If you don’t know what Facebook knows about you, you should – and you will, if you read this article. And then some.
Facebook, Twitter, Pinterest, LinkedIn, Google, Instagram… we commonly refer to these services as “social media”. The premise is that they allow you to easily share info with your friends and family. And what a bargain, they’re all free! Newsflash: they’re not free; you’re paying with your data. Data is the new oil, as they say – a valuable raw resource to be captured, refined, traded and sold. I imagine most of you are well aware that companies like Facebook are using your data to send you advertisements. But they’re also sharing and selling that data to many others, and it’s a lot less clear that those ‘partners’ are doing with it.
As part of the EU’s new General Data Protection Regulation, or GDPR, companies that do business in Europe are coming under strict guidelines for the use and storage of personal data. With the new regulations set to come into force this May, companies like PayPal are producing transparency reports on who they share your data with and for what purpose. Their latest report lists over 600 companies that have access to your data. This list is global and it includes banks, credit reporting companies, fraud prevention companies, and so on. However, it also includes well over 100 companies that are simply marketing partners.
The other issue here is that every place this data is replicated is just one more place where it can be stolen by a hacker, copied by an intelligence agency, or abused by an employee. It’s not hard to find one weak link in a 600-link chain.
Down the Rabbit Hole
It won’t surprise you to know that Facebook knows your status, profile, friends, likes, posts, photos and videos. But it also has your complete history, since the day you created your account. This includes past relationships, previous names, employers and addresses, people you’ve unfriended. If you’ve ever installed the Facebook app on your phone, then Facebook also has access to your phone contacts. All of them – past, present, and future – including whatever other info you stored with those contacts.
But that’s just the scratching the surface. Every time you launch the app or log into the web site, Facebook remembers when and where you were, and what device you used. With this information, over time, it’s not hard to figure out where you live, where you work or go to school, when you go to sleep and wake up, and who you associate with.
People love to post pictures on Facebook, but few people understand that every picture contains metadata. Sure, most of it is camera-related stuff (aperture, lighting, etc), but on smartphones and even some high-end cameras, it also contains your GPS coordinates. (This is how they captured John McAfee.) Add to that the face recognition technology, and Facebook can find you in any picture, no ‘tagging’ necessary. Facebook said that its image recognition models could recognize human faces with 98% accuracy and that it could identify a person in one picture out of 800 million in less than five seconds.
And if that weren’t enough, Facebook’s VPN will track all of your online activity, as well.
You can crank up your Facebook and other social media privacy settings to the max, controlling what you share with the public and Facebook’s “partners”. But you still can’t really prevent Facebook itself from recording this info for their own use.
Transparency: Know What They Know
So…. ready to delete your Facebook account? Yes? Great! Click here!
But if not, then at the very least, you should be fully aware of what info they have. And thankfully, it’s pretty easy. To download a copy of your Facebook data:
- On any Facebook web page, open “Settings” (from the little triangle menu, upper right).
- Click “Download a copy of your Facebook data” at the bottom of the General Settings page.
- Click “Start My Archive”, and then wait for an email notification to download the file.
Depending on how long you’ve been on Facebook and how much you’ve posted, this file could be massive (Gigabytes). It will come as a single ‘zip’ file. You should be able to open it by double-clicking it, which will create a folder. Within that folder will be some other folders and a single file called “index.html” – double click that file.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!