About Us | Contact Us
View Cart

The Rise of “Shadow Data”

By Vigilize | Monday, October 8, 2018 - Leave a Comment

Even if you haven’t ever used Facebook, your friends and family may have already let them build a profile on you…


An article review.


For this week’s review we had initially planned on using this interesting piece from Brian Krebs, about the dangers of resold personal information ending up in the cloud (and the dark web groups that buy and sell it). However, while we were reading more on the subject we stumbled upon a related article concerning Facebook, and couldn’t pass up the opportunity to talk about it.

Admittedly, the subject of Facebook and its data mining operations is nothing new. In fact, it’s so well known some of our own employees have left the social networking site entirely, and perhaps some of you have as well. For those that have, it may surprise you to learn that not being on Facebook isn’t enough to keep you out of their advertisers’ clutches: you may have already been sold out by your friends or family.

The practice involves “shadow profiles,” which consist of data that is not readily accessible by the user (or non-user). For example, you may not have any phone numbers listed in your profile, but if a friend or relative shares their contacts with the Facebook app and your name and number is on their list, it is added to your shadow profile. You wouldn’t be able to see this data or have it removed, because it’s not part of your profile–it’s part of the other person’s data, technically.

Naturally, Facebook had denied that such “shadow data” could be used to target advertising…that is, until a reporter for Gizmodo proved that the organization was indeed doing just that, targeting a Northwestern University professor whose own office number wasn’t ever associated with his profile. The number was, however, in the reporter’s contacts when they shared them with the Facebook app, and was promptly accessible through the company’s “custom audiences” advertisement targeting feature.

Unfortunately, there isn’t much that can be done at this time regarding this data, though some have questioned whether this could create trouble for Facebook in European Union nations that are covered by the GDPR. For the rest of us, all that can be done at present is to be aware of this practice…and perhaps try to persuade our contacts to be sparing with their sharing.


Original article by Steven Melendez writing for Fast Company.


same_strip_012513


 

Latest News
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Millions of phishing emails will get through automated defenses this year, are your employees ready? An article review. With cybersecurity threats such as cryptocurrency miners and ransomware seeming to dominate the news, it can be easy to forget about older threats such as phishing…but a recent report from cybersecurity firm Tessian reminds us that criminals […]
    The FFIEC’s latest guidance: The Architecture, Infrastructure, and Operations, has brought many changes to exactly how a small financial institution may look at their Technology Planning for 2022. Included in that will be the opportunity to write your first Architecture Plan and we intend to show you what may be involved in that! Have any […]
    While we’re not a news service, we often use current events to comment on trends and our services. This blog is intended to get people thinking about topics and trends in Technology Risk Management, through our article reviews, as well as through original blog articles about current events and our MSSP services (such as our […]
    Following the contribution, Have I Been Pwned will host more than 800 million compromised credentials… An article review. Have any of your login credentials been revealed in a breach?  If you’re unsure about that, Have I Been Pwned (HIBP) can help you out by letting you check against over 600 million compromised credentials…and with the […]
    infotex and Log4j We are keeping our Clients’ safety in mind. To all infotex managed security service Clients: On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Trending: Awareness Posters went “Back to Basics” Here are the top seven posters as of the last twelve months! As always, our Awareness Posters were a hit in 2021! So we decided to run some reports to see what our most popular posters were since November 2020. As everybody loves top ten lists and contests, […]
    Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.