Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Cloud EU Facebook Privacy Social Networks Your Rights Online

Facebook Is Building Shadow Profiles of Non-Users 338

An anonymous reader writes "As noted previously, Max Schrems of Europe Versus Facebook has filed numerous complaints about Facebook's data collection practices. One complaint that has failed to draw much scrutiny regards Facebook's creation of Shadow Profiles. 'This is done by different functions that encourage users to hand personal data of other users and non-users to Facebook... (e.g. synchronizing mobile phones, importing personal data from e-mail providers, importing personal information from instant messaging services, sending invitations to friends or saving search queries when users search for other people on facebook.com). This means that even if you don't use it, you may already have a profile on Facebook.'"
This discussion has been archived. No new comments can be posted.

Facebook Is Building Shadow Profiles of Non-Users

Comments Filter:
  • Who's data is it? While it may be your phone number and your birthday, it is really just the data of the user who entered it. You gave it to the person without restrictions.
    • Apparently I fail at using who's/whose. My apologies to the grammar nazis.
    • Re:who's data (Score:5, Insightful)

      by QuasiSteve ( 2042606 ) on Tuesday October 18, 2011 @10:26AM (#37750358)

      What the article is in part talking about is what a lot of people have been saying for years now.

      People say if you don't want facebook to know anything about you, then you shouldn't post there.
      So others reply that it doesn't matter that you didn't give the data to facebook, one of your friends might.

      So now the statement is that if you don't want facebook to know anything about you, then you shouldn't tell your friends, colleagues, etc. anything - after all, they may enter it on facebook.

      But this still makes the presumption that you actually gave that information, knowingly and willingly, to that person - and that it it's reasonable to assume that facebook will then collect it as well.

      Let's say you went to Slashdot High. So did some other person. That other person tells facebook to look for MikeB0Lton who attended Slashdot High. Now facebook has a reasonable assumption that you went to Slashdot High.
      You didn't give facebook that data. And you didn't really give that data to that person - it's just information that accumulates simply by existing. You could fo for a "well you could have chosen to be homeschooled" sort of retort, but setting aside that most people here went to highschool long before facebook even existed, that's of course asking for ridiculous steps to take just to prevent anybody from collecting data about you.

      Now obviously pandora's box on this was opened a very long time ago and there's really no way that it'll ever change. Even if facebook were to be forced to kill all collected data beyond that required for direct facebook operations, there's plenty of companies and shady organizations who are not targeted and who will gladly not even bother with waiting for users to provide the data and instead crawl sites and official records for it.

      But the suggestion that facebook only has data on you because you gave it to them - and now that it has it because you gave it to somebody else - seems to be putting some level of blame with people when really they needn't even do/say anything.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        When you install FB onto your smart phone, you are allowing FB access to every nook and cranny about your phone, its data, etc, even if you opt-out to not 'connect' with people in your contacts.

        What FB is essentially doing, is they are looking at your contacts, the names you have of them, their number and email, and creating a 'profile' if that person doesn't already exist.

        The problem here is that those persons did not give consent to FB (ie. installing FB on their phone or creating a profile). Another maj

      • Well, you certainly can't put it back in the box, but governments could always criminalize it with destructive fines so that if a company is discovered doing it, they have to pay, and pay big.

        • What, and stifle innovation?

      • Re:who's data (Score:4, Interesting)

        by Richard_at_work ( 517087 ) on Tuesday October 18, 2011 @10:53AM (#37750754)

        So while everyone is taking issue at Facebook doing this, whats really needed is a Personal Information Control Act aimed at individuals rather than corporations?

        Rather like (as i am in the UK) a Data Protection Law aimed at everyone, rather than just what businesses and organisations can do with data collected?

        Or are we going to try and stick a band aid on it by limiting what companies can collect from people willing to offer?

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          I would say what needs to happen is people need to learn about the concept of "a matter of public record" and get used to the fact that while historically actually searching for public records was difficult it no longer is.

          In short privacy is obsolete, our culture needs to adapt to this. Because ultimately all this information has always been available (high school yearbooks, for example have done much the same things as Facebook in the GP's example) the only thing that has changed is the barrier to accessi

      • by ksd1337 ( 1029386 ) on Tuesday October 18, 2011 @11:22AM (#37751104)

        Let's say you went to Slashdot High.

        People visit Slashdot when they're high? That'd explain a lot of comments! ;-)

    • by Xest ( 935314 )

      That doesn't wash under UK law, nor in most of Europe. It is against the DPA for a business to hold data on you unless there is a mutually agreed reason for them to do so between the two of you or unless they fall under one of the specific exemptions provided by the act such as for law enforcement, or health provisioning. Facebook falls under none of this, so without a doubt is in breach of British law and similar laws in much of Europe.

      Whether anything will be done is a different story, our ICO is a toothl

    • Who's data is it? While it may be your phone number and your birthday, it is really just the data of the user who entered it. You gave it to the person without restrictions.

      Nope the data do not belong to the provider (at least in the EU). It comes down to who's being personally identified by that data. If I upload your contact details to Facebook, they will be obliged to disclose that to you if you should make a subject access request. They're obviously they are not required to tell you who owns the address book in which your details are found. In theory you could even ask that your details be removed from my account. Of course removal may be refused, but Facebook would be obl

  • by bigredradio ( 631970 ) on Tuesday October 18, 2011 @10:17AM (#37750226) Homepage Journal
    See this is why I don't use facebook..... er...damn it!
    • Re:Doh! (Score:4, Funny)

      by Abstrackt ( 609015 ) * on Tuesday October 18, 2011 @11:02AM (#37750872)

      See this is why I don't use facebook..... er...damn it!

      To be fair, it sounds more like Facebook is using you.

    • by treeves ( 963993 )

      The example in the summary of searching for someone ON Facebook followed by a claim of "I don't use Facebook!" is pretty stupid.

      • The example in the summary of searching for someone ON Facebook followed by a claim of "I don't use Facebook!" is pretty stupid.

        I think you misread that rather rambling, run-on sentence in the summary

        'This is done by different functions that encourage users to hand personal data of other users and non-users to Facebook... (e.g. synchronizing mobile phones, importing personal data from e-mail providers, importing personal information from instant messaging services, sending invitations to friends or saving search queries when users search for other people on facebook.com).

        The searcher and the non-user are different people. The searcher is the non-user's (real life) friend, and just entered data about the non-user to try to find him on facebook. FB keeps that piece of data in non-user's "shadow profile", or more appropriately, "dossier".

        So John Smythe doesn't have a facebook profile, but his friend just searched for John Smythe from Washington High School. Now they know that. Another friend looks for John

        • by treeves ( 963993 )

          You're right.
          So a Facebook user searching, on Facebook, for someone who happens not to be a Facebook user, tells Facebook what? That the person named may exist, and that Facebook user is interested in him? Doesn't sound like much of an issue to me, but then I don't spend much (enough?) time worrying about what FB is doing with all the personal data it has.

  • Good to see this is getting some wider exposure! They used to send a courtesy mail to tell you they had your information and suggest you get an account so you can see it. Do they not still do that?
    • by vlm ( 69642 )

      Good to see this is getting some wider exposure! They used to send a courtesy mail to tell you they had your information and suggest you get an account so you can see it. Do they not still do that?

      That was the classmates.com people, sending weekly if not daily emails, if I recall correctly. Nothing a little spam filter can't clean up.

      • by ackthpt ( 218170 )

        Good to see this is getting some wider exposure! They used to send a courtesy mail to tell you they had your information and suggest you get an account so you can see it. Do they not still do that?

        That was the classmates.com people, sending weekly if not daily emails, if I recall correctly. Nothing a little spam filter can't clean up.

        I keep getting prods from FB, I have updates. To heck with them, I don't care. I'm not here to enrich these people.

        I also found the source of the little pop-ups which want me to finish filling in all my personal information or when they want me to take a tour of something they've added or changed. FB is about as annoying as Windows with all those damn balloons popping up. Sure-fire way to drive me out, keep bugging me.

      • Re:Oh, really?! (Score:5, Interesting)

        by medv4380 ( 1604309 ) on Tuesday October 18, 2011 @10:50AM (#37750700)
        I think you're right, but I've received creepy email invites from Facebook saying "You might know these people come join us" followed by 9 profile images some of close friends and some of acquaintances that happened to attend an event that I've gone to from time to time. It was creepy and is the main reason I want nothing to do with facebook.
      • It was Facebook telling me I'd been tagged in some photos. They solicited the information from the users they already had and then sought to widen their net even further. I'd been shown Facebook months before that happened and until then had happily avoided it. Now there are 'Like' buttons on as much of the internet as Google's Ads.
  • What is unfortunate, Facebook might be willing to sell this data to 3rd parties without your consent... as your friends/coworkers/family have already consented to releasing the contact information for you. Even without Facebook selling it, it's only a data breach away from some the unscrupulous hands.

    • by Baloroth ( 2370816 ) on Tuesday October 18, 2011 @10:47AM (#37750648)

      Even without Facebook selling it, it's already in some unscrupulous hands.

      FTFY

    • by The Man ( 684 ) on Tuesday October 18, 2011 @12:02PM (#37751634) Homepage

      What is unfortunate, Facebook might be willing to sell this data to 3rd parties without your consent... as your friends/coworkers/family have already consented to releasing the contact information for you. Even without Facebook selling it, it's only a data breach away from some the unscrupulous hands.

      I don't know that there's anyone more unscrupulous than facebook. The mobsters and fraud rings out there really just want to use your identity to take money from banks. They're annoying but not really that dangerous to ordinary people (nor to the banks, who treat low-level activity as a cost of doing business). The law is also firmly entrenched against them, and they are occasionally caught and punished. Facebook and their ilk, however, sell humans as products to thousands of corporations around the world, and they do so with impunity. They are a direct and real threat to every individual person alive today and countless unborn yet to come. If you put a gun to my head and told me I had to give all my personal information to either Mark Zuckerberg or a Russian gangster, I'd give it to the gangster every time. Then I can go file a police report, close all my accounts, and start over with no loss but a few hours of my time. Eventually the gangsters will be caught and imprisoned or perhaps killed in a war with other gangsters. There's no such happy ending possible if facebook gets its hands on my data; even if I change my name, move to a different state, and start a new career, sooner or later facebook will get my new data too. There's apparently nothing I can do about it, and the law won't help me.

      Bottom line: a "facebook data breach" would mean nothing to us, since everything in their database was already for sale; it would only harm facebook, who will have given away what they were previously selling.

  • by concealment ( 2447304 ) on Tuesday October 18, 2011 @10:21AM (#37750278) Homepage Journal

    Google's problem is that search engines can be easily fooled. Since the user indexes his or her own data by what is published to the web page, people tend to list all sorts of keywords which in turn create false results. Google's solution was PageRank, or picking the most popular sites. This doesn't work because all language is contextual, and as a result, a search term can mean many things.

    What both Google and Facebook have realized is that unless they figure out who the user is, and what types of things they are looking for, there is no way to impose a type or context to the search. Without typed searching, search results become more irrelevant with the number of pages published to the web.

    Both of them have hit on the same solution. Users aren't going to log in to a search engine, but they will log in to Gmail or Facebook, and that allows these companies to keep track of who you are (Google Plus is more an extension of Gmail than a separate app). Why else do you think both of them are manic about trying to get you to "validate" your account with a phone number?

    • by Tsingi ( 870990 )

      Why else do you think both of them are manic about trying to get you to "validate" your account with a phone number?

      Manic is a good choice of words.

      Google: You should give us your phone number. (for the 12th time)
      Me: Fuck off and quit asking me for my damned phone number you fucking asshats! You aren't getting it! !@$#%^%%$@#%$

      Mania is infectious.

  • Rare opportunity. (Score:5, Interesting)

    by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Tuesday October 18, 2011 @10:27AM (#37750386) Homepage

    In Soviet Russia, Facebook has profile on YOU.

  • by FyberOptic ( 813904 ) on Tuesday October 18, 2011 @10:28AM (#37750394)

    Go on various people search websites, like Spokeo, and search for yourself. Go ahead, I'll wait.

    You're probably already on the web. And tracking companies like DoubleClick already know all about your browsing habits. If you're paranoid about privacy, then you better stay off of the internet, don't use cellphones, credit/debit cards, shopper discount cards, etc, because profiling you is what makes companies extra money nowadays.

    If you think they're going to pass up the opportunity to make money just for the sake of your privacy, when there's no law to stop it, you're sadly mistaken.

    • And that there's the problem, I don't want them to have access to that information, but there's a lot of online services that I need to use in order to go about my daily life. Many of which have equivalents that are offline and not completely inconvenient. But, there are things which don't have an offline equivalent or where doing it offline wouldn't be feasible.

      I've tried to block random 3rd party javascript, but at the end of the day, the web is so fundamentally broken at this point that you never know wh

      • by FyberOptic ( 813904 ) on Tuesday October 18, 2011 @10:45AM (#37750634)

        You also have no idea if your ISP is collecting information on the sites you visit, either through DNS queries or by parsing the content of pages you visit, and creating a profile about you to sell. And once that profile exists, if even one website out there is connected to that company's profile database and can associate your visit and a particular account as being you, then suddenly they've attached a name to an otherwise anonymous profile. It can only grow from there.

        The point I was trying to make is that unless there are privacy laws and strict rules on what data networks and companies are allowed to take and sell about you, then it's simply never going to stop.

        The other point I was making is that Facebook is far from the only company doing this, and people shouldn't be wasting their time focusing on just one of them.

    • Spokeo is amusing in how BAAAD it is- looking up myself it has more things wrong than right.

      Scary that it gets anything right- but Spokeo just makes silly guesses based on, who knows what.

  • Facebook is becoming the new Microsoft to me.

    • Re: (Score:3, Insightful)

      by Zibodiz ( 2160038 )
      IMHO, Facebook passed MS a long time ago. And that's saying something. At least MS is primarily evil because of their thirst for money and control -- Facebook sees that and raises them the desire to know absolutely everything about everyone on earth, then sell it to anyone who wants it. If Zuckerberg were CEO of MS, registering Windows would be mandatory, and would require everything down to your underwear size and medical history. And there'd be text ads on the start menu that would be chosen based on
      • I have come to peace with microsoft long ago.

        They just want my money. I can live with that. Google and facebook, otoh, give me stuff "for free" in order to sell me.

        • by TheRaven64 ( 641858 ) on Tuesday October 18, 2011 @01:03PM (#37752398) Journal

          Most of Microsoft's evil was directed at their competition. They were rarely evil to their customers, lock-in aside, just incompetent. With things like lawsuits over FAT patents and demanding $15 for every Android phone sold, they're still just as evil to their competitors, but they seem to be a lot less incompetent to their customers (I've not used it, but I've heard good things about Windows 7).

          In contrast, Facebook is evil to its users.

    • Facebook is waaaaaaay more evil than Microsoft.

      Microsoft is the bumbling idiot politician who maybe steals a little bit of public money on the side- but tries to make good policies and move things along.

      Facebook is like an evil genious- hell bent on world domination and destroying anything that gets in its way- turning innocent people into mindless zombies along the way.

  • As a former Facebooker, I already block all Facebook domains to keep the stupid Like buttons and other debris off of the websites I do visit. This is just another reason to do so.

    It's amazing how much faster it is to load pages when there are no calls to Facebook.com or their content delivery domains.

    • by Pope ( 17780 )

      Do you have a quick and dirty list to post? I sense additions to /etc/hosts coming on...

      • Re: (Score:3, Informative)

        by realmojo ( 62898 )

        127.0.0.1 www.facebook.com
        127.0.0.1 facebook.com
        127.0.0.1 static.ak.fbcdn.net
        127.0.0.1 www.static.ak.fbcdn.net
        127.0.0.1 login.facebook.com
        127.0.0.1 www.login.facebook.com
        127.0.0.1 fbcdn.net
        127.0.0.1 www.fbcdn.net
        127.0.0.1 fbcdn.com
        127.0.0.1 www.fbcdn.com
        127.0.0.1 static.ak.connect.facebook.com
        127.0.0.1 www.static.ak.connect.facebook.com

  • It's going to get to the point where Facebook users (and non-users) won't even have to do anything to add information about themselves. Data mining techniques can suss out each user's personal information from the internet and aggregate it on the profile page. People with smartphones will have their locations and current activities automatically updated to their news feeds. Camera phones will automatically snap pictures and upload them to Facebook where people in them will be tagged via facial recognitio

    • by vlm ( 69642 )

      It's going to get to the point where Facebook users (and non-users) won't even have to do anything to add information about themselves. Data mining techniques can suss out each user's personal information from the internet and aggregate it on the profile page. People with smartphones will have their locations and current activities automatically updated to their news feeds. Camera phones will automatically snap pictures and upload them to Facebook where people in them will be tagged via facial recognition algorithms.

      At this point, why even bother allowing Facebook users to modify their own information? Why even bother with accounts and logins?

      How would you automate virtual farming and mafia waring? Not much of a grind game, when the grind is removed.

  • I figured they'd been doing this for years, I was just waiting to see when they'd start setting up visible profiles automatically and saying "Join up to claim your profile now! Or let the information continue to flow completely uncontrolled..."

  • by Hadlock ( 143607 ) on Tuesday October 18, 2011 @10:43AM (#37750592) Homepage Journal

    I had a weird notification this morning. Facebook wanted me to confirm that someone else said my hometown was X city. So now if you don't list this information, they're asking others to rat you out, despite your best efforts to keep that information off of the web. I'm not sure you can opt out of other people's disclosures in the same way you can opt out of listing your city/state/employer etc.

    • by sherriw ( 794536 )

      You can't I've looked. What's also bad is when FB tells you someone told them your hometown/highschool/relationship/etc is ABC you don't have an option to deny or delete that factoid. The best you can do is not show it on your profile. But FB still assumes it's true and saves it.

      I got in a long drawn out debate with friends about this recently. I politely asked people not to tell FB info about me. I was shocked how many friends argued with me... even after I gave links to articles about what FB does with th

    • Just a few months back I could not find a way to stop others from listing my employer on my own profile. I had to repeatedly delete this information as more and more people started entering it.

      As far as I can tell, only very recently did Facebook add an option to let me approve these associations. Even so, this may still be information I don't want Facebook to store on me (I have no idea what they may use it for or how secure their data is), and it's not clear given their other practices whether that inform

  • by Wattos ( 2268108 ) on Tuesday October 18, 2011 @10:44AM (#37750606)

    How is this not a violation of the data protection act? I quote from Wikipedia (http://en.wikipedia.org/wiki/Data_Protection_Act_1998)

    1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- [...]

    Personal data should only be processed fairly and lawfully. In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data (Schedule 2).

            The data subject (the person whose data is stored) has consented ("given their permission") to the processing;
            Processing is necessary for the performance of, or commencing, a contract;
            Processing is required under a legal obligation (other than one stated in the contract);
            Processing is necessary to protect the vital interests of the data subject;
            Processing is necessary to carry out any public functions;
            Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).[8]

    Is any of the above true? I certainly did not consent for my data to be processed when I am not on Facebook. Also note, it is not important who has given the data to Facebook, the DPA talks about the data subject -> The person the data is about.

    • by Neil ( 7455 )

      The Data Protection Act is UK legislation. If Facebook do hold this sort of information then they probably don't process it on servers located in in the UK (or in other European countries where the EU Data Protection Directive applies).

  • I read the comments on this article, go back to main page, and "Become a fan of Slashdot on Facebook" pops up as the dialogue next to the ./ logo.

    Irony.

  • 4-5 years ago, my friends were always asking me to stop inviting them to facebook, because they were already members. It was funny because I wasn't even a member myself. Yet, somehow they were getting invited by me to join. Cut to a few years later, I joined facebook only because I wanted to see how well integrated it worked with my palm pre. It integrated really well. A few days into my membership, I got an friend request from a college buddy. There was a shadow profile, but I had figured that he hadn't f
    • 4-5 years ago, my friends were always asking me to stop inviting them to facebook, because they were already members. It was funny because I wasn't even a member myself. Yet, somehow they were getting invited by me to join.

      Cut to a few years later, I joined facebook only because I wanted to see how well integrated it worked with my palm pre. It integrated really well. A few days into my membership, I got an friend request from a college buddy. There was a shadow profile, but I had figured that he hadn't filled his profile out yet. So I accepted. The next day he told me he said f*ck it and joined on my invitation. So, he wasn't a member and hadn't done a friend request. I felt so stupid for falling for it. My acceptance of his friend request generated an invite to join FB from me. I should have known better. Needless to say, I researched how to delete my account. Funny enough, there's still a shadow profile of me naturally. My buddy, on the other hand, lives on the site. I guess he can blame me once he wakes up from his FB daze.

      I've had similar experiences where Facebook outright lied about where an invitation came from (just as your case above), and about one friend adding another friend who was not on my Facebook. That was a strange one - it told me that my cousin was friends with a person I knew in grad school, which seemed very unlikely seeing as how they live 2,500 miles apart and didn't seem to have any reason to know each other. But hey, it's a small world, so I checked my cousin's profile - turned out Facebook was lying, j

  • Sign up for facebook and fill it with lies. Soon their information won't be worth jack shit.
    • I've never joined facebook or wanted to.

      Now I'm tempted to- just to create a bunch of BS so that it is confused about my real data.

      Fill in a bunch of fake data- connect via a proxy- then unregister myself before people start giving me friend requests.

      Just stay on long enough to screw up FB's data on me.

  • I very carefully avoid giving Facebook information [like my cell phone numbers and most of my email addresses, etc] that I don't want them to have [or by subsequent TOS change, share with the world]. But I can't prevent my gullible sister-in-law from uploading it all to them anyway through her careless use of Facebook's iPhone app or her blithe acceptance of having her address book vacuumed up in the alleged search for alleged friends. So even if I don't give it to them, it's too late. They have it already
  • by evilandi ( 2800 ) <andrew@aoakley.com> on Tuesday October 18, 2011 @10:59AM (#37750828) Homepage

    For heaven's sake, get it into your head: You do not "own" facts about yourself. You never did. It has never been, and will never be, illegal for someone to look at you in the bus queue and observe what clothes you're wearing, what your height is, what your hair colour is, or what number bus you're queuing for. Nor is it illegal for someone to listen to you chatting to your friend and hear your name or where you live.

    Even before the widespread use of computers, people were compiling databases about individuals. In the Victorian and Edwardian era there were still card indexes of potential customers' names and addresses.

    What is different here is the *interconnectedness* . I don't mind people complaining about interconnectedness - I mean, it's pointless and they've missed the boat by at over 20 years, but it is at least a valid argument. The ability of this information to spread at lightning speed between billions of people using thousands of databases, yes, that is relatively new. But complaining about somebody else knowing facts about you, that's dumb.

    In England we've had this for well over 950 years, since the Domesday Book in 1089AD which listed every landowner in the country. Most likely the Roman empire kept a similar directory over two thousand years ago.

    If you visit a company's website and they record the facts of your visit, that is NOT illegal. It's not even immoral. It only becomes controversial when they pass this information on to an entity which was not otherwise involved with your visit.

    • by firewrought ( 36952 ) on Tuesday October 18, 2011 @01:10PM (#37752502)

      You do not "own" facts about yourself. You never did. It has never been, and will never be, illegal for someone to look at you in the bus queue and observe what clothes you're wearing, what your height is, what your hair colour is, or what number bus you're queuing for.

      Yes, but it's also true that if a creepy man staked out a bus stop for months on end recording data about people, the police could get him to "move along sir". And if that creepy man was following you around all day, day in and day out, you could get a restraining order against him. Somehow I think getting a restraining order against FaceBook, Google, etc. will be a little more difficult despite the fact that they are stalking the entire world. What's needed is for the legislature to come to the rescue.

      • Somehow I think getting a restraining order against FaceBook, Google, etc. will be a little more difficult despite the fact that they are stalking the entire world.

        No need for an order against Google. Go look at Google's privacy tools page (there's a link on the bottom of the search page). You can see everything Google is tracking about you and Google provides ways to opt out of all tracking and even tools to ensure that your opt-outs don't get lost. Try it. You'll see that you start seeing more generic advertising and your search result quality will decline a little.

  • I note that many of the people loudly complaining about Facebook in this matter have Gmail addresses. What do you think Google does with all those contacts they scrape from your messages and that you enter into your Android phone? Especially when correlated with what OTHER people put into their Google Contacts?

    Whether you actively participate in the "graph" (FB, Goog, any entry point) or not, you have a node representing you. Even if your node has some wrong information, most of it is probably accurate. Hec

  • Last weekend I when logged in FB it tried to friend every contact from my huge hotmail contact list it could match in its profiles. Fortantely I was able to halt this before it happened. Scary.
  • by LoudMusic ( 199347 ) on Tuesday October 18, 2011 @11:06AM (#37750922)

    Surely someone better at programming than myself has either produced or is working on a simple set of software that will fill these databases with false information, rendering the whole thing unreliable. This actually seems like an appropriate task for an organization which refers to itself as anonymous .

    Even if human interaction is needed (or better at than software) to create the accounts (answer captchas), once the couple million accounts are up and running they could randomly friend and unfriend each other, get involved in various groups, produce believable profiles, and become pollutants in the databases of companies such as Google and Facebook. Before long there rises the question, "is this profile real or fake? can't answer that? can't consider it real". The fakes could even base their profile on real profiles, altering things like school graduation year, and selecting a subset of contacts from various 'friends' of the real profile. With just a few 'friends' on Facebook an account rapidly begins receiving suggestions from Facebook itself on who might also be a known friend. It would be self propagating.

    This may already be in action. I've had a few people/accounts that I did not know on Facebook send me a friend request, but were friends with several of my friends. Before accepting I asked our mutual friends if they knew who this person was. More often than not my friends said they didn't know them but since we went to high school together they didn't want to be rude. NO THANKS! Just as easily as this could be a data pollutant account it could also be a 3rd party mining Facebook for private information. Social engineering has always been a more powerful method than security hacking.

    Anyway, I just think that rather than fighting for privacy the better approach is to corrupt their data through their own system. It seems more wicked.

  • When both users are registered, Facebook is able to extract relationship data from somewhere. I have received friendship suggestions for people who once sent a single email to an alternate email account I used years ago, which I never put on Facebook. Even assuming all these people are fucking idiots who gave Facebook access to their email accounts, this shows Facebook harvests far more data than it lets on.

    In this case, it firstly stores your email contact lists even if you decline to manually send these people contact requests. It secondly is able to form (from other sources, maybe other people's email accounts) a link between different email addresses you have used.

Keep your boss's boss off your boss's back.

Working...