NOTE: This post was originally published on May 4, 2018
In light of Facebook’s biggest scandal to date, many people are starting to take privacy more seriously.
Unfortunately, it may be too late for the information Facebook already has. Its data collection of all your online activity, and by extension your life, is infallible and indelible.
To gauge just how much Facebook has on you, you can now download an archive from Facebook to see everything it knows about you.
As helpless as you might feel scrolling through all the stuff it knows, the archive is an excellent starting point for anyone who is curious about what information you give, knowingly and unwittingly, to Facebook and potentially other companies too.
What information does Facebook keep about you?
In short, virtually everything. In a table on its site, Facebook shows you what information it keeps, and where you can find it. Some of it is public, like your vanity URL, and some of it you can only see in the data archive for you. The complete list is here.
1. All your contact info…
Once you download Facebook onto your phone and permit it to see your contact list, it scrapes all the numbers, addresses, and emails from your contact list. Even those who don’t have Facebook have their details harvested because of those who do.
So i also tried downloading my facebook zip file.
I was shocked that facebook has my contact information, my call logs and my text activities. this is a serious breach of data privacy and security.@Salomelugard pic.twitter.com/pRl7bAHVBP— Tonnie Turner⬇️ (@KendrickKE_) March 24, 2018
The list shouldn’t come as so much of a surprise, as you do have to opt in to allow Facebook to access your contact info. Even so, the sheer size of the list as you scroll down is eye-opening—when was the last time you saw the phone numbers of all your friends and family?
2. … and all your calls and messages
In addition to your contact information, you’ll also find every message you’ve written on Messenger.
Every. Single. One.
Click on a name and revisit those old cringey messages from seven years ago (or the newer and probably no less cringey ones) and you’ll realize how Facebook can target ads well enough to convince many people into thinking it eavesdrops on conversations.
You won’t see your deleted messages on here, but as a recent tweet from Max Schrems (a lawyer and privacy activist who has been fighting Facebook on privacy issues since he was a student) shows, it may merely be choosing not to include that in your downloaded archive.
So #Zuckerberg says that they delete data once you delete it.. ? pic.twitter.com/rmIRzPpZsb
— Max Schrems (@maxschrems) April 10, 2018
If you have an Android phone, Facebook keeps all your ingoing and outgoing calls, as well as your SMS messages, as software developer Dylan McKay found out in his downloaded archive.
Downloaded my facebook data as a ZIP file
Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD
— Dylan McKay (@dylanmckaynz) March 21, 2018
3. All uploaded photos, and their metadata
All the photos you’ve ever uploaded onto Facebook are available to view in their separate albums, complete with comments and a trove of metadata.
From this information, Facebook knows what camera you used, what exposure and ISO speed you used, where you took the photo, and from where you uploaded it. From your photos, Facebook knows where you took them, and therefore where you were and, depending on how often you take and upload photos, how long you were there for.
One thing you don’t see are the photos you’ve deleted after users pressured Facebook into removing deleted photos from its servers in 2012. But as we saw from Max Schrem’s tweet, it may well still have them but just chose not to include them in your downloaded archive.
4. All your faces
With every photo uploaded with your face on it, Facebook’s rather ominously named DeepFace technology can identify you with 97.35% accuracy. Deepface performs better than the FBI’s facial recognition technology, which has a still-impressive 85% accuracy.
Can we talk about how weird the "Facial Recognition Data" section of your Facebook data archive is? Like what even is this and how could it ever be useful? (values changed to protect my face) pic.twitter.com/nV6jGRXZdZ
— Maybe: Fred Benenson (@fredbenenson) March 26, 2018
The technology Facebook uses bases its facial recognition on pictures you’re tagged in. According to the research group behind the technology, it employs more than 120 million parameters to determine whose face is whose.
If you live in the European Union, you may find this section missing as an EU data protection law (which is getting an update pretty soon) bans the technology. But incredibly, amidst this data scandal, Facebook has started asking some of its European users to consent to facial recognition technology without giving a clear option to opt out.
Facebook is now explicitly asking European users for consent to facial recognition pic.twitter.com/YErXPGjFPE
— Jennifer Cobbe (@jennifercobbe) April 16, 2018
This is the screen where they ask for consent. No clear option for 'no'
cc @darkpatterns pic.twitter.com/GDlsCImyZj
— Jennifer Cobbe (@jennifercobbe) April 16, 2018
5. All your log-in sessions
Every time you log in, or open Facebook, Facebook records the time, date, IP address, and browser or app you’re using.
From this information, it can determine where you are during the day—from your daily commutes to where you go on holidays. It can pinpoint the exact time and place you log in to Facebook, and, depending on how often you use Facebook, it could map out your whole life.
6. The advertisers who have your contact info
Perhaps the most amusing part of the archive is the ad section, which lists all the advertisers that have your contact information, the ads you clicked on while on the site, and the topics in which Facebook thinks you have the most interest.
Anything you may have liked, shared, or clicked on, either on Facebook or on a website that has Facebook cookies on it, are all used to get a better idea of what ads you would more likely click.
The ads list has led to some rather interesting discoveries:
I downloaded my Facebook history and I have only ever clicked on 2 ads. The topic will shock you. pic.twitter.com/rkCBPY9ofv
— Melanie Wood (@mel_wood) April 12, 2018
Dear Zuck @facebook,
Own @MerriamWebster = belonging to oneself.
I rarely log onto or use @facebook.
When I downloaded my data, I was horrified to see the list of 505 “Advertisers who uploaded my contact list with my info”
And without my consent. That ≠ ownership. pic.twitter.com/d1n4XQ8Efx— Eric Topol (@EricTopol) April 14, 2018
Even the ads themselves are becoming self-aware:
When an ad on #Facebook finally admits to looking through your browsing history 🙃 pic.twitter.com/MWgHJkDoqy
— Lillion Hunt (@LillionHunt) March 10, 2018
Facebook has been able to make its money by providing corporations and state actors a two-billion-strong user group from which to select its target market.
Collecting data from its users is the keystone of Facebook’s business model, and It’s unlikely to stop anytime soon.
It’s not just Facebook that stores your data
Corporations around the world are breathing a small sigh of relief that it’s Facebook and not them that are in the center of this colossal privacy storm. Lest we forget Equifax, which suffered a horrendous data breach that exposed over 150 million customers to identity theft. And let’s not get started on Google (you can download all your data there too if you like).
Facebook also owns WhatsApp and Instagram and, with the introduction of even more apps made to harvest data, it’s clear that Facebook is diversifying the ways it collects user (and non-user) data en masse.
If you’re going to cut the head off this digital hydra and delete your Facebook, expect it to find new ways of getting your data. Stay sharp and check who owns the apps and avoid companies that ask for your personal information. Look for alternatives that don’t bombard you with targeted ads and wean off your reliance on Facebook.
At large, be wary of online services that you use for free. As the saying goes: “If you’re not paying for the product, you are the product.” If you have to use them, disinformation always helps. A different name, birthday, and email address can help shield your online social identity.
Ask yourself: Does this fitness app have to have my real name and email address?
Completely changing your online presence is understandably overwhelming; start small with five things you can do to improve your online security and privacy in minutes, or see how many of our privacy tips you practice (or should maybe start practicing).
How to download your Facebook profile data
Log in to your Facebook account and:
Step 1: Go to General Account Settings and select “Download a copy of your Facebook data” underneath your personal information.
Step 2: Download your information by selecting “Start My Archive.”
Step 3: Verify your account, and Facebook will email you confirming it is preparing your backup.
Once ready Facebook will send you an email (and an FB notification) saying that your download is ready.
Step 4: Click on the link or notification and select “Download Archive.” A zip file should start downloading.
Step 5: Unzip the file to get the complete contents of your Facebook profile in one folder. Select index.htm and your profile “homepage” will come up.
Comments
So, long ago now I deleted my Farcebook account, and don’t remember
logons or other stuff. How can I determine what was saved about me
for eternity?
Facebook and Google have zero respect for the privacy of their users.
Microsoft, not so much. I mean they have all my data but it does not feel creepy. They even publish statistics of how many data requests they turned over to the authorities in a given semester, bifurcated according to geography. Barely in the hundreds which feels comforting. Microsoft has also fought US legal courts on turning over email contents to criminal prosecutors.
Google and Facebook have no such respect for data integrity.
I have boycotted Facebook for a very long time. I still check it sometimes to befriend/unfriend some people.
Thank God for Express VPN. Now these big corporations don’t follow me around like a sniffer dog.