

How did Facebook guess my email address? - iamdave
http://www.reddit.com/r/AskReddit/comments/c2ko3/how_did_facebook_guess_my_email_addresses/

======
jgrahamc
I've written about this in the past: <http://blog.jgc.org/2009/12/facebooks-
creepy-privacy.html>

And, not mentioned in that post, is that fact that that email was sent to an
address that Facebook does not have. They sent it to a valid email address for
me, but not one I had told Facebook about.

~~~
iamdave
Interesting blog post, actually because it gives us a glimpse into exactly how
serendipitous Facebook is with your data. I remember someone making a comment
in another FB thread here on HN to the effect of "I might opt-out of the
social graph, and lock my profile down, but my data would still leak out of
the cloud because of ONE photo a friend tagged me in".

I think it's time for me to alert my closest contacts and let them know where
I'll be. Facebook and I are done.

~~~
NathanKP
_let them know where I'll be_

Where are you going after Facebook? I'm interested in this because there is a
nice opening niche to attract all the Facebook emigrants. Do you have a
specific place in mind that you will join, or are you open to join a new
social network startup built by HN members for example?

~~~
iamdave
Well, I was thinking of spending more time with Jerry, George, Elaine and
Kramer, and going back to email and text messaging but if you've got something
planned I'd love to hear about it.

~~~
NathanKP
I'm currently working with another HN member to develop a startup based around
doing things in real life with your real life friends. It is planned to be
exact opposite of Facebook. Whereas Facebook is about playing Farmville, and
other virtual distractions, our startup is aimed at helping you coordinate
real life offline activities and events with your real life friends. Where
Facebook harvests your info and violates your privacy, our startup will allow
you to have complete privacy, and choose which info you want to share with
your friends and which you want to share with the rest of the world.

The code is only about 25% percent done (I'm working on this in my spare time
around college classes and freelance web design work) but I hope to get it
done within about a months time. I'll definitely be posting it here on HN for
you and others to review and join if you desire.

~~~
euroclydon
Two pieces of advice:

1) plan to never monetize via ads, if you don't want to turn evil.

2) plan to gain traction in universities.

~~~
ashish_0x90
I often wonder how well ads work for social networks in general. I don't have
problem with ads like facebook,twitter uses - promoting the apps on their
platform.

Yeah, but if someone intends to monetize using ads, which are out of context
or just plain annoying, probably just to get better CPI, that seems evil
enough for me not to use the website.

~~~
jfornear
Facebook ads are usually creepily relevant because they feed off keywords in
your chat logs and interests.

~~~
X-Istence
Even if they are creepily relevant most users ignore them. I got some ads for
something that was only mentioned in my Facebook chat with another person, not
posted on a wall or anywhere public.

It annoyed me that they were scrapping my Facebook chats for keywords in an
attempt to get me to click on their advertisements.

~~~
jfornear
I've had better results with Facebook Ads than with Google AdWords... but that
could be due to any number of things.

------
natch
The answer is simple. When someone creates a new account, Facebook offers to
find friends that are in their contact list. If the user wants to do this,
they can put in the userid and password of their (say) gmail address. Then
Facebook downloads the contact list from that user's email account. If your
previously-unknown-to-Facebook email address is in the user's contact list,
Facebook now has it. No guessing needed. Note that the "user" I'm talking
about in the above scenario is not you; it is someone else who has one of your
email addresses in their contacts info.

~~~
ubernostrum
Exactly. This isn't a new or even particularly cunning trick, and -- contrary
to lots of comments in this thread -- it won't die off if people leave
Facebook, because it's not something you have any control over. If someone
else has the address, they can give it out, and if it's the only address they
have for you and they're using something which scans an address book or lets
you look up potential contacts by email address, well, that's that.

The only way to avoid this is not to have an email address in the first place.

------
iamdave
Someone in that reddit thread brought up this particular startup that Facebook
acquired in February

[http://techcrunch.com/2010/02/19/octazen-what-the-heck-
did-f...](http://techcrunch.com/2010/02/19/octazen-what-the-heck-did-facebook-
just-buy-exactly-and-why/)

~~~
timcederman
Yep. Octazen make a great scraper at a good price. However, unlike Rapleaf's
product (which goes through their servers and they admit they keep a copy of
everything), you at least get standalone code that keeps the data on your
servers. So I'm not sure they actually gained any new data from Octazen, just
a smart team well-versed in scraping.

------
wallflower
It seems like Facebook is a real-life implementation of the Six Degrees of
Separation. Their graph algorithms must be running on insane hardware.

~~~
studer
You need insane hardware to do a reverse lookup in someone else's address
book?

~~~
tibbon
Somewhat. Many of these graph problems with millions of points do get rather
complex as each one adds to the complexity.

------
ErrantX
On a related note; Facebook seems to use all manner of metrics to suggest
friends. Here's a view I have been able to pin down:

\- common IP addresses (this occurred after about a week of common IP address
between two accounts)

\- constant geolocation commonality (as above, two accounts with no links, two
different IP addresses but geolocated to the same place)

\- having a certain number of groups in common (unsure of this one, but it is
the only link I can make for one suggestion)

~~~
daten
I know facebook tracks how users browse their site and which profiles they
look at, how often and how long (from articles facebook staff were interviewed
in). I wonder if they have starting using that data to recommend friends? If
someone is searching for a particular person frequently enough, or regularly
visiting the public parts of their profile, they probably know each other.

I'm not saying it's appropriate.

------
rosser
Several weeks back, Facebook started suggesting a few people from a mailing
list I've lurked on for years. I've never posted to this list. I get how
they'd suggest people with whom I've been in contact, even indirectly (e.g.,
via a mailing list); I want to know how they're suggesting people with whom
I've never interacted _in any fashion_ , that I happen to know (or at least
know of).

------
a-priori
I once had Facebook suggest a former freelance client as "someone you may
know". I found him over an online job board (Elance, I think), did a job, and
hadn't heard from him in about 6 months. He lives on the other side of the
continent and has no common connections.

How the devil did Facebook know I knew him? To this day I'm creeped out by
that.

~~~
goatforce5
You're in his address book. He let facebook have access to his address book.
He skipped sending you a friend request, but facebook is giving you the option
to do it in reverse.

------
dacort
If you use the iPhone app, it can sync your friend's pictures on Facebook with
the corresponding contact in your address book. How does it do this? By having
you upload all contacts to Facebook including their name, email address and
phone number.

Your privacy is at the whim of those who you choose to communicate with,
online or off.

~~~
wallflower
Note - they are addressing this in iPhone OS 4.0 - but the security on
contacts given to iPhone native apps is non-existent. Any app has full access.

------
varjag
That's nothing! Soon enough, Facebook will be capable to infer one's secret
lovers. A great opportunity to monetize for sure.

------
mr_justin
This can occur when somebody tries to invite their friend but they type the
address wrong. I get lots of emails that were intended for somebody else and
100% of the time it is because they left a character out of the email address.
I've received 2 facebook invites in the last 2 months from people who thought
I was this other person.

------
iamdave
Not my submission mind you, but it would appear that the FB privacy debacles
are extending far beyond the OpenGraph, unless someone actually knows an
answer to this.

This is relevant to my interests because something very similar happened with
one of my throw away emails that's never been used/published.

------
statictype
Didn't Facebook recently acquire some Malaysian company that specializes in
screen-scraping data?

I'm guessing they have put them to good use.

------
cma
From the thread:

"I was trying to figure this out earlier last week. You see, Facebook
recommended six people that I should become friends with, six people who I
have no other friends in common with. Six people I have never worked with. One
guy is a guy I play TF2 with who lives in Alaska, and another guy is a guy I
rented an apartment from. It was the apartment guy that clued me into how
Facebook made those recommendations. It got them from gmail. Which baffled me,
I never authorized Facebook to look at my gmail for friends I might want to
add, not once. Turns out, I wasn't the only person who had their contacts list
scraped by Facebook. I deactivated and started the pending process for account
deletion immediately."

Uggg, sounds like Buzz all over again.

------
mark_l_watson
I think that they use the social graph linking you with your friend's
accounts, and the information they get when your friends give FB access to
their GMail account. Makes sense, right?

~~~
iamdave
Even that bugs me out. It's like in school where you'd do anything to get Cute
Cassie's phone number, including asking her best friend what it was because
you'll be damned if Cassie gave it to your herself, and then running around to
all your buddies telling them you finally got the golden nugget.

------
koenigdavidmj
They do this for Yahoo as well. In addition, they go by IP or session or
something of that nature---someone who created a profile on my laptop found
many of my friends recommended.

------
bentlegen
I've observed the same behaviour in LinkedIn. It recommends connections to me
based on one-time e-mail conversations I've had.

------
jasonlbaptiste
they bought a site/piece of software a few months back that enables all of
this.

------
hackermom
Eerie.

