You had a Facebook profile, but then you deleted it. Or maybe you chose to never sign up. If you’re this type of person, you’ll find yourself in good company. Despite Facebook’s continued commercial success, “Why I’m Leaving Facebook” has become something of an Internet literary genre. One analyst has estimated that as many as 11 million grade school and college-aged people have left the site since 2011.
But choosing to keep away from Facebook or other social media platforms doesn’t necessarily mean you’re beyond their reach. Many believe that Facebook stores information on non-users through Facebook users’ contact lists, maintaining a database of “shadow profiles” on these non-users. In theory, clicking “OK” on a mobile app that asks you to share your address book could create a new cache of these shadow profiles. Attention to the issue picked up steam in the summer of 2013, when Facebook announced it had unintentionally exposed some 6 million users’ email addresses and phone numbers through a security bug–some of which were never given to Facebook directly by the users, but instead harvested from other sources.
Last month, three privacy researchers at the Swiss Federal Institute of Technology in Zurich (ETH Zurich) uploaded a paper to pre-publication archive arXiv looking more closely at what shadow profiles could do. They used an old public data set–3.5 million profiles from Facebook predecessor Friendster–to see what could be predicted about non-users just from the information about them uploaded by friends or family within the network.
The results the researchers demonstrated were disturbing. By separating the Friendster profiles into two groups–one that would play those “in” the network and one to play those “outside”–the researchers were able to use a sophisticated algorithm to predict the sexual orientations of people in the outside group. Conclusion: Even if you take your identity offline, much of it can be deduced from what your friends inadvertently upload about you.
“If you’re able to infer the sexual orientation of someone who is not in a social network then you can infer many other things about them,” says co-author Emre Sarigol. “The idea behind constructing a shadow profile is to profile a society that doesn’t have to be connected to a social network or online community.”
An important caveat: Just because ETH Zurich researchers demonstrated they could create very sensitive and detailed shadow profiles doesn’t mean that companies like Facebook are creating such shadow profiles. (Facebook, however, did not return a request for comment.) But Sarigol says that his work highlights a vulnerability in the system that’s ripe for exploitation. He asks: What if a repressive government started persecuting homosexuality? Could they demand that social media platforms turn over their troves of data on users and non-users alike?
That might seem like a distant idea for some, but Sarigol–originally from Turkey–says that the paper asks that readers might at least consider the implications of how much information we can reveal about our friends just by joining an online social network. “It’s a political issue, in my opinion,” he says.