Facebook's "shadow profiles": the involuntary dossiers of information you never provided, and can't opt out of


Originally published at: https://boingboing.net/2017/11/08/involuntary-profiling.html


I just signed up for an account for the first time to coordinate an event, using a brand new email, fake details, and a recently new IP on my Internet connection, shared no contacts or anything of the sort, and am being shown connections that there’s absolutely no way Facebook should have any way of connecting. It’s both astounding and disgusting to me.


IPs change all the time. You’ve got cookies and a browsing fingerprint that can match the new you to the old you. Not to mention your MAC address.


It may feel creepy, but they’re just taking public data and finding the connections. It’s the same thing a private eye would do, but a billion times a second.

How are detectives regulated? I’m pretty sure I’ve heard there’s a license and gun rules and the like. I wonder if FB is licensed?


Private browsing mode only for Facebook in addition to the other steps listed, so no cookies at least, plus ad and tracker blocking in browsers at all times, etc. Browser fingerprinting and MAC address matching are the only possible metrics, and they’re displaying stuff like work colleagues and family members that I have no public associations with in my browsing. It’s pretty gross.


Which protocol will send your MAC address over the Internet? (i.e. It’s not in TCP/IP.)


On one hand it’s a little creepy, on the other hand at least they are giving you an idea of how sticky your digital fingerprint is. I mean this stuff exists with or without Facebook.


fair enough. I was thinking about stuff like tracking pixels and somehow MAC address ended up on the screen.


Depends how close your data collectors are to the client. Or IPv6, without privacy extensions enabled. The latter doesn’t apply to me, and I’d be surprised if the former did.


It illustrates how many scumbags there are out there who will take your private data without explicit consent, how disgusting Facebook is, and just how little privacy any of us have, even when applying some level of diligence.


LinkedIn has also suggested people I know as contacts where they shouldn’t have any data connecting us. (I’m a Scientology critic, so I’m very careful about that.) The only place a hard link exists is in my Google contact list. Things that make you go hmmm.


It is disturbing to know that there are comprehensive, intimate records of your life out there. But that’s probably unavoidable, and always was, so arguably it’s better that at least we’re more aware of it.

I wouldn’t worry about whether Facebook can get this information, or if there’s a way for individuals or governments to stop them, because there isn’t. I do worry about how to stop Facebook causing harm with its massive stockpile of thermonuclear privacy bombs. IMO the best way would be to just kill it, but that doesn’t exclude the many other options.

I’ve noticed a couple of stories recently, including this one, which appear to contain the message “Facebook has a ton of dirt on you, but if you sign up to Facebook and claim your sex tapes and private contact details, then we can ‘safeguard’ them for you”. Which is some next-level protection racket bullshit, and which my paranoia tells me is a deliberate PR push by Facebook.

It’s important to remember that, if Facebook has the means to prevent you being violated via their platform, the conclusion is not that you need to create a Facebook account right away. The conclusion is that Facebook refuses to behave ethically, and needs to be regulated hard.


Why can’t it magically say that all the people I was madly desperately in love / lust with at school are now madly desperately in love / lust with me now? Why? Why can’t it do that? Why?


No worries. I’ve seen the idea that MAC addresses can be remotely accessed so many times that when I wanted to do it myself, I was surprised to find that it’s just not there in TCP, IP, or UDP. Javascript shouldn’t allow it. ActiveX or Java, sure, but who uses those?

If there’s a way to do it that doesn’t involve my ISP’s cooperation, it must be sneaky.

ETA: Wifi is a whole other story, of course.


This is why I don’t use Facebook. Or have a cellphone. No loss.


I’ve never been a FB user precisely because of their cavalier attitude toward user privacy. However, I know I’m in there despite my best efforts to stay out. I’m starting to wonder if I should set up a bare-bones account polluted with deliberate misinformation just to exert a modicum of control over things. The data brokers already have a very incorrect idea of my identity and I’d probably continue to promote that image.


I am thinking of making a Digital Zuckerberg that collects every bit of Zuckerberg family information, actions, data, speech, and travel information available from the internet.


It’s only recently i’ve seriously considered having a profile to keep in touch with some people i might not see again and no doubt i already have a modest shadow profile on there but no, it’s still a racket and zuck is a creep who cares about his own privacy but nobody else’s. People need to dump this shit on mass before our respective governments require it as some form of citizen i.d.


Do you have an email address? Because if anyone else has that email address and they’re on facebook, then FB already knows about you. Same goes for you being tagged in photos that other people have taken of you and then uploaded to facebook.
Hell, they’re probably searching posts for people’s names, so if you’ve ever been mentioned on fb they’ve probably had a go at matching that name to other information.

Basically the only way to stay off fb is not to make an account and not to have any friends or acquaintances who do either

I don’t have an account, but I’m under no illusions that they already have a profile on me. Maybe it would be better if I did sign up, but then do my best to pollute that profile with made up nonsense?


Linkedin is oddly obsessed with the idea that I need to connect with my husband’s cousin. I might have met him once, a dozen years ago. He comes up every week as a “new” suggestion. It doesn’t do that to anyone else.