Facebook Exposes “Shadow Profiles” – Information You Didn’t Know They Were Collecting About You

ZD Net reports:

Friday Facebook announced the fix of a bug it said inadvertently exposed the private information of over six million users when Facebook’s previously unknown shadow profiles accidentally merged with user accounts in data history record requests.

According to Reuters, the data leak spanned a year beginning in 2012.

The personal information leaked by the bug is information that had not been given to Facebook by the users – it is data Facebook has been compiling on its users behind closed doors, without their consent.

A growing number of Facebook users are furious and demand to know who saw private information they had expressly notgiven to Facebook.

Facebook was accidentally combining user’s shadow profiles with their Facebook profiles and spitting the merged information out in one big clump to people they ‘had some connection to’ who downloaded an archive of their account with Facebook’s Download Your Information (DYI) tool.

According to the admissions in its blog, posted late Friday afternoon, Facebook appears to be obtaining users’ offsite email address and phone numbers and attempting to match them to other accounts. It appears that the invisible collected information is then being stored in each user’s ‘shadow profile’ that is somehow attached to accounts.

Users were clearly unaware that offsite data about them was being collected, matched to them, and stored by Facebook.

Just in case you forgot, Facebook was named as a participant in the PRISM data collection scheme, run by the NSA, which means the NSA has access to all of that shadow data as well.  Also, Facebook’s former security chief now works for the NSA.  It wouldn’t surprise me at all to learn that shadow data was collected explicitly for the NSA’s use.

I’m considering dumping my Facebook profile and my Gmail account, given that they are so intimately tied into the NSA.  I suppose it doesn’t do much good now though.  They already know who all of my friends are. They already have all of my email history stored on NSA servers.   They have all of my call history stored.  They have all of my banking history stored.  And I assume they have all of this blog and my numerous other postings stored.  At this point, stopping the use of Facebook and Google would really be nothing more than a symbolic measure.

It really is annoying.  I can symbolically protest their actions by ceasing to use their services, and in so doing, inconvenience myself and my friends greatly by forcing them to contact me through more secure channels, or I can simply bitch about it.  Tough call.

  • Diggittydiggittydawwwwg

    hahahaha you trusted the internet? HAHAHAHAHA you trusted the government? Let me guess, you are also a debt slave? Lemme guess you post messages with one of those four accounts as well… You are just another member of the moronic masses that call themselves Muricans… Guess what I may be poor and out of the loop… but I am free and an individual who can see through schemes as if they were glass. Tear the new testament out of your bible and it will truly be holy. Shalom.

  • I’ve been wondering about ways to resist the NSA machine. Would it have much affect to offer an app that scraped excerpts from text like the Constitution, Bible, Koran and other non-copyrighted text then 256 bit encrypt it and send it all over hell’s half acre, perhaps between a network of Freedom seekers? Good encryption sucks up a lot of computing power – what if it was ubiquitous?

    • No, it wouldn’t matter, other than to slow down network traffic for everyone. Encrypted traffic is already ubiquitous. The NSA can’t decrypt the shit yet, they are just storing it all in the hopes that one day they will be able to.

      The talk about new quantum super-computers and all that jazz still doesn’t amount to a hill of beans when it comes to breaking +128 bit encryption. It would take a computer more powerful than God to brute-force that shit.

      That means they have to selectively target the messages they are trying to break. So they aren’t ever going to waste their time trying to decrypt messages that aren’t coming from a specific target they have in mind.

      To break those messages, they would probably target the physical boxes sending the messages directly, hack them, and get the private keys to decrypt the messages.

      • Thanks. Good to know. It ain’t easy to break a Death Star.