The Rise of “Shadow Data”

Even if you haven’t ever used Facebook, your friends and family may have already let them build a profile on you…

An article review.

For this week’s review we had initially planned on using this interesting piece from Brian Krebs, about the dangers of resold personal information ending up in the cloud (and the dark web groups that buy and sell it). However, while we were reading more on the subject we stumbled upon a related article concerning Facebook, and couldn’t pass up the opportunity to talk about it.

Admittedly, the subject of Facebook and its data mining operations is nothing new. In fact, it’s so well known some of our own employees have left the social networking site entirely, and perhaps some of you have as well. For those that have, it may surprise you to learn that not being on Facebook isn’t enough to keep you out of their advertisers’ clutches: you may have already been sold out by your friends or family.

The practice involves “shadow profiles,” which consist of data that is not readily accessible by the user (or non-user). For example, you may not have any phone numbers listed in your profile, but if a friend or relative shares their contacts with the Facebook app and your name and number is on their list, it is added to your shadow profile. You wouldn’t be able to see this data or have it removed, because it’s not part of your profile–it’s part of the other person’s data, technically.

Naturally, Facebook had denied that such “shadow data” could be used to target advertising…that is, until a reporter for Gizmodo proved that the organization was indeed doing just that, targeting a Northwestern University professor whose own office number wasn’t ever associated with his profile. The number was, however, in the reporter’s contacts when they shared them with the Facebook app, and was promptly accessible through the company’s “custom audiences” advertisement targeting feature.

Unfortunately, there isn’t much that can be done at this time regarding this data, though some have questioned whether this could create trouble for Facebook in European Union nations that are covered by the GDPR. For the rest of us, all that can be done at present is to be aware of this practice…and perhaps try to persuade our contacts to be sparing with their sharing.

Original article by Steven Melendez writing for Fast Company.

same_strip_012513

 

Related Posts

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...
READ MORE

“Phone Phishing” – Awareness Poster (Re-release)

Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers!Check out posters.infotex.com for...
READ MORE

“Strong Password Tips” – Awareness Poster

Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers!Check out posters.infotex.com for...
READ MORE

infotex

MANAGING TECHNOLOGY RISK

Linkedin-in Facebook-f Youtube Twitter

SERVICES

EDUCATION

COMPANY

CONTACT

SIGN UP FOR OUR BLOG

As part of infotex‘s service to our clients, find “non-mainstream” articles about relevant security issues.

Facebook Youtube Twitter