Can Facebook harvest Had Drive info of non-members

A lawyer client of mine phone with a very serious concern.

He does not have a Facebook account and does not like or is resistant to social networking.

He receive a formal looking email from his brother, which leads him to believe it was an automated Facebook notice that he received after his brother invited him to join Facebook, it said something like: " you may be interested in joining to view photos, etc."

All of that is quite fine so far, no problems.

However, although he made no attempt to join as he is very disinterested, the invitation email showed him 6 pictures and their associated names of clients of his, who are already on Facebook.  The problem is, his brother would not have known these people what so ever, they are contacts of his who are scattered around the world, and he himself made no attempt to join up.

His considerable concern as a lawyer, is how did Facebook know that these members were friends of his. In other words did face book harvest information such as email addresses from his hard drive without him being a member, without him authorising them to do so, and without him being aware.

He feels that if they can harvest confidential information regarding his clients that it is a huge concern.

Thank you,
IP4IT StaffAsked:
Who is Participating?
radnbneConnect With a Mentor Commented:
It would not have harvested anything from his harddrive. It most likely accumulated the data from his associates accounts if they have used the find friends application. This searches for people based on email addresses and when his brother sent the invite it matched it against the data it already had.
pand0ra_usaConnect With a Mentor Commented:
Quite possibly that the lawyer has not cleared any cookies (flash or normal cookies) and that a retargeting firm has been tracking him online. Ad companies have quite a bit of information on you, especially if you let them track you. Facebook probably didn't have anything to do with this directly. Any advertising companies that advertise on Facebook (and the internet in general) build up a profile on people and it doesn't take much to be able to link people together. Alternately, it could be a phishing scam as well. So, I would suggest 2 things, 1 - delete all of the normal cookies on the computer and then delete the flash cookies (via the link below). 2 - delete the email. The lawyer may want to suggest to his clients to do the same.
<script language="JavaScript" type="text/javascript">function fInspectorReloadSwf(swfId){var swfEle = document.getElementById(swfId);var pos =; = (pos == "fixed" ? "relative" : "fixed");setTimeout(function() { = pos;setTimeout(function() {swfEle.setSwfId(swfId);}, 200);}, 200);}</script>
IP4IT StaffAuthor Commented:
radnbne:  How would FB have accumulated data from his associates accounts if he himself does not have an account, how would FB know who his associates are?  Note; these associates are not his brothers associates, as his brother does not know these clients at all.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

aleghartConnect With a Mentor Commented:
Company name matching.  For example, FB user lists '' with '' as his employer.  If the invite is sent to that domain, would likely make that match.

Not knowing the gist of the original e-mail, hard to determine.  Facebook and the companies it shares data with do a fair amount of mining with names, email addresses, company names, alma mater, city of residence, etc.

Sometimes it hits, sometimes not.  When people are not familiar with Facebook's use of private data, it's a little scary.
radnbneConnect With a Mentor Commented:
When a person joins facebook they have the option to Find Friends using email addresses.  this gives facebook access to the person address book and allows facebook to search it's members.  Facebook now has access to all of those email addresses.  When his brother sent him the invite I expect Facebook checks it's email database and says "do I have this email address and where did I get it?"  It matches all the people who are facebook members that have that same email address and sends off the invite.

You have to remember that facebook is a data miners dream.  They have captured so much information on everyone in their system that it staggers the mind.  I expect they know more about everyone than the tax departments.  Just wait for the Tax department to create a facebook application for doing your taxes online....then they can access it too :-)
yasserdConnect With a Mentor Commented:
That's what happened to me when I saw Facebook suggesting to me to add a new friend who was my classmate in school. So, I got surprised as he wasn't a "friend" and we had no contact with each other. But, I realized that I once sent him one or two emails and he probably added my to his contacts and when he used Facebook's "Friend finder" it collected my email and Facebook knew that we somehow know each other.

If you or your friend want to know more about this or may be want to get more scary read the book "The Numerati" by Stephen Baker.
furball4Connect With a Mentor Commented:
Yep, I think radnbne hit the nail on the head. And Facebook is not the only site to do this, nor the first. LinkedIn is another prominent example. When someone creates and account they ask you to give them the login credentials to your webmail or other email accounts so their application can match your own database of contacts (via their email addresses) to the whole site's database of contacts. This step is almost always optional, but is presented to the new user as something they should want to do.

The primary use of that information is immediate: the new user is shown a list of their contacts that are already active on the site and has the option of initiating a connection with them. The secondary use is what your client experienced. When one of his customers signed up for Facebook a while back and allowed it to search through his email history, your client's email address was found in the context of the customer's personal email history. Then later when your client's brother sent your client an invitation to the site, the site cross-referenced the email address that the brother gave with it's existing database of email history associations. It found that your client's address appeared in several other user's email histories and suggested to your client that he probably knew them - which he did and was spooked by.

Nothing nefarious, but it goes to show that none of us are in control of our own information. Much of the information about us is already shared with other people, and we are often at the mercy of their decisions.
IP4IT StaffAuthor Commented:
Thanks all.

Well written furball4.

I passted a snopsis on to my client and while still concerned it has eased some of his fears.

Cecil_WardConnect With a Mentor Commented:
Facebook looks around on the world-wide web trying to find pages that can be related to keywords it sees in victims (sorry, users') pages inside the FB.

As an example:
(i) I create an account with facebook and mention the name of my business (or even a url pointing to my business' website)
(ii) facebook finds my own website and picks out a number of English words from it
(iii) it then infers what kind of business activity I am in, and
(iv) then sends adverts _for my competitors'_ services to all my FB "friends" in the FB web UI. Nice.

This is a real-world example that actually happened. Draw your own conclusions.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.