Facebook Knows Way More About You Than You Think
Before you read this, there is something you should know. This article is long. Also, i’m not anti Facebook, nor am i anti social media. But I recently deleted my Facebook account. Not deactivated, but deleted.
And the reason was this. I felt that the data I had shared had gone out of my control. I couldn’t remember what I did share, didn’t share or even from what site or app or device the sharing occurred from.
I was worried frankly. I needed a reset.
Note that some of the items discussed in this article are conjecture on my part and they should not be taken as confirmation that Facebook either does, or doesn’t do something. Make your own mind up.
Was it listening to me? Yes
About the data being out of control. I had felt like this for a while. I have said to friends for a long time, before any official announcements were made by Facebook, that I though that I was being listened to. People laughed.
I was advertised a product on Facebook and I had not ever searched for it on the internet, not on any device. But I had mentioned it to my wife a few days prior. Sure enough the ad was on the timeline for the exact product in question. The exact brand. The product was in no way related to any computer activity i may have had. It happened a few times afterward too but it was harder to distinguish between my search history and the timing of the ads. That one occasion though. Stone wall eavesdropping.
It was funny in a way at first, but something was wrong. Some time afterward the announcement was made that Messenger would listen to you. I uninstalled it.
The final straw – Stop Reading My Messages!
But on 7th March this year something else happened. I was texting a friend on WhatsApp on my iPhone, nothing exciting, just general conversation about an event the next day we were attending. A christening in fact. Nothing unusual or out of the ordinary.
A couple of hours later I opened up the Facebook app on my iPad. A couple of posts down was an advert. The advert was for a product that isn’t the type of product to normally be marketed to me so it stuck out a bit.
However, the advert was not only there, and not only clearly out of place, but it contained the exact phrasing used in the previous WhatsApp message exchange. The exact text.
Now, it dawned on me that Facebook recently bought WhatsApp for a frighteningly large sum of money. Especially when you consider that millions of people simply use it for free and there are no ads i.e. no obvious method of income. (I’m aware some people pay 99c a year. Name one!)
I deduced from this that Facebook had circumvented the WhatsApp message encryption, read my message, aggregated the text and then served me an advert on my timeline. I don’t have any proof, but there is no way that advert could have been, or would have been served in any other scenario.
And that was the proverbial straw. I made the connection in my head that Facebook is reading my private, and encrypted WhatsApp messages. So as well as all the other data it had, it simply had to go.
My Facebook Suicide
And so my personal Facebook life was ended.
Its sad as I used it to keep in touch with family who i don’t see often as well as friends from all over the world I met whilst travelling and living abroad. Friends of friends I met randomly, old school friends etc.
To ensure my Facebook suicide wasn’t completely in vain, i thought I would try and get something out of it though. Just before removing my account I downloaded my Facebook data file and I was absolutely shocked by the sheer volume of sensitive data it held.
More so, I started to consider how it might use the data if it wanted to. I am not suggesting Facebook actually does any of the things I suggest, but its clearly a possibility. To begin with though, lets just look at what they have as a baseline:-
This list is taken directly from the Facebook Website and I shall build on it as its a little more in depth that suggested.
|What info is available?||What is it?||Where can I find it?|
|About Me||Information you added to the About section of your Timeline like relationships, work, education, where you live and more. It includes any updates or changes you made in the past and what is currently in the About section of your Timeline.||Activity Log|
|Account Status History||The dates when your account was reactivated, deactivated, disabled or deleted.||Downloaded Info|
|Active Sessions||All stored active sessions, including date, time, device, IP address, machine cookie and browser information.||Downloaded Info|
|Ads Clicked||Dates, times and titles of ads clicked (limited retention period).||Downloaded Info|
|Address||Your current address or any past addresses you had on your account.||Downloaded Info|
|Ad Topics||A list of topics that you may be targeted against based on your stated likes, interests and other data you put in your Timeline.||Downloaded Info|
|Alternate Name||Any alternate names you have on your account (ex: a maiden name or a nickname).||Downloaded Info|
|Apps||All of the apps you have added.||Downloaded Info|
|Birthday Visibility||How your birthday appears on your Timeline.||Downloaded Info|
|Chat||A history of the conversations you’ve had on Facebook Chat (a complete history is available directly from your messages inbox).||Downloaded Info|
|Check-ins||The places you’ve checked into.||Activity Log |
|Connections||The people who have liked your Page or Place, RSVPed to your event, installed your app or checked in to your advertised place within 24 hours of viewing or clicking on an ad or Sponsored Story.||Activity Log|
|Credit Cards||If you make purchases on Facebook (ex: in apps) and have given Facebook your credit card number.||Account Settings|
|Currency||Your preferred currency on Facebook. If you use Facebook Payments, this will be used to display prices and charge your credit cards.||Downloaded Info|
|Current City||The city you added to the About section of your Timeline.||Downloaded Info|
|Date of Birth||The date you added to Birthday in the About section of your Timeline.||Downloaded Info|
|Deleted Friends||People you’ve removed as friends.||Downloaded Info|
|Education||Any information you added to Education field in the About section of your Timeline.||Downloaded Info|
|Emails||Email addresses added to your account (even those you may have removed).||Downloaded Info|
|Events||Events you’ve joined or been invited to.||Activity Log |
|Facial Recognition Data||A unique number based on a comparison of the photos you're tagged in. We use this data to help others tag you in photos.||Downloaded Info|
|Family||Friends you’ve indicated are family members.||Downloaded Info|
|Favorite Quotes||Information you’ve added to the Favorite Quotes section of the About section of your Timeline.||Downloaded Info|
|Followers||A list of people who follow you.||Downloaded Info|
|Following||A list of people you follow.||Activity Log|
|Friend Requests||Pending sent and received friend requests.||Downloaded Info|
|Friends||A list of your friends.||Downloaded Info|
|Gender||The gender you added to the About section of your Timeline.||Downloaded Info|
|Groups||A list of groups you belong to on Facebook.||Downloaded Info|
|Hidden from News Feed||Any friends, apps or pages you’ve hidden from your News Feed.||Downloaded Info|
|Hometown||The place you added to hometown in the About section of your Timeline.||Downloaded Info|
|IP Addresses||A list of IP addresses where you’ve logged into your Facebook account (won’t include all historical IP addresses as they are deleted according to a retention schedule).||Downloaded Info|
|Last Location||The last location associated with an update.||Activity Log|
|Likes on Others' Posts||Posts, photos or other content you’ve liked.||Activity Log|
|Likes on Your Posts from others||Likes on your own posts, photos or other content.||Activity Log|
|Likes on Other Sites||Likes you’ve made on sites off of Facebook.||Activity Log|
|Linked Accounts||A list of the accounts you've linked to your Facebook account||Account Settings|
|Locale||The language you've selected to use Facebook in.||Downloaded Info|
|Logins||IP address, date and time associated with logins to your Facebook account.||Downloaded Info|
|Logouts||IP address, date and time associated with logouts from your Facebook account.||Downloaded Info|
|Messages||Messages you’ve sent and received on Facebook. Note, if you've deleted a message it won't be included in your download as it has been deleted from your account.||Downloaded Info|
|Name||The name on your Facebook account.||Downloaded Info|
|Name Changes||Any changes you’ve made to the original name you used when you signed up for Facebook.||Downloaded Info|
|Networks||Networks (affiliations with schools or workplaces) that you belong to on Facebook.||Downloaded Info|
|Notes||Any notes you’ve written and published to your account.||Activity Log|
|Notification Settings||A list of all your notification preferences and whether you have email and text enabled or disabled for each.||Downloaded Info|
|Pages You Admin||A list of pages you admin.||Downloaded Info|
|Pending Friend Requests||Pending sent and received friend requests.||Downloaded Info|
|Phone Numbers||Mobile phone numbers you’ve added to your account, including verified mobile numbers you've added for security purposes.||Downloaded Info|
|Photos||Photos you’ve uploaded to your account.||Downloaded Info|
|Photos Metadata||Any metadata that is transmitted with your uploaded photos.||Downloaded Info|
|Physical Tokens||Badges you’ve added to your account.||Downloaded Info|
|Pokes||A list of who’s poked you and who you’ve poked. Poke content from our mobile poke app is not included because it's only available for a brief period of time. After the recipient has viewed the content it's permanently deleted from our systems.||Downloaded Info|
|Political Views||Any information you added to Political Views in the About section of Timeline.||Downloaded Info|
|Posts by You||Anything you posted to your own Timeline, like photos, videos and status updates.||Activity Log|
|Posts by Others||Anything posted to your Timeline by someone else, like wall posts or links shared on your Timeline by friends.||Activity Log|
|Posts to Others||Anything you posted to someone else’s Timeline, like photos, videos and status updates.||Activity Log|
|Privacy Settings||Your privacy settings.||Privacy Settings Downloaded Info|
|Recent Activities||Actions you’ve taken and interactions you’ve recently had.||Activity Log|
|Registration Date||The date you joined Facebook.||Activity Log|
|Religious Views||The current information you added to Religious Views in the About section of your Timeline.||Downloaded Info|
|Removed Friends||People you’ve removed as friends.||Activity Log |
|Screen Names||The screen names you’ve added to your account, and the service they’re associated with. You can also see if they’re hidden or visible on your account.||Downloaded Info|
|Searches||Searches you’ve made on Facebook.||Activity Log|
|Shares||Content (ex: a news article) you've shared with others on Facebook using the Share button or link.||Activity Log|
|Spoken Languages||The languages you added to Spoken Languages in the About section of your Timeline.||Downloaded Info|
|Status Updates||Any status updates you’ve posted.||Activity Log |
|Work||Any current information you’ve added to Work in the About section of your Timeline.||Downloaded Info|
|Vanity URL||Your Facebook URL (ex: username or vanity for your account).||Visible in your Timeline URL|
|Videos||Videos you’ve posted to your Timeline.||Activity Log|
Permissions and Consent: Perception Vs. Reality
Now some of this stuff is fairly obvious, and I knew full well when I signed up for Facebook and other apps and sites etc that there was a level of sharing going on. I understood that, or so I thought.
But I was uncomfortable with my entire phonebook being on there. Now when i granted access to it, i was not aware that I was granting access for Facebook to enter my phone and copy all of my contacts to their server. It may have been in the small print, but I had perhaps naively thought that it was to enable the chat function on the app to work for example. What I am saying is that I did not consider the numbers would be stored off my phone (like with gmail), rather that they be accessed by Facebook on my phone.
Could Facebook go through all the phone numbers, find out who is male and female (mostly obvious from he names) check if they have Facebook accounts, check what commonalities there are between the friends. Serve ads up to us all in groups? How many time have you had the conversation “I saw a cool looking thing on Facebook last night”, “ Yeah I saw it to”. I am beginning to think it isn’t an accident and that there is group profiling afoot.
All ads in the real world are based on group demographics. The advent of the internet and contextualised ads meant ads could be specific to individuals. But this could be a new game altogether. Small groups of likeminded individuals known to each other being served ads in unison to drive group decisions. Is that social engineering? I don’t know, its all conjecture on my part.
But I know I don’t like it.
Photos always seem innocuous enough, and we have all heard of geo tagging photos etc. But when the photos are uploaded it tells you much more down to the IP address it was uploaded from, the device, the exposure type.
This is just one entry detail from a single photo. I had over 300 photos:
Camera Make – Apple
Camera Model – iPhone 3G
Orientation – 6
F-Stop – 14/5
Latitude 51.XXXXXXXXXXXX (obscured for my privacy)
Longitude -2.XXXX (obscured for my privacy)
Upload IP Address XX.X.XX.XXX (obscured for my privacy)
(I removed some of the personal details myself by Latitude is accurate to 12 decimal places and Longitude to 4)
And that is just one photo! it knew in this instance my home location, ip address, phone model, location the photo was taken, the connection type as well as technical data about my photo taking device.
In terms of the photo details, there isn’t much they could do with that apart from try and sell me a better camera! But it begs the question why?. Why do they want that data? what do they need that data? In my head I imagine someone at Facebook must have said “Mr Z, we can save some server load and storage space if we don’t capture the photograph exposure details and camera type” and he must have said “Collect it, collect it all” before doing some kind of megalomaniacal laugh.
I mean, am I being unreasonable? Was it made explicit that if I uploaded even a single photo that they would collect and store that much information? and for so long?
I checked photos going back to 2008 in the download file and there were details such as IP address etc stored.
I guess my beef i that I just feel its excessive. Most companies in the UK will generally store data for 3 years and if its not relevant it will go. But where is the value in keeping records of my IP addresses and camera model over the course of a 7 year period? I just don’t know.
There was 7 years’ worth of chat messages, at least. They are all there, all held in black and white just waiting to be data mined for key words to presumably try and target ads at me. To be fair to Facebook I don’t think they kept this secret, if you don’t want them to do it just delete the chat.
As you can see there is frightening amount of data. Frankly I didn’t realise I ‘leaked’ so much of it.
But what will Facebook do with it, and more importantly, what could they do with it if they wanted to in the future?
This is where my mind started messing with me.
Phonebook Data. Does Facebook Talk to My Mum?
Lets go back to my phonebook. The phonebook included the names and phone numbers, some email addresses etc of everyone in my phonebook. Thats a lot of digits.
Now, i’m willing to bet that Facebooks friend finding algorithm looks up everyone in my phonebook by number or email to soo if I am in their book, and then checks we are friends. If we aren’t it will probably suggest to me on the timeline that “I may know them”. Fine. But let’s tae this a bit further.
Let’s say Mother’s day is coming up ( it actually just went in the UK but hear me out). Those people with parents will generally store their parents in their phone as Mum, Mom, Ma, Mother or whatever. It will normally be obvious.
Well Facebook knows my mothers phone number so it can look to see if she has a Facebook account too. These days Facebook probably also has my number on my mothers account as she more than likely has her phonebook on there too. She has her own timeline, likes, dislikes etc.
So Facebook then could in theory find out what my own mother likes, and display those items to me on my timeline as suggested mothers day gifts? Silly idea? actually helpful since I never know what to buy her? You decide
But it could be the same for any other event, Fathers Day, Birthdays, christmas, Valentines, Weddings, Christenings. Literally any event it mines in it’s data.
One item it holds as well is a list of ‘topics’ I like and a list of ads that I have engaged with. Again, its not really personal stuff, but its the act of collecting with such intent that really does put me off. I’m sure any company with something to sell does this to some extent. Maybe its just amplified when the activity you probably weren’t considering was being tracked in such a way.
I simply didn’t realise how much of myself was being leaked to the internet and being analysed. I feel like they know me more than me!
I put some below but I edited some of the more local ones for the sake of my privacy.
|Ads Topics 1|
|#A Brief History of Time|
|#Western Carolina University|
|#Law & Order|
|#Kings of Leon discography|
|#Legends Football League|
|#The Elegant Universe|
|#Legend (1985 film)|
|#CSI: Crime Scene Investigation|
|#Interpol: Live in Astoria EP|
|#24 (TV series)|
|#Cold War Kids|
|#Call of Duty 4: Modern Warfare (Nintendo DS)|
|#Call of Duty 4: Modern Warfare|
|#Into Thin Air|
|TheRichest (Clicked Ad) Wednesday, 21 January 2015 at 20:56 UTC|
|Boredom Therapy (Clicked Ad) Friday, 23 January 2015 at 15:53 UTC|
|Unofficial: Overly Attached Girlfriend (Clicked Ad) Friday, 23 January 2015 at 20:38 UTC|
|OMG Facts (Clicked Ad) Friday, 23 January 2015 at 21:59 UTC|
|Awkward Family Photos (Clicked Ad) Saturday, 24 January 2015 at 14:36 UTC|
|Trendy Article (Clicked Ad) Saturday, 24 January 2015 at 16:40 UTC|
|Childish Giggle Of The Day (Clicked Ad) Saturday, 24 January 2015 at 18:59 UTC|
|The Daily Lad (Clicked Ad) Saturday, 24 January 2015 at 21:43 UTC|
|ViralNova (Clicked Ad) Saturday, 24 January 2015 at 22:47 UTC|
|Chris-Cardell (Clicked Ad) Sunday, 25 January 2015 at 22:02 UTC|
|Greenpeace UK (Clicked Ad) Sunday, 25 January 2015 at 22:06 UTC|
|Greenpeace UK (Clicked Ad) Sunday, 25 January 2015 at 22:06 UTC|
|ViralNova (Clicked Ad) Wednesday, 28 January 2015 at 23:06 UTC|
|Property Partner (Clicked Ad) Thursday, 29 January 2015 at 20:45 UTC|
|Challenge the Fine (Clicked Ad) Wednesday, 4 February 2015 at 19:45 UTC|
|SlipTalk (Clicked Ad) Sunday, 8 February 2015 at 17:59 UTC|
|OMG Facts (Clicked Ad) Wednesday, 18 February 2015 at 16:47 UTC|
|Boredom Therapy (Clicked Ad) Saturday, 21 February 2015 at 21:03 UTC|
|Dee Davis (Clicked Ad) Sunday, 22 February 2015 at 18:13 UTC|
|Dee Davis (Clicked Ad) Sunday, 22 February 2015 at 18:14 UTC|
|The Mortgage Centre (Clicked Ad) Thursday, 26 February 2015 at 08:10 UTC|
|iwoca (Clicked Ad) Saturday, 28 February 2015 at 00:47 UTC|
|LBC (Clicked Ad) Tuesday, 3 March 2015 at 18:41 UTC|
|UK government (Clicked Ad) Wednesday, 4 March 2015 at 13:26 UTC|
|The Trade Centre XXXXX (Clicked Ad) Wednesday, 4 March 2015 at 23:52 UTC|
|Coding Dojo (Clicked Ad) Thursday, 5 March 2015 at 21:44 UTC|
|Suggest (Clicked Ad) Friday, 6 March 2015 at 00:39 UTC|
|Dacia UK (Clicked Ad) Saturday, 7 March 2015 at 15:38 UTC|
|Dacia UK (Clicked Ad) Saturday, 7 March 2015 at 15:38 UTC|
|Dacia UK (Clicked Ad) Saturday, 7 March 2015 at 15:39 UTC|
|Little Kickers XXXXXXX (Clicked Ad) Saturday, 7 March 2015 at 18:20 UTC|
|Little Kickers XXXXXXX (Clicked Ad) Saturday, 7 March 2015 at 18:21 UTC|
|Easy Law Training (Clicked Ad) Saturday, 7 March 2015 at 18:36 UTC|
|Boredom Therapy (Clicked Ad) Sunday, 8 March 2015 at 16:04 UTC|
|Doodle-Video.com (Clicked Ad) Monday, 9 March 2015 at 18:25 UTC|
|Fast & Furious Fanatics (Clicked Ad) Tuesday, 10 March 2015 at 19:59 UTC|
|ViralNova OMG (Clicked Ad) Wednesday, 11 March 2015 at 22:28 UTC|
|Cornwall Holiday Guide (Clicked Ad) Wednesday, 11 March 2015 at 23:11 UTC|
|WP Dev Shed (Clicked Ad) Thursday, 12 March 2015 at 13:22 UTC|
It also included in a handy table every IP address I have accessed the site from. Now the table below has made up IP Addresses in there but the list itself is the exact length of the list I had. These IP addresses are not real, I changed them all but I put them here so that you can see the sheer amount of them rather than just say it was over 100.
Why God, whyyyyyyyyyy?!!!!
Again, the question for me is simply why.
Frankly at this point I was thinking that it is a government sanctioned honeypot for the authorities (but I had just watched Citizen Four). Maybe Facebook is XKeyScore (clearly i am joking!)
Can you imagine if you had any kind of “dealing” going on that was even remotely suspect for whatever reason. Facebook could quite literally tell the police where you lived, where you parents and family lived, where you photos were taken, your whereabouts over a defined period of at least 7 years.
It would be impossible NOT to track you down if you were even a semi regular user! And Facebook openly states it will comply with any information requests from law enforcement. So imagine the sheer wealth of information available to anyone that requests it. Now thats not a reason to shut down your account, none of this is. This is about realising exactly how much data you have shared and how it could be used. Its the last part that it not open to scrutiny and it is the former that seems to only expand over time.
I mean have you ever had an app update that told you it needed less information and less permissions.
And there is more
And the data continues.which I wont post but there was a large list of not only IP addresses, but IP addresses translated into approximate longitudinal and latitudinal coordinates. And whilst I know its possible to infer one from he other, I cannot fathom why you as a company would choose to store it for so long.
Facebook is a cookie monster
There was also a very large cookie log. This may be related to security when logging in (although that was listed separately) but in some instances the same cookie was entered into the system in September 2011 and updated in March of 2015!! I mean that is a really persistent cookie, what the hell was it watching me do?
Here is that particular entry
Created: Sunday, 25 September 2011 at 21:11 UTC+01
Updated: Wednesday, 11 March 2015 at 22:20 UTC
APP-arantly I use a lot of apps
Last but not least, consider the apps that you allow on your Facebook account. The list below was way larger than I thought it would be. Each app has its own settings and may mean data is stored elsewhere. Just to give you an idea, my app list looked that this
Costa Coffee Mobile
PNP – Portable North Pole
Infinite Monkeys LLC
(Edited by UnlockWorldTV)
(Edited by UnlockworldTV)
Pizza Hut Online Delivery
eBay for iPad
(Edited by UnlockworldTV)
Yahoo! Contact Importer
Photo Editor by Aviary
So thats the data Facebook holds for me, and I simply could not believe that over the 9 years I had the account that I had leaked so much data. But maybe thats their plan. Maybe i was socially engineered into leaking data little and often.
This article isn’t about anti social networking which seems to be trendy. This is about checking what data you have shared already and seeing if it matches what you thought you agreed to. I consider myself fairly strict in releasing data but over a 7 year period I have agreed to release a phenomenal amount of data, and I can honestly say I had no idea it was so much. Nor can I work out where I released it from.
Was it an app?, What device was it even released from?
The point it, just check in on your data and make sure you are happy with it. After all, it doesn’t matter how much data they have as long as you are satisfied with how it will be used and that you gave initial consent for it.
My advice is to
- Always check your app permissions
- Always check your security settings
- Always use some king of IP masking, even use googles public DNS servers
- Check out your own data cut and decide whether you need to reset your account by deleting and not deactivating.
I hope you enjoyed this and please feel free to check out your own data archive on Facebook and see how you feel about it. I’d love to hear your thoughts on whether it matched what you thought you had released.
To save you time, I put a poll here and you can just click it.
Just a final note. You may read this on Facebook. I transferred the business page of my Facebook account and am now a lone Facebook person with no friends on a new profile with no permissions granted from anything other than this site. I’ve saved at least 20 minutes a day by not being on Facebook and I don;t miss it.
Get more cool stuff like this
in your inbox
Subscribe to our mailing list and get more stuff and updates to your inbox.