Shared publicly  - 
 
This is really, really creepy. Facebook is redefining online stalking again.

So MSN is shutting down, and since I don't like Skype for chatting, I thought Facebook chat might be a good replacement. Skype does not offer XMPP or any other way to interface with their network, so clients like Pidgin are not going to support it. In fact, Microsoft is actively preventing third-party clients from interfacing with Skype, whereas with MSN they mostly left them be and sometimes even helped out.

Facebook is taking another approach. There is a Facebook plugin for Pidgin, and even an XMPP interface to the Facebook chat network. Since just about everyone has Facebook (at least everyone that's not on Google+), it would be a great solution to remain in touch with everyone.

I don't trust Facebook much, but I trust them just enough not to publish all my chat messages. Since that's just what I plan using it for, it should be okay.

Yesterday I signed up for Facebook. I spent twenty minutes configuring privacy settings, added one friend as sort of a "beta" member to try things out. See what he could see on my profile (such as my friends list) and what not.

Facebook immediately started recommending people from his friends list, none of whom I knew. All just fine.

Then I wanted to setup Facebook chat in Pidgin. Apparently this required having a username, and a username required verifying my account. The only way to do this is by text message, so I reluctantly entered my phone number. It's prepaid, unregistered, and I never publicly posted it anywhere, so I figured it was fine.

I change my password, change it back, and now chat works. Apparently that was needed.

A day passes.

Today I open Facebook to see that the friend accepted my friend request. Next thing I see are "people I might know". These are, in order:
- My two cousins
- A friend
- An acquaintance
- My grandmother
And the list goes on.

I scroll down, stunned.

A couple hours browsing while being signed in to Facebook, is that it? It can't have been my e-mail address this time, not everyone has it in their contacts list on Hotmail (like always, Facebook offered to find friends by signing in to Hotmail, which I rejected, but others still might have done this), nor is everyone who has me in their contacts on the "you might know" list. It doesn't make sense

The personal details that I shared with Facebook were:
- The same profile picture as I use here and for my MSN profile
- My first name
- That I'm male
- My phone number
- A link to my Google+ profile
- My IP address that has been the same for years

With these details, it's impossible to put the list of "you might know" people together as it is. I've read through the entire list, but it just doesn't add up. Facebook probably used multiple pieces of information, but then there are some people I'm missing. What about my other two cousins? They have my phone number and my e-mail address. And Facebook uses both, because:
- The only way to know that I know my grandmother is by e-mail address*.
- The only way to know that I know this acquaintance is by phone number.

* And even finding people I know by e-mail address is a stretch. The email address that I used on Facebook ended in @lucb1e.com, and my MSN address started with lucb1e@.... Facebook must have searched the database of all MSN contacts from all users, and matched the second-level-domain (lucb1e) with the user part of their email address database. The only alternative is scraping my Google+ profile from the link and parsing "lucb1e hotmail (dotcom)" to the actual address. Looks extremely easy, but a computer wouldn't figure this out unless someone spent hours adding parsing rules for addresses. I thought my format was fairly unique.

So the two remaining cousins double-match, but they don't show up. It seems unlikely that they both chose not to let Facebook look for friends in their contact list, and both didn't allow Facebook to read their address book on their phone. They both have a smartphone. In fact, there are lots of people I'm missing that could have been matched in various ways. What information did it use that I don't know of? Does it randomly leave people out of the  "you may know"-list just to obscure its methods or make it seem less creepy?

I'm really creeped out. Should I close the Facebook account again? Where did it get this information? Is it even legal to trick millions into violating Dutch privacy laws, which prohibit people from sharing personally identifiable information such as my phone number or email address? How do I get my information removed? What does this mean for other websites, could they also know everything already?
33
15
Will Hill's profile photoMichael Gebis's profile photoPaulo Neves's profile photoJason Becker's profile photo
29 comments
Patrick S
+
1
1
2
1
 
If you install Facebook on your mobile it looks through your contacts. They save the numbers you have and from there they can see who knows who. Once they have that, they can probably make links as to who you might also know. e.g: a cousin and a friend have your number, and they're friends with another friend who knows them both- it's probably a good assumption that you know your cousin and your friends friend.

I've always thought it was creepy how they can work these things out, but damn it's cool!
 
+Patrick Socha Yes, but then there are lots of people I'm missing. Do you think they randomly make people not show up in the "you may know" list?
 
They could also just be closing triads (quads?). If two people know each other and one of them knows you, they will recommend the other person to you because it's likely you know them.

Having the one friend (combined with a little information about you) is enough to use their connections to predict where you might sit in their network. Finding out who you may know is pretty much Facebook's core competency/model, and it doesn't work much different than some of the techniques Google use to figure out a webpage is related to other pages or ideas.
 
I'm a little confused by some of the details--did anyone on the list have a "hard" connection to you?  In other words, did your cousins (or anyone else) have your actual email or phone# in their contact list?

I think facebook suggests potential friends based on mutual friendships while searching its "social graph".  So if you had links to Bob Jansen and Joe Jansen (since you are in their contact list), facebook asks "who else knows Bob & Joe?"  If your grandmother is one of those people, she might randomly be shown.

I get false positives on the "you may know" list all the time, simply by having a lot of mutual friends.

Also: Did your initial facebook friend "rat" you out?  Every so often, after friending someone new I get a "George Smith is new on facebook.  Suggest some friends for him." thingy.  Maybe your friend did this, thinking it was a service for you?
 
"My phone number"

Bam. There you go. Facebook sucks down address books from smartphones when you install it, so they can do correlative analysis like this on social graphs. Someone has your phone number in their address book, and this is used to take a guess at your social graph connections.
 
Facebook also recommends people whose Facebook profile you have (ever) visited (did you delete your facebook cookie before creating the account? did anyone else use your computer to log into facebook?) and people who have previously taken an interest in you. Perhaps your grandmother and some other family member has entered your name into Facebook once? Being connected to 2 family members is enough reason for Facebook to go on and recommend your whole family.
 
+Jason Becker The friend I added is unrelated to pretty much everyone that I recognize on the list, he can't have been a key. But yes, combining a few pieces of information with an already existing social graph seems the only way to conjure up the connections like this.

+Michael Gebis I think the only hard link would be my phone number. The two cousins that Facebook recommended have it, but my two other cousins also have and don't show up. And my grandmother is from my mother's side, while the cousins that it found were from my father's side, so they don't have each other on Facebook I guess.

The initial friend can't have ratted me out, he doesn't even know my cousins. I didn't know Facebook did this though, good to know.

+Chris Heald Yeah, it seems like the key identifying information here. I still don't understand why some people do and others don't show up. Would they randomly hide people?

+Tinco Andringa My Facebook name is a fake. As I mentioned, only the first name matches, so it can't have been from earlier searches for my name. Interesting idea though!
I hardly ever browse Facebook to keep them from gathering as much as possible. I don't think I ever looked at all these people's profiles, and if I ever did I might have done it in incognito mode. This is no certainty, but I'm certain that not even a small percentage could be matched this way.
 
I'm sure it's more complex than a simple "phone number in contact book, must be a match". It's likely a sum of several weights from others' graphs with pointers to you. So, your cousins might have your phone number in their phones, and they might be connected to each other on Facebook, resulting in the recommendation, since there is a strengthened correlation.
 
Yes, you should close the Facebook account. Then clear your cookies, or at least facebook-related ones. But your browser will just send Facebook cookies any time you visit a page that has a "Like" button on it, anywhere on the web. (You don't even have to click the button, just loading the button from Facebook's servers is enough to send them the tracking cookie.) You should install ghostery or ShareMeNot to stop that.
 
"I'm really creeped out." You should be in no way surprised. The only reason Facebook is "creepy" is because you know a little bit about what they know. There are certainly many more systems out there that know a lot more about you and you don't get to know what they know.
 
+Sean Palmer I've done that for a while, blocked everything with ghostery and similar extensions, but it would also block functionality here and there. And I wonder how much it really helps.

+Dean Putney That's indeed one of my concerns :(
 
I also use Chrome's "incognito" feature to access Facebook. This separates my non-Facebook browsing from the Facebook session (and cookies).
 
That's pretty creepy.  I don't know how the Facebook smartphone app works, but I'd be concerned if it's scraping all of the user's contacts' email addresses and phone numbers.  Could it scrape your call history - ie. numbers dialled and numbers you've received calls from?  What about email addresses from all of your emails?

If it does these things then there's not much you can do about it.  All it would take is for a couple of people you know to be silly enough to use the FB smartphone app.  That would be enough for FB to build up a pretty comprehensive list of phone numbers and email addresses (including yours) and connections between them all.

I usually advise people that if they must use FB (and other sites) on their phone, just do it through the browser.  Don't install the app!

Imagine, if FB knows all the phone numbers I've dialled or received calls from, it will probably suggest the girl I'm having an affair with as a friend to my GF!  Or, my little sister has never met my 'shady acquaintance', but they've both phoned me or I'm in their contacts, so now FB suggests them as friends to each other.
 
I would assume they don't show you a comprehensive list of everyone they have linked to you, to lessen the creep factor.  I bet they would dribble it out over time.  So don't reason too much from the two cousins who didn't show up.  (Not a facebook user, no personal experience with this, just my WAG.)
 
the network effect of facebook is really scary.

my gf signed up for fb few years ago, and at the very start the website already offered her some suggestions for contacts - and significant amount of them were people she knew.

How is that possible - i have no clue, my guess is those people used to look for her account when she didn't have one, or they imported their gmail data or some other info from other services.

I suppose things like that happen when data from various sources is aggregated in one service. You do not see the connections, but the system does.
 
Im pretty sure facebook analyzes social structures to predict who is in yours. You dont have to provide information you freinds and family do. It might not be sure of those other two cusins becuase people never tagged thier relationship to them and so facebook left them out untill you confirm more of you social structure. Facebook did build that list off of one freind and an limited contacts list so it doesn't quite have youre social structure pegged down. Hell ask HB Gary about how effective automated systems like this are.... not very, but enough to hit scary close to home, given enough data, even if you guard your privacy well. Not to mention the public records they probobly troll. Unfortunately in the current age of big data protecting your data is not just up to you alone. Although I forsee a future where we declair that we have mapped the interactions of the entire world (much like we do now with DNA), I think it will tell us much less then we think (again like DNA).
 
Facebook is scary. Online stalking is really scary. Esp if it's done by big corporations. I don't know what kind of personal information that they have collected about me on the Internet.
 
Hmmm, good thing I havent used the mobile app then. All facebook keeps suggesting is people I don't know.

All I have facebook for is to make sure if someone searches for me they find ME, not some random person that might have strange hobbies or whatever.

I'm going to upload a picture to my facebook so people will recognise me and then never use it. The second I get e-mails from them that indicate they know more about me than I'd like I'll close the account.
 
+Yitzchak Scott-Thoennes Yeah, I guess I'll wait and see. Google+ meanwhile hasn't come up with anyone useful in their recommendations, lol.

+Yofan Pratama P Indeed, I'd like to know who knows what about us. But that information is worth money, and they can only really continue if they keep it secret, so we'll probably never know...
H Skye
 
I was going to share this post but it's not my original content so I guess the 25 people who saw it are plenty.
 
Facebook recommended people I knew immediately after I signed up. I didn't have them search my contacts. I assume these were people who searched for me before I had an account.
 
When I signed up for Facebook (just out of curiosity; I don't actively use it), it immediately found my brother's son as a potential friend for me, but it overlooked his daughter. Which I've always found pretty mysterious.
It also found a few of my colleagues, but some of my closest colleagues were missing.
I really cannot make heads or tails of how Facebook identifies (and fails to identify) acquaintances. I'm not interested enough in Facebook to care, either. The only function of my Facebook account is probably to ensure that anyone who might be looking for me will really find me, not anyone else. Not that my profile will tell them anything all too interesting about me, though.
By the way: My profile "photo" (both here and on Facebook) these days is a drawing that my brother's daughter made of me. She was only 12 at the time, but she did a remarkably good job at it.
 
+Cindy Walker However, if the email address you used when joining FB was in their contacts, which they allowed FB to import, then FB knew about their connection to you before you even joined FB.  This is one reason to use a unique email address that no-one else knows when joining FB.
 
Facebook used to email me invitations to join that were even creepier.  They knew family members, school classmates and others.  

There are many ways this information can be abused and even worse ways to abuse you if you trust Facebook as a messenger.  Facebook distorts your world by not transmitting messages you want them to and sending messages in your name that you did not ask for. 
 
OK, I've been wondering the same thing. I joined FB under an unused secondary email, with a prepaid phone that was from 2005. It was an old flip phone that was dumb in every possible way. Here's the kicker. FB is always suggestions people I may know, some I do, some I don't. But FB doesn't have my real name either, I used a fake name and secondary email. I have a total of 7 friends, these are people who live in other states/countries, who I've known for years. I hate social media, that's why all my personal info is fake. So oddly enough, FB consistently suggests people I may know who are people who I've met once or twice. Their friends of friends. Funny thing is, their not friends with the people I'm friends with on FB. These are friends I rarely see or talk to, but 2 years ago we hung out and I end up meeting one of their obscure friends.
Somehow FB knows I met them... how?
1- I didn't have a smart phone when I started FB.
2- I don't have any of my friends or their obscure friends numbers in my new phone.
3- The email I used was a secondary that no friends have at all.
4- I did have some of these obscure friends #'s in my old phone, as well as a few of the people I met through them.
5- Not a single one of these peoples #'s have been imputed on my new smartphone, I haven't even talked to a single one since purchasing the new phone.
6- The existing 7 friends I have on FB, are not friends with any of these obscure friends or the people I met through them.

The only link is my old, flip phone from 2006 which I never connected to the web or saved contact info on third party applications. Even then, some of the obscure friends #'s were never imputed. I don't use Twitter, MySpace, started FB less than a year ago. Did FB somehow access my contact list on the old prepaid phone that didn't even have my real name? Especially when I never ask FB to link any contacts. Not to mention, how would they access it? I'm at a loss for words. Just realizing now that I need to delete my fake FB account because it's getting to close to home when the home was fake all along.
 
Does FB have the number of your old flip-phone?  If your FB acct has fake details about you but includes that phone number then FB knows you're connected to those other ppl because THEY told FB all about you (because THEY gave FB access to their phone's address book, call records etc. etc.).

Let's say it's 2005 and you phone a friend of a friend (Joe) for whatever reason.  Joe's the sort of guy who adds each call record to his phone's address book.  He knows your real name, so he saves the call record under your real name.  Now Joe's phone contains a record connecting your real name to your old flip-phone number.  Joe upgrades his phone a few times and each time he imports his old address book.  Maybe you never spoke to Joe again, but he just happens to be the sort of guy who saves addresses for a rainy day.

In 2010, Joe buys an Android smartphone, imports the address book again from his previous phone and then installs the FB app.  The FB app now has access to Joe's address book and call records (for the past decade).  FB now knows your real name and knows it is connected with your old 2005 flip-phone number (and you haven't even joined FB yet).

In 2011, you sign up to FB and give FB your old flip-phone number but everything else you give FB is fake.  Too bad, because FB already knows your real name because it already knows it is connected to your old flip-phone's number from 2005.  FB knows this because Joe told FB your real name and phone number.

You have no control over this because all of your friends and even distant acquaintances are tellilng FB everything they know about you.  Maybe Joe included your main email address in his address book record about you.  So, FB already knows what your main email address is regardless of the fact you signed up with an address you haven't used elsewhere.

FB only needs one piece of info about you that someone else knows.  Maybe it's your old flip-phone number, maybe it's an email address that you only ever shared with an old girlfriend.

So, if your FB acct has that old flip-phone no. connected with it, FB is going to suggest Joe and all of his friends to you as friends.  You probably will know some of them because you and Joe actually were connected in some way.  And Joe was just some friend of a friend....
 
After some thought, I have to conclude that Microsoft simply read your email and chats.  Microsoft has data "sharing" agreements with Facebook and is an infamously dishonest company.  Facebook got in some hot water in Germany for keeping "shadow profiles" on people who were not part of the network and had not signed any agreements.  It would not be surprising they don't offer you everyone at once, that would reveal what creepy stalkers they are.  
 
+Will Hill They had the same subcontractor in 2011 doing some prototyping on that matter.
 
+Will Hill Could have told you that. I remember multiple stories that prove it, one in particular: Someone working at an anti-virus company had a virus (.exe) on Skydrive in a private folder that was visible to only himself. After a few weeks Microsoft blocked his entire Live account.

Also their privacy policy, or something, states that they have the right to read your data. Probably under some circumstances which can always be met--and even if they don't meet those circumstances, what tells us they don't read our data?