Facebook has phone numbers and email addresses you haven’t provided
It’s no secret that Facebook is mining your data. That much has been made obvious this year. But the extent of the social media giant’s knowledge is still being exposed, as more and more research is being done into Facebook’s advertising methods.
A study by Northeastern and Princeton University researchers aimed to figure out the exact extent of Facebook’s knowledge. In partnership with Kashmir Hill from Gizmodo, a Northeastern University professor of computer science named Alan Mislove tested his theory that Facebook has access to phone numbers and email addresses that users hadn’t provided. Hill ran an ad specifically targeted at Mislove’s landline number, a number which he had never given Facebook. He saw the ad within hours.
How is this possible? This and more are explained in Mislove’s paper, which analyses Facebook’s relationship with your data, and what sorts of information advertisers can have access to. The paper is fascinating, but at 18 pages long, it’s a bit of a daunting read.
READ NEXT: Facebook is secretly rating your trustworthiness
The paper focuses on Facebook’s use of “personally identifiable information,” or PII for short. Basically, this is unique information that can be used to identify you – email addresses, phone numbers and so on. Some of this information is given to Facebook directly – the email address you use to sign in, for example, or the phone number you use to sync your Messenger contacts. Once you give this information to Facebook, it becomes permanently associated with your profile.
PII is extremely useful for advertisers. Facebook’s custom audience feature allows advertisers to pick and choose who sees their ads based on the PII they have about their customers. So, if you’ve ever given a company your email address or phone number, it’s possible they’re targeting you with ads on Facebook. Facebook does mention this on their ad page, although it’s still not exactly common knowledge.
But that’s not even the creepiest part. Hill was able to send an ad to Mislove using a landline number that he had never put on his account. Mislove’s theory was that Facebook was getting this information from other users’ contact books. “It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all,” wrote Hill, “but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call ‘shadow contact information.’ I managed to place an ad in front of Alan Mislove by targeting his shadow profile.”
READ NEXT: Facebook shared data from millions of users with Apple
When your friend syncs their contact book with their Facebook account, they’re inadvertently giving Facebook access to PII that would otherwise be unavailable to them. What’s worse is that you have no control over PII associated with your account in this way. Mislove and the rest of the research team discovered this during their testing.
The researchers used a factory-reset phone and created a contact for one of their team members, using a name and email address that Facebook had access to and a phone number that it didn’t. Then, they used the Messenger app to sync contacts, and set an ad out to target this number.
“We found that the previously-unused phone number became targetable in 36 days … Making this situation worse, the matched phone number was not listed on the account’s profile, nor in the ‘Download Your Information’ archive obtained from Facebook; thus the target user in this scenario was provided no information about or control over how this phone number was used to target them with ads.”
Basically, your friend could unknowingly give Facebook your phone number, and you can’t do anything about it. Why? Because that would violate your friend’s privacy. Yep, for real.
READ NEXT: Check out which companies benefited from Facebook’s data extension
Facebook has, in a bit of a roundabout way, confirmed that this is happening. “People own their address books,” a Facebook spokesperson told Hill by email. “We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them.” Despite this confirmation, Hill says that Facebook has denied using this “shadow contact information” for advertising purposes.
In fact, Facebook seems determined to hide these practices at all costs. They’ve been doing a lot of that lately. And every time the issue is brought up, they’re quick to remind us that you can manage your ad preferences. But as we’ve already seen, we have no control over PII uploaded without our knowledge. So, even if you take every precaution, you can still be targeted by advertisers.
So, what can you do? Unfortunately, our options are sort of limited here, since we don’t actually have access to everything that Facebook knows about us. But you can still control, to an extent, your ad experience, and you can try to keep your phone number separate for your account. Or you could just go and delete your Facebook account entirely, which at this point, seems like the best-looking option.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.