The Latest in IT Security

Shadow Profiles: Does Facebook Create Them?


facebook_logo_darkThe group Europe v. Facebook seems to have opened a floodgate of disturbing revelations against Facebook, one of them being the possibility that Facebook creates ‘Shadow Profiles’ for all its members, and even those who have yet to register themselves. This allegation is one of the 22 complaints that the group filed against Facebook and submitted to Ireland‘s Data Protection Commissioner, and it’s a very heavy accusation filled with dangerous implications.

According to the group, Facebook is collecting data about its members and building a comprehensive ‘shadow profile’ for each of them. The group accuses Facebook of collecting information that goes beyond the usual demographic data. Aside from names, phone numbers, e-mail addresses, and occupations, Facebook is also said to collect more sensitive information such as religious beliefs, political affiliation, and even sexual orientation.

Facebook also allegedly gathers information about non-users by encouraging existing users to send invitations or provide personal data on behalf of those people. This is done through services such as synchronizing mobile phones, importing e-mail address books, and also by saving a user’s search queries.

Max Schrems, leader of the group Europe v. Facebook, said that the proof lies on the ‘friend suggestions’ that users receive or the invitations that non-users receive which encourage them to join by showing them pictures of people that they actually know.

He also mentioned that all of this is “done in the background without notice to the data subject”. Schrems alleges that Facebook is collecting an excessive amount of data without consent.

However, when Facebook was confronted with the allegation, the company flat out denied it. Andrew Noyes, Facebook’s manager of public policy, said that such a practice is common among most of the services that involve the use of invitations and that the idea of Facebook creating these “Shadow Profiles” is just plain wrong. In fact, Facebook gives people more control over their data by allowing them to delete their own email address from the service.

Noyes also addressed the issue of deleted messages which aren’t completely deleted. According to him, a user may only delete a message from his own inbox; it’s impossible to delete the message from the other party’s inbox unless that person deletes the message himself. That’s just the way every messaging service works.

According to him, the services offered by Facebook are “consistent with people’s expectations” and the company “looks forward to making these and other clarifications to the Irish DPA”.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments