraph. EVERYONE is doing this… that’s just the way it is in the world we live in.

    Your credit card company, your super market, the movie’s, search engines, EVERYONE! Every business on the planet it tracking its customers so I guess I’m not overly freaked out about Facebook doing it. I kinda already assumed they were doing it but I would wager Google has 10x the data that Facebook has on most ppl.

    • mjohn

      @Jackson Taylor
      “Every business on the planet it tracking its customers so I guess I’m not overly freaked out about Facebook doing it.”

      Yes, exactly. Every business tracks _its customers_. Fine, I can avoid using the credit card, use cash instead, IF I WANT. I can choose not to use wallmart, IF I WANT. My choice. I’m in charge.

      Now, I’m not a facebook customer, I never created a facebook profile. But they are still tracking me, and I have no way on Earth to opt out of it. My personal information, given personally to people that I trust, and never published online, are now irrevokably stored by a company without my consent. I gave my phone number to my friends, NOT to facebook! Do you see the problem?

      • Daniel Chatfield

        But they aren’t ‘tracking’ you.

        I’m not sure how this is different to Google having your phone and email if someone you know uses gmail and has added you as a contact into Google Contacts – it’s the same inherent problem, as it isn’t you who is authorising access to this information.

        One thing Facebook could do, and perhaps they do do, is hash the phone number and email address so you can ONLY use it for what they use it for ( as they wouldn’t be able to tell someones email address from their name but when someone opens an account it would be possible to find all users who had them in their contacts.

  5. Daniel Chatfield

    Nice article, a little OTT though – the only things stored in the shadow profiles are email addresses, phone numbers and names. The reason is so that if someone signs up to facebook then any of their friends who have used the ‘find friends’ feature can be suggested this new person as a friend.

    • Gloria Schmitt

      Yeah, I’m sure that’s the only reason — NOT.

      Let me guess, you work at Facebook?

    • Choi

      ‘…the only things stored in the shadow profiles are email addresses, phone numbers and names.’

      ‘Only’? Dude, what planet are you from? Probably from the same planet as Barack it-just-meta-data-Obama. If it’s no big deal like you’re implying why are big-data and the government so keen on collecting it?

      • Daniel Chatfield

        Do you know someone with an Android phone? Or someone who uses gmail? Then Google has that data through Google Contacts. If you think you can keep your email completely private you are bonkers – that isn’t how email works. If you send an email to someone using gmail then Google will have your email address.

    • Joni

      I am reading this right now because I have no Facebook account, never had the app in my phone but just this week, in my iPhone productivity, it says my social media usage went up 82%. I checked it out and it has me using Facebook for 16 hours a day! I don’t know what to do

  6. Ryan

    You should probably add, “Have you ever visited a website with the FB LIke button on it, while allowing third party cookies,” to your chart.

  7. Thomas

    “the only things stored in the shadow profiles are email addresses, phone numbers and names”

    Yea, what _else_ is ever needed to perfectly identify a person?

    Once you have identity, you have _everything there is_.

    Does FB pay your salary or what?

  8. Toby

    Well said. It is frightening and that’s why it’s so important to control the access apps have to your private info. You can actually opt out of the “connect with Facebook” at any time with MyPermissions app and browser extension. It’s quite easy. Check it out… let me know what you think about it.

    • Anno NymouseNot

      The whole point here is that even though the data is about you, Facebook doesn’t consider it to be yours. In their mind, it belongs to your friends, acquaintances or even total strangers who happen to put your name, email address or phone number into their FB enabled device. You can’t opt out.

      It’s a Roach Motel (TM) for your data. It checks in but never checks out.

  9. Hugh

    Facebook is always collecting information about you even if you are not a user and never visit the site. Try using for a bit to see how you are tracked across the web.

  10. dvd shultz

    It is interesting that many “liberal” news sites that allow comments now require a Facebook account to post. Fortunately this site is one of the few that does not. If “enlightened” readers started focusing on sites like GroovyPost maybe the others would get the message. But even the cranks and the propeller heads still pay FOX news to be beam propoganda to their cable boxes while blaming the corporations for everything.

    • Phil Cooper

      For those greedy sites I always use one of several alternate Facebook profiles that are NOT my real profile.

  11. Phil Cooper

    A way to mess Facebook up real good is to create several accounts, the more the better, using disposable email addresses from Yahoo!, Gmail, and others. Populate the various profiles with bogus data and use them freely. Eventually, when Facebook has more user accounts than there are people on the planet, they’ll realize their database is so hopelessly polluted with garbage that it’s useless to them, to the government, and to the corporations that want to perform data mining for marketing purposes.

    • DTorgerson

      Problem is that they require a cell phone number to use Facebook now.

  12. Faith marie

    I never signed up cant get in my ex stalks me. My old computer yes not on iPhone didn’t sign up for face book but states my name and number are in use can’t sign in really gives no other choice also on pull down on my iPhone can send instant message?? Too who??

  13. Ryan Biddulph

    Wow, kinda crazy Austin. FB does what it has to do on the sly lol! Thanks for sharing!


  14. Average Joe

    I used to use Google. Originally it was my home page. Till I found out about the tracking. Now I block Google and FB using my hosts file on each device. You would be shocked how often the link you thought you clicked on takes you to Google first, then on to the actual site. I get a blank page instead.
    I know it is damn near impossible to prevent the shadow profiles for non users like myself. Most people are naïve and unless you share zero info with friends, you are compromised. I will say this, I buy nothing from ads online and ignore all. If anything appeared that i thought was connected to google or FB, I would reject it on the basic principal of them offering it. It might be the best deal ever – i am not going for it.
    What i am promoting is a few new apps i discovered. These are for Firefox only. If you use Pale moon or IE, Edge, there is nothing like this yet. Trackmenot –
    This scrambles big data by performing many searches that are odd and unrelated. This masks your true searchs as the total creates too much noise for them to hone in on your personal tastes. So you still pass cookie info back, but this makes too much mess for google/FB to understand.
    Second app is location guard, Hide your geographic location. They can still track your general area by triangulation but it at least hides your exact GPS. I never need my home devices for location. My phone i only turn it on when needed, like for maps while traveling.

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top