Skip to content Skip to sidebar Skip to footer

Facebook ‘Shadow’ profiles, read before Facebook creeps up on you

How would you react if your private email addresses and phone numbers were suddenly made available to the public? Just as most journalists were preparing to head home for the weekend, this very situation happened to 6 million Facebook users.

So why are we using this term “Facebook shadow profiles”?  You may have seen the term pop up on a few tech news sites, and if we are correcting in assuming so, it may have given you the feeling it’s an evil privacy violation. You may be right, let us explain.


Although Facebook tried to downplay the significance of the bug, reporters working on the weekend discovered that many of the users whose email addresses and phone numbers were exposed had not knowingly shared that personal information with Facebook.

This is where the evil “privacy violation” conspiracy comes into play. How could Facebook possibly have collected our private email addresses or mobile numbers without us knowing? Simple, their contact information had been collected on the sly, stored in Facebook’s secret vault, where it stores data on you that you never knew about. That information comprises what’s known as your “shadow profile.”Now you are asking, “Do I have a Shadow Profile”? The answer is yes, everyone who has registered for a Facebook account will have a Shadow Profile.

Despite the settings you placed on your Facebook profile, and certain data you withheld for privacy reasons, Facebook still knew the obvious details about you like: your name, your interests, your relationship status, how many times you’ve liked your friend’s posts, etc. But at the same time, Facebook has been able to sneakily collect other data about you, but how?

Facebook shadow profiles image by Think Big Online

Before you go jumping to conclusions, it is not Zuckerberg calling upon his sorcery skills, in fact you can thank anyone of your friends who allowed Facebook to scan their mobile phone contacts through the “Find Friends” feature. That’s right, your friends and even friends of friends.

When someone uses this feature, Facebook downloads the phone’s entire contact book to its servers which mostly includes emails and phone numbers. While Facebook is downloading your contact list, it is also cleverly drawing links to your friends and likewise, thus how the “people you may know” feature operates.

However how angry can we be when the Facebook’s mobile app even provides the clear message: “Find Friends uploads contacts from your device and stores them on Facebook’s servers where they may be used to help others search for people or to generate friend suggestions for you and others.” You got us there Facebook; can we be blamed for not reading this message? You decide.

We have to ask the question, what about the people in my contact list who don’t have Facebook? Does Facebook now have information about my mum or even grandfather? Although Facebook would be able to learn a whole lot of information about people who don’t even have Facebook accounts, the company has asserted it does not collect information on people who don’t actually use Facebook.

Surely this can’t be legal? Unfortunately in the United States, Facebook mentioned collecting phone contacts in the Terms of Service that all users must agree to before using the site, so unless the company is collecting additional undisclosed information, users have already given consent.

Luckily for Europe they have advocate Max Schrems, founder of the activist group Europe v. Facebook. He drew upon Europe’s stronger data protection laws and filed a complaint to the Ireland headquarters, in hand he cited seven different instances where shadow profiles potentially violate the country’s Data Protection Act (check it out here). Schrems states that the profiles accumulated “excessive amounts of information about data subjects without notice or consent by the data subject. In many cases these information might be embarrassing or intimidating for the data subject.”

We wonder, how long have we been unknowingly been giving our private information away? Facebook openly said that its user data has been leaking for over a year! It’s been cataloged at least once since August 2011, when Schrems filed his complaint against the company. However Facebook has had an iPhone app since August 2007, and the “Find Friends” feature launched on iPhone and Android in April 2011, so possibly for over five years!

No one go deactivating their accounts just yet, however in light of the recent revelations regarding the National Security Agency’s intrusive spying campaign, PRISM, Facebook was one of nine companies the NSA made deals with to exchange information about users. Facebook is yet to confirm that it hosts “shadow profiles,” and it is not certain the information from shadow profiles has been passed along to the NSA, but it’s certainly possible.

So, you might want to start sending around thank you notes, how else could have a prying government agency have been able to have gotten you information if it was not for your considerate friends sharing your info.


Tell us what you think; do you believe your personal information has been violated? Send us a comment or tweet on your opinion.