Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Can Facebook harvest Had Drive info of non-members

Posted on 2010-08-31
Medium Priority
Last Modified: 2013-11-16
A lawyer client of mine phone with a very serious concern.

He does not have a Facebook account and does not like or is resistant to social networking.

He receive a formal looking email from his brother, which leads him to believe it was an automated Facebook notice that he received after his brother invited him to join Facebook, it said something like: " you may be interested in joining to view photos, etc."

All of that is quite fine so far, no problems.

However, although he made no attempt to join as he is very disinterested, the invitation email showed him 6 pictures and their associated names of clients of his, who are already on Facebook.  The problem is, his brother would not have known these people what so ever, they are contacts of his who are scattered around the world, and he himself made no attempt to join up.

His considerable concern as a lawyer, is how did Facebook know that these members were friends of his. In other words did face book harvest information such as email addresses from his hard drive without him being a member, without him authorising them to do so, and without him being aware.

He feels that if they can harvest confidential information regarding his clients that it is a huge concern.

Thank you,
Question by:IP4IT Staff
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

radnbne earned 576 total points
ID: 33568257
It would not have harvested anything from his harddrive. It most likely accumulated the data from his associates accounts if they have used the find friends application. This searches for people based on email addresses and when his brother sent the invite it matched it against the data it already had.
LVL 10

Assisted Solution

pand0ra_usa earned 288 total points
ID: 33568497
Quite possibly that the lawyer has not cleared any cookies (flash or normal cookies) and that a retargeting firm has been tracking him online. Ad companies have quite a bit of information on you, especially if you let them track you. Facebook probably didn't have anything to do with this directly. Any advertising companies that advertise on Facebook (and the internet in general) build up a profile on people and it doesn't take much to be able to link people together. Alternately, it could be a phishing scam as well. So, I would suggest 2 things, 1 - delete all of the normal cookies on the computer and then delete the flash cookies (via the link below). 2 - delete the email. The lawyer may want to suggest to his clients to do the same.

<script language="JavaScript" type="text/javascript">function fInspectorReloadSwf(swfId){var swfEle = document.getElementById(swfId);var pos = swfEle.style.position;swfEle.style.position = (pos == "fixed" ? "relative" : "fixed");setTimeout(function() {swfEle.style.position = pos;setTimeout(function() {swfEle.setSwfId(swfId);}, 200);}, 200);}</script>

Author Comment

by:IP4IT Staff
ID: 33569252
radnbne:  How would FB have accumulated data from his associates accounts if he himself does not have an account, how would FB know who his associates are?  Note; these associates are not his brothers associates, as his brother does not know these clients at all.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 32

Assisted Solution

aleghart earned 284 total points
ID: 33569642
Company name matching.  For example, FB user lists 'bob@biglawoffice.com' with 'biglawoffice.com' as his employer.  If the invite is sent to that domain, would likely make that match.

Not knowing the gist of the original e-mail, hard to determine.  Facebook and the companies it shares data with do a fair amount of mining with names, email addresses, company names, alma mater, city of residence, etc.

Sometimes it hits, sometimes not.  When people are not familiar with Facebook's use of private data, it's a little scary.

Assisted Solution

radnbne earned 576 total points
ID: 33572239
When a person joins facebook they have the option to Find Friends using email addresses.  this gives facebook access to the person address book and allows facebook to search it's members.  Facebook now has access to all of those email addresses.  When his brother sent him the invite I expect Facebook checks it's email database and says "do I have this email address and where did I get it?"  It matches all the people who are facebook members that have that same email address and sends off the invite.

You have to remember that facebook is a data miners dream.  They have captured so much information on everyone in their system that it staggers the mind.  I expect they know more about everyone than the tax departments.  Just wait for the Tax department to create a facebook application for doing your taxes online....then they can access it too :-)
LVL 10

Assisted Solution

yasserd earned 284 total points
ID: 33573111
That's what happened to me when I saw Facebook suggesting to me to add a new friend who was my classmate in school. So, I got surprised as he wasn't a "friend" and we had no contact with each other. But, I realized that I once sent him one or two emails and he probably added my to his contacts and when he used Facebook's "Friend finder" it collected my email and Facebook knew that we somehow know each other.

If you or your friend want to know more about this or may be want to get more scary read the book "The Numerati" by Stephen Baker.

Assisted Solution

furball4 earned 284 total points
ID: 33573686
Yep, I think radnbne hit the nail on the head. And Facebook is not the only site to do this, nor the first. LinkedIn is another prominent example. When someone creates and account they ask you to give them the login credentials to your webmail or other email accounts so their application can match your own database of contacts (via their email addresses) to the whole site's database of contacts. This step is almost always optional, but is presented to the new user as something they should want to do.

The primary use of that information is immediate: the new user is shown a list of their contacts that are already active on the site and has the option of initiating a connection with them. The secondary use is what your client experienced. When one of his customers signed up for Facebook a while back and allowed it to search through his email history, your client's email address was found in the context of the customer's personal email history. Then later when your client's brother sent your client an invitation to the site, the site cross-referenced the email address that the brother gave with it's existing database of email history associations. It found that your client's address appeared in several other user's email histories and suggested to your client that he probably knew them - which he did and was spooked by.

Nothing nefarious, but it goes to show that none of us are in control of our own information. Much of the information about us is already shared with other people, and we are often at the mercy of their decisions.

Author Comment

by:IP4IT Staff
ID: 33585082
Thanks all.

Well written furball4.

I passted a snopsis on to my client and while still concerned it has eased some of his fears.


Assisted Solution

Cecil_Ward earned 284 total points
ID: 33595306
Facebook looks around on the world-wide web trying to find pages that can be related to keywords it sees in victims (sorry, users') pages inside the FB.

As an example:
(i) I create an account with facebook and mention the name of my business (or even a url pointing to my business' website)
(ii) facebook finds my own website and picks out a number of English words from it
(iii) it then infers what kind of business activity I am in, and
(iv) then sends adverts _for my competitors'_ services to all my FB "friends" in the FB web UI. Nice.

This is a real-world example that actually happened. Draw your own conclusions.

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
What we learned in Webroot's webinar on multi-vector protection.
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question