Facebook’s private policy of keeping ‘shadow profiles’ has recently come to light after programming errors resulted in the leak of private information on over six million users. The California-based company has apologised for the leak and is actively strengthening its security policies to prevent any future data leaks.
Despite the company’s apology, however, users have taken to discussion boards to discuss Facebook’s controversial ‘shadow profile’ policy. When users downloaded their account data using Facebook’s ‘download your account’ feature, their archive included phone numbers and email addresses that were not granted to Facebook.
Online privacy experts believe that the ‘shadow profiles’ were generated when a user’s email address book or phone contact list contained information on one of Facebook’s existing users that didn’t match their profile information. Facebook would automatically add this data to a ‘shadow profile’ for all of its users.
If a user allowed Facebook to access their contact list, for example, all of their data would be used to augment Facebook’s existing user data. New phone numbers for existing users would be added to their accounts, albeit not publically, as part of an extensive system full of undisclosed information on existing Facebook users.
Privacy advocates have criticised Facebook for retaining unauthorised information on its users, claiming that the policy is an invasion of peoples’ privacy and a serious risk in the event of a data leak. With Facebook’s involvement in the PRISM scandal a media focus, many are concerned that the data could be used for surveillance.
Others have expressed concern that Facebook’s large advertising client base could gain access to private email addresses and phone numbers that were users did not volunteer to Facebook. The social network allows advertisers to target users based on their location, age, interests, and other important identifying factors.