Facebook Shadow Profiles: A Profile of You That You Never Created

Image for post
Image for post

This post was originally published in 2015 by Laura Gowans, SpiderOak’s COO. Facebook continues this practice today.


A shadow profile is a collection of data that Facebook has collected about you that you didn’t provide yourself. In other words, let’s say you’re a cautious social media user, and you limit what information you put online. While you may not have listed your cell phone number, if one of your connections used the “Find My Friends” feature and allowed Facebook to scan their contacts, Facebook collected all the other information about you associated with that contact.

Even if you never provided them, Facebook very likely has your alternate email addresses, your phone numbers, and your home address — all helpfully supplied by friends who are trying to find you and connect.


The answer is the same here as it is for every company that actively collects information about its users: in 2013 Facebook announced they had found a bug that revealed the personal information of 6 million users. The leaked information, of course, included the extra information collected in the ghost profiles: emails, phone numbers, and addresses that users had no intention of sharing, all available for anyone who exploited the bug before it was fixed.


If you’re thinking that by not using Facebook, you’ve avoided all of this — Facebook has been the target of multiple class-action lawsuits alleging the company collects this information about non-users without their consent.

One recent lawsuit focuses not on email addresses or phone numbers, but instead “face templates”: whenever a user uploads a photo, Facebook scans all the faces and creates a “digital biometric template”.

In other words, Facebook is using math to determine who’s who in a picture, based on a scan of your features. If you’re already a user, Facebook can suggest that your friend tag you, but if you’re not a user, Facebook attaches your “face template” information to the same ghost profile with your other contact information on it.

Even if you’ve never signed up for Facebook, you may have a profile that contains your contact info and a mathematical template of what you look like nonetheless.

Originally published at SpiderOak.com on May 24, 2015.

Written by

Security with no backdoors. End-to-end encrypted collaboration and backup. Protecting your security with No Knowledge software for 11 years.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store