What “downloading your data” from Facebook reveals
Some scary stuff in there
I was wondering what kind of info Facebook is keeping about me. There seems to be a lot, judging by how accurately they show me ads of things that I’m looking at on Amazon and other online retailers.
I decided to “download my data” to see what it contained but also to find out if this data was exploitable in any way.
TLDR; Facebook keeps details of ALL the contacts on my phone: phone numbers, addresses, Google+ profiles. It also has a pretty good idea of where I am every time I connect to it thanks to the IP addresses it has in memory. Also discovered that the data is mostly text, no urls, nothing clickable :-(
How to download your Facebook data
First, click on Settings (or go to https://www.facebook.com/settings)
Then under General, click on “Download a copy of your Facebook data”
You’ll then get the opportunity to request your data
When you do that, you’ll be asked to re-enter your password.
Facebook will then send you an email saying that they’re working on your request. Note that the link to your download will only be available for a few days.
After a few minutes, you should receive another email, this one containing the link to download your data.
Once you click on the link, you’ll be asked to re-enter your password (again) and then you’ll see the green “Download Archive” button you saw earlier. Only this time, when you click it, a .zip file named “facebook-username.zip” will be downloaded.
A walk through the downloaded data
Let’s have a look at what’s contained in this zip file.
Here is the hierarchy of the files. As you can see there are a few html files such as friends, ads, messages etc… as well as your photos and videos.
First of all, the most striking thing is that there is only one external link in the whole downloaded data folder, and that’s a link to your own profile.
Your friends’ profiles, your groups, your likes, they’re all there somewhere, but in plain text and nothing is clickable.
If you thought (like I did) that this backup data was some kind of offline clickable version of your Facebook profile, you’d be disappointed.
Now this is where it gets a little more scary and interesting.
Profile (index.html)
This contains all of your personal data like DOB, email address, your family members, your likes, the apps you have, the pages you admin etc…
One thing of note is that the link to your profile starts with http instead of https which I find strange.
Contact Info
This contains your address, your email addresses (even those I have removed), your phone numbers, and your accounts on other social networks linked to Facebook.
And then, there is the address book.
Shock and horror, all the contacts on my phone are here. I don’t know why, I don’t know how, I don’t remember allowing this but here it is.
Facebook has all my contacts’ details: phone numbers, addresses, emails, WhatsApp profiles, Google+ profiles. Since my Gmail contacts are synced to my phone, these are also on Facebook. Damn! I can’t even start imagining the number of cross-referencing there must be in the background.
Wow! Facebook has all my contacts’ phone numbers and emails. I’m speechless. Even my friends that are not on Facebook, are actually in Facebook’s database, because of me.
Timeline
I found the amount of details included in the timeline to be pretty disappointing/useless.
You can see all the pages that you liked, the date you became friend with someone, the messages people have written on your wall, or that you shared a link, but you can’t see WHO wrote on your wall or WHICH link you shared.
Photos
All your albums, profile pics and timeline photos are included in the download, but the photos are in JPEG format and not in their original size (my largest photo was about 100KB) so I hope you have the originals backed up somewhere else.
The photos come with the associated comments and a bunch of metadata including location (if present) and upload IP address.
Videos
This folder contains
- the videos you’ve uploaded to your profile,
- the videos you’ve uploaded to groups and pages
- the videos Facebook has generated for you like those for you birthdays and other friendship celebrations (friendversaries — not my word), even if (like me) you’ve never added these to your profile:
Friends
So here you have list of your friends, of the ones you’ve unfriended, of the pending friends request, of your followers etc…Again it’s a shame Facebook doesn’t give you links to their profile.
Messages
Messages are quite difficult to make sense of.
First of all, they appear in no particular order so at the top of the page I see messages from 2009 and at the bottom from 2010 — go figure.
Also, the interlocutors sometimes appears by name and sometimes under the form xxxxxx@facebook.com. xxxxxx is the id of a user so https://www.facebook.com/xxxxxx leads to the interlocutor’s profile.
Events
Here you have an exhaustive list of the events you’ve been invited to or created. The list also specifies whether you have attended, declined, didn’t reply to, replied with “maybe” or created the event.
Security
Well, if you ever wanted to know where you connected to Facebook in the last few years, just look into the security data.
I could see all my logins/logouts, sessions, IP addresses, authorized devices and other administrative records. This file has thousands of records almost all of them include an IP address.
Have a look at this (heavily reduced) file:
Ads
Facebook has a list of the types of ads you could be interested in, probably gathered from the things you liked as well as from your cookies gathered from other websites.
It also has a list of the ads you clicked on as well as the ads on which you clicked the X. However, these are not saved forever, the oldest one I could see in my data was 7 weeks old.
Anyone thinks Facebook retains too much data?
You can find more info here (it’s from Facebook Help but a bit incomplete):