1) User requests account deletion. Facebook does not delete it, keeps track of his phone number via shadow profiles. (Mike is still firstname.lastname@example.org, 800-555-1234)
2) User creates a new Proton Mail address. (Fakey@protonmail.com)
3) One of his friends adds that email address to his contact. (Mike, email@example.com, firstname.lastname@example.org, 800-555-1234). This user is on Instagram, Facebook, or has some mobile app that uses their analytics.
4) Facebook makes the association after scraping his friends contact list.
Essentially, his friends betrayed him, likely unintentionally.
No, people are just far worse at separating their “new” identities from their old ones than they think.
You don’t even need a shadow profile tracking previous info to do this. Just infer PYMK via a few friends he adds on the new account.
Facebook can also build a profile based on loads of their logo image using the IP... Including rough geolocation if it is shared.
It's a great theory -- and I can see how this could easily happen to someone - but it was not the case in this scenario. In fact, doing so would completely defeat what I was trying to achieve. The email address I used for Facebook was unique, not used for anything else, and not shared with anyone else. It was completely isolated.
And riverdan points you you didn't seem to clear browser cookies since you last used you old personal FB account?
Spin up a new Windows VPS and create all activity over there and see if FB still connects you?
You might not have put your phone number into facebook, but someone you know put your number in with your full name and the facebook app harvested it. Facebook now has your phone number in your shadow profile.
Everyone less privacy savvy than you will inadvertently permit a corporation to harvest your personal information to profit from.
And what a user creates a fake account without adding his real or current/old friends to it?
I took an ambulance ride. The attendant in the back talked with me during the ride to monitor whether I was remaining lucid. Did not know him, never met him before, never saw him since.
A week later, I was scrolling through LinkedIn recommended connections and saw a face I recognized, but could not place.... until I saw that they worked for the ambulance company that I had ridden with.
Did LinkedIn track both of our locations and figure out that we rode in the same vehicle at the same time? This is absolutely possible. Did LinkedIn use voice prints to confirm that his voice came through my phone and mine through his and therefore we had a conversation? Can do.
Color me freaked out.
Equally they said something that piped the interest of employee to check after.
A day later, I saw that particular employee in my suggestions on both LinkedIn and Facebook
We of course had no mutual connections at all
Start and end points both in the same city limits.
Recently I wanted to have a look at a few ex coworker profiles (who are not my friends on FB). I didn't want to use my personal account because then it suggests me to them (something I wanted to avoid, as I'd not been in touch with them for almost a decade).
1. I created a VM (Ubuntu 18.04 + Firefox + uBlock -> enabled everything in uBlock).
2. Tried to create an Fb account -> asks for phone number. I didn't want to be identified so I could not continue.
3. Tried another way to create a new account -> success.
4. Fb obviously tried to figure out who I am -> was unable to do so at that point -> Forced me to post a picture of myself (and suspended my account until I did and they verified it).
5. Posted a made up picture and got past the first hurdle
6. Fb asked me for a phone number -> Logged out and used another means to log in.
7. Fb locked my account and asked for another picture (did similar in Step 5 once again)
8. Looked up my ex co-workers.
9. Until now, I've not been identified, I looked up a friend's profile (this friend is also my personal friend on Fb). FB immediately identified me and showed up my entire friends list as suggested friends).
10. I immediately tried to delete that profile (took 30+ days and they asked for Govt ID).
I've had multiple fake FB accounts, and FB's fingerprinting and data sharing is insanely crazy - I recently logged out of one my fake accounts on iOS via Safari Incognito (no FB app, Safari is always used as incognito) - it showed my personal phone number in the log in field.
As for searches - I've searched a lot of random stuff totally unrelated to my personal account JUST to throw FB off while acting like a real user (liking, reading, scrolling etc.).
1. don't bother sending texts
2. shadowban you
Azure wouldn't even let me use my actual main number because it happens to be a google voice number and they actively block voip numbers (seems they look up the CLEC info somehow).
1. They should've deleted _all_ relevant cookies (in the browser, as well as in the browsers cookie database)
2. There are many 3rd party companies that sell data packs that derive residential IPs from VPN IPs (we use some at work). A trusted/good VPN is a must
3. They probably came via the same User Agent (didn't mention changing browsers)
IP + Cookie + User Agent = Fingerprint (not a good one, but will work for Facebook's needs)
Are you implying that ProtonVPN is not trusted/good? I'm seriously interested in what you know about this particular VPN provider as this is the one OP mentions he's was using.
link to some of those companies?
If you would like to learn a good VPN using the data yourself, consider using these tools:
This site has a detailed list of all VPN providers and properties of their services.
And this site talks about some of the concerns you may want to have when picking a VPN service.
I use PIA but do your research.
Canvas fingerprinting, extensions, screen resolution and etc.
I read it somewhere that FB is pre-creating profiles for those who haven't even created a FB account yet (Face recognition and etc).
Avoid using it.
I'm not sure if that's taking MAC address of the device or the phone number into consideration or what - but it's definitely a bit creepy
It soon becomes apparent that not a lot of people know as much about thier hardware, and or software as they think they do. Dont forget zuckerburgs roots, hes a black hat 101%
FWIW all you dvoters need to bone up on your skills if you think this, and more is too complex.
Hijacking a button to do something different is a matter of attaching a different event to it - which is exactly what you can do with windows forms for things like "do you want to save?" To access information that's not actually available is a whole other level. Why would you consider those two are equivalent?
edit: To include parent's question and clarify why it's trivial.
It's public knowledge (or even open source code) what browsers expose, and system logs or CPU serial numbers are certainly not part of that.
the breadcrumbs can start here.
your smart kid figure it out youll learn more that way versus being spoon fed.
BTW im sure that posting such code here would be a criminal activity that dang and others would frown upon profusely.
>You should look at what microsoft did to sneak its way into a win10 install, you should also look at what google does to snarf permissions with a button by another name.
the breadcrumbs can start here.
> your smart kid figure it out youll learn more that way versus being spoon fed.
That has zero technical information, just a lot of vague hand-waving. Give me something technical here.
> BTW im sure that posting such code here would be a criminal activity that dang and others would frown upon profusely.
The title of this forum "hackernews" is concerning, there seem to be no hackers here at all. All of the "non trivial" actions here are non trivial to those that know very little about CS in general, or have an extremely antiquated perspective on the nature and extent of system penetration as it stands today. A "normie" is not likely to know anything about lockpicking, but even an apprentice locksmith finds it extremely trivial, its just a matter of perfecting dexterity over a couple of months to be quick and slick about it.
Facebook is one of the biggest threats to national security we have in our back yard, and the lackadaisical attitudes displayed here regarding security, only set that threat in stone and perpetuity.
>Facebook is one of the biggest threats to national security we have in our back yard, and the lackadaisical attitudes displayed here regarding security, only set that threat in stone and perpetuity.
I see meetuu, zucksablackhat, and ohWARisme all posting in succession in the same places - are you all the same user?
edit: Threw in parents post in case of deletion.
Makes me think there’s not going to be an effective technological means of resisting tracking.