The thing that I find most interesting about this article is the displayed approach towards privacy management. People quoted in this article reveal little about themselves in a dating network, and don't want to give enough information to make it possible to guess their real identity. Facebook destroys this concept by suggesting dating matches as potential facebook friends, making it possible for their dating matches to discover all about them in their public profiles and timeline.
That's a straightforward conflict, but it makes me wonder why people are comfortable with revealing "all [their] information" publicly on facebook, when their dating network behaviour shows they don't want total strangers to know all this? Facebook provides lots of privacy controlls, allowing you to finely tune who sees what. If you don't want strangers to know your last name, or which area you're from, why make it publicly viewable on facebook?
Is the problem with facebook making it not simple enough to hide things from total strangers (i.e. people you have not friended)? Is it a problem with people never bothering to change default settings? Or is it something about the way people use facebook that makes this apparent inconsistency actually completely rational?
I think this is far less mysterious than people suppose.
Hypothesis - if someone on facebook views your profile then facebook is more likely to suggest them as a friend. Increase the probability if the person is a low degree of separation from you.
Obviously people on dating apps are often going to be searching each other out on facebook to see more info.
I guessed this was how facebook did it because I saw an ex of mine once on the street (I don't have the fb app on my phone or anything like that - so I doubt it was using location data). We never spoke - but made eye contact. Later that day she appeared as a friend suggestion for the first time. My guess is that she viewed my profile out of curiosity.
There was someone I was meeting in real life but we had absolutely no FB connections. No mutual friends. And I didn't even know she was on Facebook.
Suddenly I saw her on my 'Suggested friends' list.
The only reasonable explanation is that she found me on Facebook and viewed my profile.
Facebook saved the incident and suggested her to me as a friend.
My theory is that if you use the mobile app it factors in GPS location.
Several times I've been at a particular venue, without "checking in" or even posting. The next day, people I met at the venue would show up in my suggestions list.
I can somewhat confirm that Facebook at least collects this data.
Using rooted android you can make a seperate permission dialog pop up every time an app tries to access certain APIs.
Despite having all GPS related features of Facebook and its messenger disabled, the Facebook Messenger app tries to access my GPS location at seemingly random times.
> Despite having all GPS related features of Facebook and its messenger disabled, the Facebook Messenger app tries to access my GPS location at seemingly random times.
This is troubling, and goes against the Play Store's terms and conditions for app developers. I suppose Facebook gets a pass on it through some unspoken agreement with Google, though.
Presumably it also reads GPS EXIF tags from your recent photos if you have ever granted it photo permission. I know Instagram does this for location tagging photos. Presumably FB and IG share username/account linking for location harvesting, too.
> The only reasonable explanation is that she found me on Facebook and viewed my profile. Facebook saved the incident and suggested her to me as a friend.
This. I had something similar happen a year or two ago; I enrolled in a course at a local university, and about midway through the semester Facebook suggested that I friend the instructor.
I was friends with no one else in the course, had never posted about the course on FB, or anything else that I could think of.
Of particular note was that his had all happened after I had to drop from the course due to health issues.
The instructor imported the contact list for the class at some point, establishing the link from him/her to you. There's no reason to assume it's not a bi-directional link with regards to contact suggestions.
I had it happen it to me as well, but the only link I can see was that I was texting with that person for the first time that day. And then I saved the number as a contact in my phone.
Then I guess WhatsApp picked up that change and sent the data back to the Facebook servers. An hour later, the person showed up under Suggested Friends.
Agreed that they do not forget a damn thing. However, some users have their friends list hidden - so you could be having mutual friends with that person without FB telling you.
Here's my theory on how Facebook can be telling the truth here:
Your Tinder/Grindr matches are people in your local area. Your Facebook social graph contains people in your local area, even ones you don't know, through your local friends. The chances of one or several Tinder matches eventually intersecting with your Facebook graph are significant. When this happens, people interpret it as a deliberate act, not just a coincidence.
If you use Tinder in an area which does not contain any of your friends, and people from that area subsequently show up, and have no connection to any of your friends, that would be a lot more suspicious.
This article doesn't make anything clear - though it attempts to make the suggestion that the different social networks are communicating information about your activities across networks. In reality it seems as tho many of these social networks are actually just using very similar inputs to their people suggestion algorithms (on Facebook to suggest people you might want to be friends with, on dating networks to suggest people you might want to date). Since many of these suggestions are made to you based on your phone number or device location, you are likely to see the same people suggested to you by these different networks even tho they are not sharing data about your activities.
> Facebook goes through your phone book and checks them against other users' phone numbers - you give it permission to do this when you install the app.
> "What Facebook does and what Tinder does is go through your phone book, upload your phone book and does cross-correlation between your numbers and anyone else's number - and suggest people based on that," he explained.
That seems pretty clear. They grab your WHOLE address book, so there is an established link stored in their database(s) between you and every other person stored on your phone. From there, it's just a matter of graph traversal.
This is one of the reasons I decided I would stick with a dumb phone and why the mobile web (or using the web from phone or tablet) is so ripe for abuse.
Most likely this is because someone on the dating profile saw the persons profile, thought it was interesting enough to 'dox' the person.
If people knew how little information is needed to get started they would be either terrified or amazed.
First name + Location + Instagram profile and you are already off to a good start. And maybe there's a picture from some marathon you participated in, and they might have an online list of participants, narrow down to matching first names, then look them up on facebook.
What facebook then sees mimics person A trying to find his new friend person B, which makes it natural to include this person on the other "do you know list"
This is why I want the ability to "sandbox" my apps, so even though they might want to have access to e.g. my telephone numbers, they can't because the sandbox will hide them.
I'm getting tired of how aggressive Facebook is at suggesting new friends.
Facebook sends me phone notifications telling me they've found someone I might know. I get it if it was a new profile and they want the ball rolling, but I have over 900 friends on Facebook already, many I can barely remember where I've met. Why do I need more people I barely know?
What is it that makes Facebook think their app is more engaging if my friend list if full of people I barely know and never interact with?
The Facebook app on iOS isn't listed as having requested access to my contacts. Is this just an Android thing? Or does the app have some way of sneakily getting access?
Exactly. This article basically just talks about how you gave the permission to an app to use your address book and then complains that it's using your address book to identify who you should add as a friend. It's your fault for agreeing to install an app that requests these permissions without understanding why it needs those privileges from your smartphone.
My husband told me that his customers show up as suggested friends on Facebook. We always thought it had something to do with Whatsapp and Facebook. Now I guess it's just because he uses the Facebook app on his work phone. Crazy stuff!
At this point Facebook has enough data and capability to tell you not just who you're dating right now but who you're likely to date in the future, based on preferences and who you're likely to meet. They may not be doing it yet but I'd assume it's at least been considered by them.
That's simply down to proximity. Facebook, like Google, can tell based on your GPS where "home" is (where your phone spends the night, basically) and it knows the same about your neighbors. Your smartphone is a funnel for detailed information about you to whatever apps you install on it, especially social and communication apps.
Google in particular creeped me out with this kind of "feature". A few years ago when I still used an Android phone, I changed jobs but didn't change the information in any of my social media profiles, nor in my contact card on the phone itself. After a few weeks, Google Now started giving me drive times to work at the new work address instead of the old one.
When i bought my android tablet i spent a few nights at my girlfriend's place and google picked it up as my home. Years after that my "home" is still there even though i do not live there. I have found no way to change that manually...
As a side note, the fact that Google and Microsoft want people to use long SSID names to output is rather ridiculous. That really needs to be opt-in not not opt-out for any data collection.
I have an iPhone 6, and I'm seriously considering backing down to a non-smart phone in the future. These days I mostly use it for SMS, voice, and very, very light web browsing (basically HN and a few other news sites, and sometimes my mobile banking site). I don't do apps, and the only really compelling feature of the iPhone is Apple Pay. Now that my credit and debit cards are all smartchip enabled, even that is just a gimmick.
In fact, I'd say the only thing keeping me on a smartphone at all is playing Ingress, and my wife and I both are getting bored with it. Our local groups are also playing less and less.
I'd rightgraded to a feature phone, which often gets left off and/or at home. I recently picked up a WiFi-only tablet. For much use, that's as much connectivity as I need, though the ability to access a very small set of tools while in motion (mostly transit/navigation related) would be useful. There I could get a 4G LTE wireless hotspot, and the price for both devices and services is about right, but, as with the tablet itself, my concern is control. I'm fighting Samsung for who's boss of my tablet (have yet to root/re-ROM it), but for now, I most definately am not, and no, I'm not OK with that.
A hotspot would have to support very extensive /etc/host blocklisting -- I've grown quite fond of my laptop's 60k+ entries, and use of dnsmasq. Actually starting to look at what I'd have to do to build and configure my own device, though I'm not sure that'll happen.
Among other benefits, battery life for both phone and tablet is vastly better than what I'd previously had for smartphone alone. Phone'll last a week, tablet at least all day, heavy use.
The article has lots of words and stupid pictures so here is a summary: if you give someone your number (via any app or medium) and they have the FB app installed, it will recognize it as the number of a user and trigger the friend suggestion.
The best way to handle the advent of this information is to treat your public facebook profile as public information and assume even the creepiest stalkeriest guy on the internet has access to it. Cause they do.
> He says this whole issue is mainly down to your phone number.
> Facebook goes through your phone book ... you give it permission to do this when you install the app.
This is 100% demonstrably false. It literally comes down to advertising/tracking.
Because tinder is ad-supported for the free app, they're sending data directly to advertising networks (of which Facebook is one), and that's being used to track you. Period.
On iPhones an app specifically has to ask for permission to read your contacts beforehand. There's nothing "implicit" about that, you literally have to agree it explicitly.
I really wish the COO at a Security research company wouldn't spew nonsense. And people wonder why the general public is misinformed as to the harm of advertisers/tracking.
I wouldn't be so sure. I noticed for the first time just a few days ago my phone's contacts were showing up on Facebook as suggested friends. These weren't facebook profiles, just a name, phone number and the option to email them. I checked all my settings for facebook and messenger apps and all 'sync contacts' options were disabled and I have never enabled them. I'm on android. So, my guess is they were somehow granted permissions on installing the app and then the options to disable this actually don't do anything. If there was an option upon install to deny access to phone contacts I definitely would have denied it - if they don't provide the option to do this on install, they're being sneaky.
Yeah, I haven't actually used facebook for anything in years, so now I'm deleting my account and I will use a temporary phone for any future situation where I need it.
I will also be going out of my way to spread as much FUD among my less tech savvy friends as I possibly can.
Why don't you just delete the Facebook app from your smartphone? That way, Facebook won't have access to your contact list. Therefore, this should not happen.
I'm a casual Facebook user since like 2008, but I never even considered installing any of the Facebook apps on my phone.
You will still be tied to a unique identifier and tracked all over the web because your browser fingerprint (yes, it's probably unique: test here https://panopticlick.eff.org/) will be reported back for every site affiliated with an advertising network affiliated with Facebook.
I just tried it out. The site acknowledges it tested out ~6M devices so far. It's not that big of a number actually. My browser turned out to be unique even though I'm using a pretty common method (basically just run Chrome on an Android).
I've sent the version of Android (which was falsely detected because I upgraded to a newer version, but I'm still sending the info about the older version, so I'm assuming this is a bug), my Android model (and build) and my timezone. Anyone who bought the same model from my country (and possibly even the surrounding countries) would probably get the same fingerprint (unless he's using a different browser).
Facebook is fighting back. The drag queens didn't like Facebook's "real names" policy. So Facebook is showing that it can infer the connections anyway.
That's a straightforward conflict, but it makes me wonder why people are comfortable with revealing "all [their] information" publicly on facebook, when their dating network behaviour shows they don't want total strangers to know all this? Facebook provides lots of privacy controlls, allowing you to finely tune who sees what. If you don't want strangers to know your last name, or which area you're from, why make it publicly viewable on facebook?
Is the problem with facebook making it not simple enough to hide things from total strangers (i.e. people you have not friended)? Is it a problem with people never bothering to change default settings? Or is it something about the way people use facebook that makes this apparent inconsistency actually completely rational?