Thursday, October 27, 2011

Find what Facebook knows you - here is how to do it

How to find out everything that Facebook *really* knows about you....

Max Schrems, a 24-year-old law student from Vienna, a meticulous document requester and researcher, is now sitting on a pile of 1,200 pages that comprise his personal-data Facebook dossier. 

He secured the data by using a European requirement that entities with data about individuals make it available to those individuals if they request it. 

After Mr. Schrems made the request, Facebook handed over a CD containing data that's now fueling 22 complaints that the law student has filed against Facebook with the Irish Data Protection Commissioner (according to Facebook, European users have a relationship with the Irish Facebook subsidiary). 

The complaints, which Mr. Schrems began to file in August, concern the illegality of these charges (for the full set and PDFs of the filed complaints, go to Kim Cameron?s Identity Weblog): 

* Pokes: Retained even after a user removes them.
* Shadow Profiles: Facebook is collecting data about people without their knowledge, using it to substitute existing profiles and to create profiles of non-users.
* Tags: Used without specific user consent. Users have to "untag" themselves (opt-out).
* Synchronizing: Facebook is gathering personal data - e.g., via its iPhone app or the "friend finder" - and using it without the consent of the data subjects.
* Deleted Postings: Postings that have been deleted showed up in the set of data Mr. Schrems received from Facebook.
* Postings on other Users' Pages: Users can't see the settings under which content is distributed that they post on other's pages.
* Messages: Messages, including Chat Messages, are stored by Facebook even after the user deletes them. This means that all direct communication on Facebook can never be deleted. 

News of Schrems legal activities, along with demands for users own personal dossiers, went viral at the end of last month. Reddit users stampeded, swamping Facebook with requests for personal data after going through the Reddit submission?s four-step tutorial on how to do so.
Here are the steps on how you can request your personal data from Facebook: 

2. Enter your personal information 

3. Make a reference to the following law:
"Section 4 DPA + Art. 12 Directive 95/46/EG" 

4. Click on "Send" 

Facebook cried uncle, sending an email claiming that it could not comply with the requests within a 40-day period. 

Remember how Mark Zuckerberg, in the early days of creating Facebook, called users dumb f*`ks for trusting him with their private information? 

After 7+ years of The Facebook bloating into a private-data behemoth (or boondoggle, depending on your attitude about privacy), one user has finally arisen from the land
of dumb f*`kery to strip the label from his own online persona and instead paste it across the data-gobbling gut of Facebook itself. 

Kudos, Mr. Schrems. 

If you're on Facebook and want to keep informed about privacy issues, scams and internet attacks, join the Sophos page on Facebook, where over 140,000 people regularly share information on threats and discuss the latest security news. 


No comments:

Post a Comment