No articles found to show on this page.
Think you’re safe from Facebook’s privacy flaws if you are not a user? Think again.
USA TODAY Video
One of the creepiest things brought to light during Mark Zuckerberg’s testimony on Capitol Hill this week was how Facebook can amass data to construct what are being referred to as “shadow profiles” of you, even if you’ve never opted in or joined the world’s largest social network.
Facebook’s CEO told Congressman Ben Lujan, D-N.M., that he was unfamiliar with shadow profiles as a term but acknowledged that “in general,” Facebook collects information on people who have not signed up for the service, which it does for “security purposes.”
But privacy advocates worry about what happens to that data when it is in Facebook’s control and not yours, or for that matter slips out of the company’s grasp. Facebook may have privacy tools and policies that members of the Facebook community can opt in or out of (assuming they can understand them), but it’s a whole different deal if you’re not on a social network that is getting the skinny on you anyway.
What do they know?
One of the main ways the social network can gather details on someone who hasn’t signed up occurs when someone you know who is on Facebook shares his or her phone contact list with the service, which they’re encouraged to do so that they can more easily find their friends. At the very least Facebook may discover your address, phone number and email this way, and, obviously also knows that you know the friend who revealed the contact list.
Your friends may also tag you in photos and, wittingly or not, spill the beans on other details you might otherwise wish to keep private.
A second way information typically is leaked to Facebook is through the websites you drop in on.
Facebook’s online help center points to the fact that if you’re logged out or don’t have a Facebook account and visit a website with a “Like” button or other social plug-in, your browser may send Facebook “a limited set of info. Because you’re not logged into Facebook, you’ll have fewer cookies (small data files) than someone who’s logged in. Like other sites on the Internet, we receive info about the web page you’re visiting, the date and time and other browser-related info. We record this info to help us improve our products.”
During his testimony, Zuckerberg mentioned another of the reasons for collecting information on Facebook members who have logged out: to prevent the practice of “scraping.” That’s where someone may extract information from user profiles, often through a “reverse search” with a phone number or email address they already have.
Though Facebook said this search feature could be useful in helping you find some people — perhaps a person with a common name shared by many others — the company also acknowledged abuse by “malicious actors” and recently disabled the reverse look-up feature.
More: Apple co-founder Steve Wozniak says he’s left Facebook over data collection
More: After Facebook hearings, users want to know: who is protecting my data?
More: Facebook’s Mark Zuckerberg testifies: 6 things we learned, a bunch we didn’t
Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union, says Facebook may be using the data it collects from people not on the service for reasons it considers totally benign. And it may not use the data at all. But the suggestion is also that Facebook may not be great at protecting your information — a concern amplified by the social network’s disclosure that 87 million Facebook users’ information was improperly shared with political targeting firm Cambridge Analytica.
Facebook’s sheer size and reach across international borders only heightens the potential risk, even for those who have steered clear of the service.
Some websites may also use an analytics tool called the Facebook Pixel, which can track activity when you’re logged off. Facebook explains it this way: “When someone visits your website and takes an action (such as completing a purchase), the Facebook Pixel is triggered and reports this action. This way, you’ll … be able to reach that customer again through future Facebook ads.”
If you’re not a Facebook user, you may still get an ad from Facebook urging you to sign up for the service.
Facebook also makes available tools to businesses to monitor offline transactions in physical stores or elsewhere.
Using a technical Web tool, Gillmor recently performed a five-minute browsing test by visiting various sites — but not Facebook. He discovered that data subsequently sent to Facebook included information about which news articles he read during this browsing session, his dietary preferences and his hobbies.
Of course, the ability to trace your browsing behavior across the Internet is not unique to Facebook.
What can you do?
So what steps can you take to protect what may be left of your privacy? It may be impractical (if not downright impossible) to notify each of your friends and acquaintances to avoid sharing their contact lists with Facebook, but spread the word to them anyway. And warn them to be careful about sharing information that involves other people.
Heed the advice yourself if you are on Facebook. Respect the privacy of friends even if you’re less concerned about your own. Do you really have to tag their picture?
“It’s a collective action problem in the same way that pollution is a collective action problem,” Gillmor says. “There is some kind of weakest link failures here.”
He also recommends choosing tools that minimize the leakage: the more privacy-oriented Tor Web browser, for example, or by installing thirty party plug-ins such as RequestPolicy Contributed or uMatrix that promise to bolster privacy on the Firefox or Chrome browsers.
Unfortunately, these aren’t very friendly solutions for the vast majority of non-technical users. And even understanding how Facebook tracks non-users gets very complicated, very quickly.
“The tracking of users (and non-users) by Facebook is extremely complex, (and) there is still a lot that is not known,” says Marc Rotenberg, president of the Electronic Privacy Information Center.
Facebook insists it doesn’t share your personal identity with advertisers and plans to further clarify and elaborate on the ways it uses data.
In the meantime, during her own interrogation of Zuckerberg this week, Rep. Kathy Castor, D-Fla., says the government should act because “current laws have not evolved, and Congress has not adopted laws to address digital surveillance.”
Rotenberg agrees: “Concerns about privacy are not the reason to not use Facebook. It should be the reason to fix Facebook.”
Email: firstname.lastname@example.org; Follow USA TODAY Personal Tech Columnist @edbaig on Twitter