One of the first screens was that list of suggestions for people to add as friends.
Guess what? Even though they had almost no info on me, from me, the list had almost everyone I knew, even neatly sorted by level of interactions across the time.
I had just activated the "shadow" profile they had on me from everyone else...
When I signed in, the whole suggested friend list included people I knew. Family, old coworkers, ex-girlfriends, people I haven’t spoken to in 10+ years...
The only explanation I can think of is that I had used my phone number to sign up, and they scanned all their users to see who has my phone number stored in their phones.
I got super creeped out and deleted my account. Funnily enough, I had the exact same experience with Twitter last year too.
Simple. Those services ask permission to access the contact list of their user so they can "check if they already have them in their system". And while they're at it, they just keep everything. Permission included so they can store new contacts when you add new ones.
Maybe I shouldn't be surprised, though, because FB stated clearly that you cannot delete your data. I just didn't believe they would keep it for so long. It felt weird.
Edit: Just a fun addition, I also made a fake account to promote Youtube videos against FB's EULA. To get more viewers I thought it might be a good idea to make arbitrary friend requests and must have had a certain tendency to click on attractive women. Curiously, at least half of them accepted immediately. One week later I got spammed with friend request of two kinds:
(a) Asian manufacturing sites offering all kinds of machinery and services. Most of them from China, but also some in other countries.
(b) Women posting half-naked pictures of themselves on FB, apparently doing that for a living.
None of them were my target audience. I guess successful FB marketing is more complicated.
I deleted mine two years ago, but not before downloading my data. I haven't ever gone through it, but now I am interested to see if they included call logs and stuff.
I'm tired of FB (or anyone using similar tactics) hiding behind "but you can delete your account" while employing all manner of dark patterns and scare tactics to mess with people who want to do exactly that.
Maybe it's changed since you did it, but I walked a friend through it recently and it was painfully tedious (not just a bunch of "are you really, really sure"s, but a bunch of dark patterns trying to steer you away from or hide the option altogether).
I'd be surprised if even 1% of people who want to delete their account are successful.
There's a bit of a mixed message here. When you reactivated your account, you wanted to get in touch with old acquaintances. Yet you expressed surprise when your contacts were still there, even though you presumably wanted them to be. Was that a pleasant surprise? Or you were reactivating your account only with the intention of starting from scratch 100%?
When people upload their contacts to Facebook to "find friends by phone or email" Facebook takes the phone numbers and email addresses of people who do not have Facebook accounts and associates them with a shadow profile. If multiple people upload contacts and have this same phone number and email address of a person, they can associate any other data uploaded (obviously name, birthday, address, other social media profile URLs?) with the same shadow profile. When the person creates an account using an email address or phone number tied to the shadow account, they already have a reasonable amount of data on the peson, including every user who has them in their contacts and others on those social graphs so that they probably know what school the user went to and current/past employers.
Is it kind of weird to call a shadow a shadow when it's just connecting the dots from yourself to the ground? What do you mean it's weird to call it a shadow profile? Just because you know how they do it does not make it "in the clear" or something not-shadow-like.
A shadow profile is a profile unknown to the victim and likely unknown to their friends. Facebook creates huge datasets of information about people without those people ever signing up for Facebook or even hearing about it. That's a shadow profile and it's creepy.
I had a moment some time ago when it started suggesting I connect with people that I know from a private listserv I've been on for years.
Except I'm subbed to that listserv with a different email address from the one I use for Facebook, and I have no real-world interactions with these people, or friends in common. It was surreal.
Once I realized that someone on that list probably used Gmail, and shared their Gmail contacts with FB, it made more sense. Different email addresses don't do much when your name isn't very common, and the addresses vary only in domain.
It is creepy, but I can't help but step back and marvel at the technical achievement.
> I use it to coordinate events with a dozen real-life friends.
These two statements are mutually exclusive.
And then we're creeped out that an app that we allow to monitor our lives can know so much about us.
And I love FB, because I know that being online means sharing information. If I wasn't okay with sharing it, why in the world would I put it online with some other party controlling it?
Do you love that they track your movements across the web using phone home beacons on large swaths of the web and third-party apps?
That was only half-serious.
But it's not only use for improvement, but also to manipulate us in ways that may not be in our best interest.
Of course, it's your information. If you are OK with sharing it, it's your right. I say the same about smoking: you hate your lungs? Smoke away! But when tobacco companies lie about the effects of tobacco, and make it seem normal and cool, that's when I get angry.
We shouldn't be ok with our lungs going to shit and with our lives being constantly spied. But we have a right to accept this things, if anyone doesn't agree with me they can do it and I respect them.
I don't respect those who misinform, lie or deceit us to make us OK with it though.
Faking data doesn't work when they have a significant shadow profile with 'votes' from many of your friends. I imagine some of your dozen real life friends have your real email in their contact lists. You giving a fake one might just set a flag that your 'vote' is not to be relied on!
Correlating with a dozen people posting events, activities etc probably reveals rather a lot about time0ut.
"Social Media" is a nasty spy network in candy-coloured wrapping.
If you make a new friend(s) and visit them (before adding them on FB) and use their home wi-fi to access to FB, they will almost instantly appear on the "friend suggestions" list. I experienced this (and heard about from people I know) several times when I used to have a FB account.
Google _does_ know router's MAC addresses, because they mapped BSSIDs when doing streetview mapping.
I remember thinking: they definitely aggregated a lot of sources to get this list.
I am guessing, but it is quite amazing how freakily accurate simple statistics can be.
You will never be bothered since they can only use an email once, and it will nicely throw a wrench into any massive surveillance machine by associating your email with a completely foreign social graph. It's also what the original user probably intended - I mean, he did use your email address, did he not?
You'd be surprised the number of clueless people that have no idea what their email address is. They might have the username@(att|aol|yahoo) and believe now it's @gmail.
It's more ignorance than malice in cases like these. FB, OTOH, is not forcing the email verification because they know that it's a friction and they don't want that.
Someone kept using <myuser>@gmail.com to register for a bunch of different things. Based on the human name attached to a couple of the accounts, I'm fairly sure it was twitter user @<myuser>, which isn't me.
I was able to contact one of the sites and they deleted the account believing I just didn't want it anymore (they didn't seem to comprehend that someone would register with the wrong email), but most of them I just ended up using the "lost password" feature.
> FB, OTOH, is not forcing the email verification because they know that it's a friction and they don't want that.
Here's the most annoying part: Apple iCloud sent me a "please verify your email address" confirmation email, which I never clicked on. But she was able to use the account anyway, with my email address still attached - I kept getting notifications about someone else repeatedly joining/leaving her "family" group.
As fun as the replying to shopping list e-mails is, the auto-responders for signup forms do get quite old after a while. And it is truly amazing how long accounts will last with bad e-mail addresses on them (looking at you, Netflix).
So I gave up. Actually appreciate them for putting that barrier in place. I am happy to not be on Facebook.
This is one of the reasons I created (and don't delete) my FB account. I'm not really adding information to the system, can have a view of what it thinks it knows about me, and can (foolishly) attempt to subvert and game it somehow using disinformation.
I often get friend suggestions for people I know but had, more or less, forgotten about.
Recent example was my sister's sister-in-law who I haven't seen or spoken to for at least 10 years.
But if you absolutely need to use the messenger, I recommend using a Hermit lite application, that hocks into the web version of the messenger and leaks no more info than any other web Facebook session.
You can use Hermit to replace many proprietary bloated apps, and even create pseudo "apps" for sites that don't feature one, like this site, with a nice icon on your desktop.
Not only that, but these apps are often installed by default on android phones and can't be removed by the user without rooting the phone. there is no guarantee Facebook is not scraping data even though the user doesn't have a Facebook account.
I am hoping to get my own data from Facebook and check it against when I switched to Windows as a mobile OS. As it stands, only two built-in apps, People and Messaging, have access to my call history.
Android just looks like a privacy nightmare.
The Facebook app should be pulled from the Play Store until its permissions are reduced, but I doubt Google will do it.
Cue in the «soviet Russia / product sells you» jokes.
You don't need to root the phone to get apps from F-Droid.
EDIT:one thing I noticed which kills a lot of the appeal for me is cookies appear to be maintained between lite apps
Do you really need another "app" for that? Why not just use a browser and save links to your home screen for the sites you want to access directly? As a bonus, you can install plugins like uBlock Origin and Decentraleyes and prevent the browser from leaking data to Google Analytics and 500 other data harvesting centers every time you load your "apps".
Can the Hermit-wrapped web messenger send notifications?
Even if you're super careful with your permission, Facebook can still construct a good profile of you via the people you're communicating with.
Or allowed permissions to be selectively denied. I think that was introduced in Android 6.
It looks like Google's going to try to start forcing apps to comply with targeting requirements to get apps on the Play Store now. But this really is a "too little, too late" situation, IMHO. Billions of users, as Android team likes to brag about, are already compromised.
That's enough for me.
They are more likely collecting this data to use it to convince CMOs to continue plowing money into Facebook ads, even though they’ll never actually use it. The power that comes with being able to control the population through government relationships is a long term strategy to avoid any government sanctions, nationalisation, taxation etc.
Somewhere in their Messenger Android app indicates they might be planning to provide a dialer and support voice calling. It makes the excuse of reading call log more justifiable /s
Since I moved in my current city about 5-6 years ago, there was no connection to my previous city. Yet Facebook managed to understand who one of my cousins was and suggested I added it as friend. SCARY.
You don't have to outrun the bear, just the guy next to you.
Of course they'll collect and save it somewhere as well.
Previous submission that was massively flagged for some reason
Edit: might have been the misleading title
The future sucks
>>> We may share information, including personally identifying information, with our Affiliates (companies that are part of our corporate groups of companies, including but not limited to Facebook) to help provide, understand, and improve our Services.
 https://moves-app.com - background location logger and step counter
>> You know, you're going on about the data that fb has... and yet you've just shared other peoples names all over the internet. (Unless you've changed them, as the font seems different in the photo?)
This is the problem I have with the #deletefacebook thing, deleting facebook and even facebook disappearing all together is not going to make the world more secure, as most people seem to believe. There are many more companies that have data about you, for example did you ever wondered how many websites you use are using jquery from code.jquery.org cdn?
The info shared by OP might not affect any of the parties involved. So does most of the crap facebook "leaked". But what if that info is affecting somebody?
You might be pointing out that laws could be enacted to prevent this from happening. It's a fact that laws cannot keep up with technology.
The solution is to educate yourself about how online works, about what data means and then educate the persons around you about this.
Why do you think this?
I for one am happy as hell that they are including this, and I don't think we should be implying it was a mistake or that it's wrong. If you want them to export all their data about you, they should export all their data about you, and it looks like they are.
I don't think they are exporting all their data about us.
Because the calls were not between that person, they were between two other people, that's kind of personal information that should only have been exported to the parties involved? Privacy and all that good stuff.
I think one of us is misunderstanding the tweet here.
I read it as these calls are between OP and OP's Partner's mother. Meaning OP is a first-party in all of the calls. OP may not have been the source of the data, but OP was involved in the data, so the data was revealed to OP when he exported all of it.
I tried going to facebook > settings > download data, but that's only data that I manually uploaded to facebook.com (posts, messages, photos, etc).
Anyone knows how much info whatsapp is vacuuming up?