The Rise of Shadow Profiles?

July 19th, 2013 by Andrea Bennett

Using a social network’s tools for finding your contacts might not be doing your friends any favors.

Brought to you by Liberty Mutual's
The Responsibility Project

When you join a social network, the offer to help find those friends of yours that also use the service seems like such a nice timesaver, doesn’t it?

Well, you may want to think twice the next time you “find friends” online, as Facebook recently revealed that a “bug” had leaked the personal information of six million users, including email address and phone numbers – all using the data that had been supplied by you, the “friend.”

Mashable reported that the Find Friends mobile application was to blame, as the bug accessed information that the service collected. A message on the app describes its function: “Find Friends uploads contacts from your device and stores them on Facebook’s servers where they may be used to help others search for people or to generate friend suggestions for you and others.”

In fact, through the application, Facebook gains access to the email addresses, cell phone numbers, personal websites and other contact information of users’ friends and family members. According to The Daily Caller and other media outlets, the social network then creates what the internet community now calls “shadow profiles.” These profiles contain the facts the user provides, plus compiles things they might not be aware are being collected in one place, such as photos they were tagged in, check-ins, posts mentioning their name, information from Find Friends and other sources.

Reuters reported that the leak began in 2012 and exposed the network’s massive database of personal information collected from 1.1 billion users. Facebook has declared the problem fixed.

But as Slate reported, leaks on a smaller scale happen outside Facebook. Once you’ve inadvertently donated your friends’ and colleagues’ email addresses and phone numbers to a social network’s database, it might “use it to blast everyone from your boss to your mother-in-law with text messages at 6 am, like the fledgling social network Path did to at least one user in April.” Or, Slate adds, more subtle collecting might happen; for instance, the network might cross-check your contacts list against their internal database, adding phone numbers and emails your contacts had chosen not to associate with their account.

Facebook might not even have the most advanced system for figuring out who users might want to connect with, Slate reports. LinkedIn’s People You May Know page, it says, may draw on data from the Gmail plug-in Rapportive, which it bought in 2012 . LinkedIn product lead Brad Mauney told Slate that it takes care not to use people’s information for any purposes other than those specified when they provide it.

Knowing all of this, would you think twice about using the Find Friends feature or similar services on any site, despite its claims? Weigh in.