In real life, in the natural course of conversation, it is not uncommon to talk about a person you may know. You meet someone and say, “I’m from Sarasota,” and they say, “Oh, I have a grandparent in Sarasota,” and they tell you where they live and their name, and you may or may not recognize them.
You might assume Facebook’s friend recommendations would work the same way: You tell the social network who you are, and it tells you who you might know in the online world. But Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:
- A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
- A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
- A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later.
- An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”
Connections like these seem inexplicable if you assume Facebook only knows what you’ve told it about yourself. They’re less mysterious if you know about the other file Facebook keeps on you—one that you can’t see or control.
Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections.
Shadow contact information has been a known feature of Facebook for a few years now. But most users remain unaware of its reach and power. Because shadow-profile connections happen inside Facebook’s algorithmic black box, people can’t see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up.
Facebook isn’t scanning the work email of the attorney above. But it likely has her work email address on file, even if she never gave it to Facebook herself. If anyone who has the lawyer’s address in their contacts has chosen to share it with Facebook, the company can link her to anyone else who has it, such as the defense counsel in one of her cases.
Facebook will not confirm how it makes specific People You May Know connections, and a Facebook spokesperson suggested that there could be other plausible explanations for most of those examples—“mutual friendships,” or people being “in the same city/network.” The spokesperson did say that of the stories on the list, the lawyer was the likeliest case for a shadow-profile connection.
Handing over address books is one of the first steps Facebook asks people to take when they initially sign up, so that they can “Find Friends.” The “Find Friends” option on desktop is very basic:
The “Find Friends” page in the Facebook smartphone app is more inviting, presenting a picture of a spray of flowers and inviting the user to “See who’s on Facebook by continuously uploading your contacts.”
Down in the fine print, below the “Get Started” button, the page states that “Info about your contacts...will be sent to Facebook to help you and others find friends faster.” This is vague, and the purpose remains vague even after you click on “Learn More”:
When you choose to find friends on Facebook, we’ll use and securely store information about your contacts, including things like names and any nicknames; contact photo; phone numbers and other contact or related information you may have added like relation or profession; as well as data on your phone about those contacts. This helps Facebook make recommendation for you and others, and helps us provide a better service.
Take a look at all the possible information associated with a contact on your phone. Then consider the accumulated data your phone is carrying about various people, whether lifelong friends or passing acquaintances.
Facebook warns users to be judicious about using all this data. “You may have business or personal contacts in your phone,” the Learn More screen admonishes the reader. “Please only send friend requests to people you know personally who would welcome the invite.”
Having issued this warning, and having acknowledged that people in your address book may not necessarily want to be connected to you, Facebook will then do exactly what it warned you not to do. If you agree to share your contacts, every piece of contact data you possess will go to Facebook, and the network will then use it to try to search for connections between everyone you know, no matter how slightly—and you won’t see it happen.
Facebook doesn’t like, and doesn’t use, the term “shadow profiles.” It doesn’t like the term because it sounds like Facebook creates hidden profiles for people who haven’t joined the network, which Facebook says it doesn’t do. The existence of shadow contact information came to light in 2013 after Facebook admitted it had discovered and fixed “a bug.” The bug was that when a user downloaded their Facebook file, it included not just their friends’ visible contact information, but also their friends’ shadow contact information.
The problem with the bug, for Facebook, was not that all the information was lumped together—it was that it had mistakenly shown users the lump existed. The extent of the connections Facebook builds around its users is supposed to be visible only to the company itself.
Facebook does what it can to underplay how much data it gathers through contacts, and how widely it casts its net. “People You May Know suggestions may be based on contact information we receive from people and their friends,” Facebook spokesperson Matt Steinfeld wrote in an email. “Sometimes this means that a friend or someone you know might upload contact information—like an email address or phone number—that we associate with you. This and other signals from you help us to make sure that the people we suggest are those you likely already know and want to become friends with on Facebook.”
Users of Instagram and WhatsApp, which are owned by Facebook, can also upload contacts to those apps, but Steinfeld said that Facebook does not currently use that data for Facebook friend suggestions. “Today, we use contacts uploaded to Facebook and Messenger to inform PYMK suggestions,” he wrote.
Contact the Special Projects Desk
This post was produced by the Special Projects Desk of Gizmodo Media. Reach our team by phone, text, Signal, or WhatsApp at (917) 999-6143, email us at firstname.lastname@example.org, or contact us securely using SecureDrop.
Through the course of reporting this story, I discovered that many of my own friends had uploaded their contacts. While encouraging me to do the same, Facebook’s smartphone app told me that 272 of my friends have already done so. That’s a quarter of all my friends.
But big as it is, that’s not even the relevant number. When Steinfeld wrote “a friend or someone you might know,” he meant anyone—any person who might at some point have labeled your phone number or email or address in their own contacts. A one-night stand from 2008, a person you got a couch from on Craiglist in 2010, a landlord from 2013: If they ever put you in their phone, or you put them in yours, Facebook could log the connection if either party were to upload their contacts.
That accumulation of contact data from hundreds of people means that Facebook probably knows every address you’ve ever lived at, every email address you’ve ever used, every landline and cell phone number you’ve ever been associated with, all of your nicknames, any social network profiles associated with you, all your former instant message accounts, and anything else someone might have added about you to their phone book.
As far as Facebook is concerned, none of that even counts as your own information. It belongs to the users who’ve uploaded it, and they’re the only ones with any control over it.
It’s what the sociologist danah boyd calls “networked privacy”: All the people who know you and who choose to share their contacts with Facebook are making it easier for Facebook to make connections you may not want it to make—say if you’re in a profession like law, medicine, social work, or even journalism, where you might not want to be connected to people you encounter at work, because of what it could reveal about them or you, or because you may not have had a friendly encounter with them.
Imagine the challenge for people trying to maintain two different identities, such as sex workers or undercover investigators. Not only do you have to keep those identities apart like a security professional, you have to make sure that no one else links them either. If just one person you know has contact information for both identities and gives Facebook access to it, your worlds collide. Bruce Wayne and Clark Kent would be screwed.
Shadow profile data powers Facebook’s effort to connect as many people as possible, in as many ways as possible. The company’s ability to perceive the threads connecting its billion-plus users around the globe led it to announce last year that it’s not six degrees that separate one person from another—it’s just three and a half.
With its vast, hidden black book, Facebook can go beyond simply matching you directly with someone else who has your contact information. The network can do contact chaining—if two different people both have an email address or phone number for you in their contact information, that indicates that they could possibly know each other, too. It doesn’t even have to be an address or phone number that you personally told Facebook about.
This is how a psychiatrist’s patients were recommended to one another and may be why a man had his secret biological daughter recommended to him. (He and she would have her parents’ contact information in common.) And it may explain why a non-Facebook user had his ex-wife recommended to his girlfriend. Facebook doesn’t keep profiles for non-users, but it does use their contact information to connect people.
“Mobile phone numbers are even better than social security numbers for identifying people,” said security technologist Bruce Schneier by email. “People give them out all the time, and they’re strongly linked to identity.”
Facebook won’t tell you how many people who aren’t your friends have handed over your contact information. The contents of your shadow profiles are not yours to see.
As Violet Blue wrote in Cnet at the time of the shadow-profile bug, “What the revelation means is that Facebook has much more information on us than we know, it may not be accurate, and despite everyone’s best efforts to keep Facebook from knowing our phone numbers or work email address, the social network is getting our not-for-sharing numbers and email addresses anyway by stealing them (albeit through ‘legitimate’ means) from our friends.”
What if you don’t like Facebook having this data about you? All you need to do is find every person who’s ever gotten your contact information and uploaded it to Facebook, and then ask them one by one to go to Facebook’s contact management page and delete it.
Just don’t miss anyone. “Once a contact is deleted, we remove it from our system—but of course it is possible that the same contact has been uploaded by someone else,” Steinfeld wrote in an email.
The shadow profiles, like the People You May Know system they feed into, can’t be turned off or opted out of. The one thing you can do to impede Facebook’s contacts-based connections is, through its Privacy Settings menu, keep people from finding your profile by searching your phone number or email address. (Yes, Facebook functions as a reverse phone-number look-up service; under the default settings, anyone can put your phone number into the search bar and pull up your account.)
“Let’s say you’ve shared your phone number [or email address] with a lot of people and don’t want strangers using it to search for you on Facebook,” Steinfeld wrote. “You can limit who can look you up on Facebook by that phone number [or email address] to ‘friends.’ This is also a signal that People You May Know uses. So if a stranger uploads his address book including that phone number [or email address, it] won’t be used to suggest you to that stranger in People You May Know.”
But you can only block People You May Know from using information you’ve actively provided to Facebook, not what’s in your shadow profile. So to protect your privacy, you need to provide Facebook with even more information about you.
I asked if Facebook would consider sharing shadow profile information with its users, much like it accidentally shared it with their friends four years ago. Facebook says it can’t because it would be a privacy violation of those who gave the information.
“When you choose to upload your contacts to Facebook, we consider your privacy along with the privacy of the friends, family, and others who gave you their phone number or email address,” said Facebook spokesperson Matt Steinfeld by email. “We acknowledge that people might want to see the contact information that’s been uploaded about them to Facebook, but we also have a responsibility to the people choosing to upload this information. This is a balance and we’ll continue listening to people’s feedback.”
Steinfeld also said that while Facebook doesn’t currently “offer a way for people to manage the contact information others have uploaded that might be related to them, this is something I’ve shared with the team.”
As usual, I asked to speak with the People You May Know team directly, but was turned down.