Do you realise what information the social media behemoth has on you? This is how you can find out.
I know a lot of security people, and I also know a lot of Facebook people. There is, however, little overlap between these groupings. I’m an outlier because I belong to both groups. Many security professionals have long advised against using the social media platform or are actively calling for its removal. I follow a tight eye on security issues and products, such as antivirus software, and I use Facebook sparingly. I don’t think it’s necessary for me to remove my Facebook account. But, now thats Facebook has made it so easy to download all the social media platform knows about me, I went ahead and did it. While going through the resulting archive, I ran upon several positive and unpleasant shocks.
I’m careful, Really I am a
For years, I’ve known that when it comes to Facebook, I’m not the customer; I’m the product. Except for friends, I keep my profile secret. In my public profile, I don’t say much, and not all I say is true. For example, while I did study Existentialism in college, I am not a Pastafarian because I have never been “touched by his noodly appendage.” I never click on sketchy websites on the spur of the moment. In addition, I run a security suite that alerts me whenever a potentially dangerous link slips through the cracks.
I never play Facebook games because you’d be shocked, if not outraged, at how much data they can collect. Due to a Farmville account that constantly pinging me to come play, I had to silence one of my family members. I’ve been known to take some ridiculous quizzes, but only the ones that ask you questions to figure out who will kill you in Game of Thrones. Even yet, the questions should not be ones that could provide answers to your security concerns. Those quizzes that promise to scan your Facebook data and provide you with a score? Those are lethal! I’m not going to touch them.
I never log into websites using my facebook (or my email account). By doing so, you’ve created a single point of failure for your Facebook password. All of your accounts are wide open as a result of a single exposure. Instead, I create strong, unique passwords for each site using a password manager.
However, being careful isn’t enough. My friends’ sloppy security might potentially make some of my information public. As a result, I tightened up my privacy settings to prevent Facebook from sharing my information. I went all-in, opting to turn off the sharing platform completely. Facebook issued ominous warnings, stating that doing so would disable my apps and prevent me from using my Facebook credentials to log in. I smiled and continued on my way. Isn’t it now that I’m fine? Well, perhaps.
Your Archive is available to download.
It’s simple to get a copy of all the information Facebook has on you these days. (At least, that’s what they say…) Well, it’s not too easy. You must go through numerous steps in order to prevent your archive from being stolen by others. This is how I did it, and how you may do the same.
- Log in to Facebook and click Settings from the drop-down menu in the top right corner.
- Click the last item on the General Settings page, the link to download a copy of your data.
- Facebook warns that data collection may take some time. Click “Start My Archive” from the drop-down menu.
- On the next page, tab Start My Archive once more and wait for the completion message.
- Get a copy of your Facebook archive.
Because this is sensitive information, you’ll have to provide your my facebook password twice during the procedure. Facebook also warns that you keep the downloaded data safe because it contains important information. When you’re not actively reviewing the data, your best bet is to encrypt it.
To start, there will be no surprises.
When you unzip the downloaded archive, you’ll find a folder named html, messages, photos, and videos, as well as a file named INDEX.HTM. Ignore the folders for the time being; simply launch INDEX.HTM and start browsing.
The Profile page, which contains general information about you and your Facebook account, is where you start. This includes the date and time you joined Facebook (in my example, Thursday, June 28, 2007 at 8:15 a.m. PDT), as well as your address (if you provided it), birthday, gender, hometown, and other information. It doesn’t know the difference between public and private information.
My archive also lists a list of all three-dozen people I’ve identified as family members. Family ties are 1 of the main reasons I stay on Facebook. I don’t tends to give likes in those categories, therefore my lists of music, books, movies, restaurants, and websites are short. The list of Other Likes, on the other hand, is more interesting. I must have liked around 60 pages, ranging from Notorious RBG to Thic Nhat Hanh to “The Official Petition to Establish “Hella-” as the SI Prefix for 1027.” At the very least, Facebook doesn’t have a terabyte of information about me…
This page also lists a list of all the Groups to which I belong. It’s a longer list than I imagined, owing to the fact that at least half of them haven’t done anything in years. However, I’m not convinced that intentionally disengaging from dormant groups is beneficial.
Friends and friends that aren’t
I obtained a list of all my Facebook friends by clicking the Friends link, which was arranged from newest to oldest. There’s no surprise there! But when I scrolled down, I discovered a lot more. Sent Friend Requests, Received Friends Requests, Declined Friend Requests, and Removed Friends are also listed. That’s correct. Facebook knows who you’ve unfriended and who you’ve declined or ignored as a friend request.
Because that’s what I do, I dumped the list into Excel for analysis. I found that a dozen of the entries occur in many categories, and that some of these duplicates appear to convey a tale. I purged my friends list to make it more manageable a few years ago, but I later brought some of the people I had removed back. They’re there—Removed Friends, but Friends later. Others persisted, with Declined Friend Request being followed by Received Friend Request (which I ignored).
People who only appeared in the Received Friend Request list are possibly the most interesting category. That is to say, I received the request and simply ignored it rather than explicitly denying it. I confess to having a friend-request overload. After ignoring requests for a long, it’s difficult to go through and decline the ones you don’t want. Sorry to the 70 people that fall within that group!
I found a couple more tiny categories near the end of the list. I only have one Followee, which means I only follow one semi-public figure who isn’t one of my Facebook friends. You might have a few more. According to Facebook’s analysis of my friend list, I belong to the “Established Adult Life” Friend Peer Group. Why? Perhaps for marketing purposes?
What are the contacts of the people you’ve been in touch with?
The Friends page is understandable, however it includes more information than I thought. The Contact Info page, on the other hand, baffles me. It lists hundreds of people in no particular sequence, as well as one, two, or 3 phone numbers. Who are these peoples, and where did they originate? There are even entries for people who are no longer alive, some of whom died before I ever joined Facebook.
I also copied and dumped this list into Excel, checking off any numbers I had actually called. Only 10% of the list is taken up by this. Approximately 6% of the contacts appear twice, with the majority having the same phone number. Almost all of the names ring a bell, but not through Facebook.
I used an Excel formula to mark any name from my Friends list that also appears in the Contacts list as a sanity check. This accounts for 11% of my friends. In the opposite direction, only 6.5 percent of my Contacts match the Friends list, owing to the fact that I have more Contacts than Friends.
I’m not sure where Facebook received this list of phone numbers and contacts. I must have granted them access to my contacts on some platform, but even then, I usually store email addresses (which are noticeably lacking from this list), not phone numbers. It’s perplexing!
At a Glance: My Entire timeline
At first, I was underwhelmed by the page that appeared after clicking Timeline. I routinely post an image with a caustic comment, as do many others. The photographs are skipped in the Timeline view, and the caustic comments are meaningless on their own. Then I used Ctrl+End to advance to the end of the page. Wow!
Every my facebook post I’ve ever made is archived in this timeline. I’m not sure if going this far back in the Facebook user interface is even possible. If it were feasible, scrolling down, down, down would take hours, if not days. The nearly ten-year-old posts found my interest. “Feeling chilly after pedalling 10 miles in the rain Sunday to see the Amgen riders start the first 100-mile ride” brought back memories of the first Amgen Tour of California bicycle event. And I was pleased to remember my grown daughter’s high-school success, which included winning first place in a regional animation competition.
Even in this handy one-long-page format, paging through the entire Timeline would be too much for one person to handle. However, if you want to check exactly when a specific event occurred, such as one you posted on Facebook, you can easily search the page for event. It’s essentially a database of your whole Facebook history. What a wonderful, unanticipated find.
Every photo, Awkwardly
By selecting Photos, you’ll get a similar list, which includes a timeline of every photo or album you’ve ever shared. It includes the album’s release date and any comments, but not the text you submitted with it. Unless the photo has comments, you won’t see the dates when you click through to the individual photos. Facebook publishes a slew of (in my information) useless data. Make and model of camera. Orientation, width, and height are all factors to consider. F-stop, ISO, and focal length are all factors to consider. These are especially useless in my older photos because they’re frequently blank or zero. I couldn’t figure why some iPhone photos have some information while others have none.
Mobile Photos, Timeline Photos, and Profile Pictures are just a few of the preconfigured folders where photos show automatically. These display the non-useful camera data first, followed by any comments, much like the photos in your customised folders. There isn’t any evidence of a post that went along with the photo, and there’s no indication of a date unless it’s in the comments.
My facebook provides a link named Facial Recognition Data for a few photos. When you click the link, you’ll be presented with a slew of nonsensical figures and raw data. The fact that they were all photos of Halloween pumpkins doesn’t bode well for their credibility.
Facebook, in my opinion, should handle this a lot better. Except when specifically requested, keep the camera data hidden. For any photo, include the date. Also, when I take a photo and post it, I should incorporate the post’s text with the photo.
Video on a Small Screen
When you click Videos, you’ll see a list of all the videos you’ve posted, from newest to oldest, with a thumbnail size of 284 by 160 pixels. You’ll also get the date and time of the video, as well as any comments. However, when I clicked on a video, I was greeted with a pleasant surprise.
The Facebook archive archives videos as MP4 files with a resolution of 400 by 224 pixels; it does not link to the full-size video you posted. When I found one of those, the music was good, but the video itself was just a series of shifting bands of colour. I tried a half-dozen videos, and they all had the same thing.
That was when I was using Firefox. The video played well in Chrome and Edge when I opened the same page. Instead of trying internal playback, Internet Explorer suggested opening the video in the Movies & TV app. The video was blown-up to full screen by Movie & TV, making it grainy, but it worked. I’m not sure what Firefox’s problem is, but there are plenty of alternative browsers that can view your archive.
What if your true desire is to find the original full-scale video that you uploaded? Although you can’t get there directly through the archive, it can be of assistance. Check the date under the desired video, then go to your Facebook account online and open the video list. Make an educateds guess as to how far down you should scroll. Check the date on the post that appears after you click on a video. To bracket the desired date, scroll up or down as needed. It’s not ideal, but it’s also not impossible.
More ads, more ads, more ads, more ads, more ads, more ads, more
Facebook exists solely to entice you and other users with ads. Every time you tab on an ad, you’re adding to your profile’s data. When you click the Ads link, the first thing you’ll see is a list of all the topics Facebook believes you’ll be interested in. In my instance, the list is more than a half-dozen items long. Coffee, California, computer security, network security, journalism, and Alejandro Jodorowsky all make sense. Others, such as water, landform, watermelon, and Order of Interbeing (what? ), have me scratching my head. But those are the themes that Facebook uses to determine which ads appear in my news feed.
The next section, Ads History, is far more interesting. This is just a list of ads and sponsored content that you’ve recently clicked on. I’m not sure when it was published; the most recent one in my feed is from around seven weeks ago. It might potentially be a predetermined number of recent ad clicks. The total number lists in my archive come out at a remarkably round number of 100. Yes, I confess it: I clicked on 100 ads. To be fair, I try to stay away from unsubstantiated “Sponsored posts,” but I do occasionally click on ads shared by friends.
The archive lists “Advertisers with your contact information” at the very end, in my case eight of them. I recognise the majority of them, however I’m not sure how or why they obtained my contact information. However, there are a couple with whom I am absolutely unfamiliar. I’m not going to Google these since I’m afraid it’ll only give The Watchers additional information.
Messages in a Mess
Facebook, predictably, keeps track of every conversation you have using Facebook Messenger. When you click Messages, all of those discussions show. And the result is a page that is nearly useless.
There is a list of about 200 names and name-groups in my archive that is in no obvious order. Click the name to see the conversation. There are a few that have no conversations associated with them. Others are unsolicited Messenger chat attempts from people I’ve never met. There’s no way of knowing whether a given name or group will lead to a real conversation.
When I looked up names for which I knew I had a Messenger history, I discovered that it does actually list every transaction, all the way back to the first. Because the messages show in reverse chronological order, you must scan the date/time stamps to find the initiating message and then read from bottom to top to read a single conversation. What a disaster! And if you remember having a conversation about a specific issue but can’t forget who you were conversing with, forget about it. There is no other way to search than to open each name and search.
This could be so much better, my facebook! Yes, give us a list of names, but also show us how many messages each one has. Sort by name or by the number of messages received. When we open a list of messages for a certain individual, we display them in chronological order from oldest to newest, with a visual indication to indicate the start of each new conversation. Finally, please allow us to search all messages. That’d be a really handy list of messages!
Pokes and Events
I’m sure you’ve been received to a number of events on Facebook. If I receive an invitation to a truly private event, I make it a point to actively choose whether to accept or decline. But if I’m just not interested, whether it’s because the event is too far away or because it sounds uninteresting, I usually don’t do anything. Surprise! The Events page lists a list of every event invitation you’ve ever received, including some you’ve completely ignored. This list doesn’t seem to have much value, but it appears to be harmless.
The list of pokes is similarly useless and harmless. These days, who pokes each other?
I assumed that clicking Security would show my Facebook Security settings, possibly along with a history of modifications. Was I ever wrong!
The list of Active Sessions on this page is a bit unclear at first. It listed 17 active sessions, one of which was identified as Facebook for iPad (properly) and the other 16 as Unknown. What are we to make of that?
The Account Activity list that followed was even more cryptic. A apparently unending list of entries describes events such as Session updated (which is the vast majority for me), Web Session Terminated, and Login in excruciating detail. The one entry that was a little more interesting accurately reported the date and time of the most recent password change. These entries are only about two years old.
The next section contains a list of Recognized Machines, which includes entries for two iPads and two iPhones. Which ones are they? I’ve had a few. All four date/time stamps show they were created on December 31, 1969, at 4:00 p.m. PST. That date appears improbable. The entries do not provide any identifying device information other than the IP address, and none of the last-modified dates are newer than 2014.
A list of logins and logouts from the previous year found no purpose for me. Cookies and IP addresses used or changed in the previous year are shown in a list of Login Protection Data. The list concludes with IP address-based estimated locations with only simple decimal latitude and longitude and no link to a map display.
There is an tiny portion at the very end that may be useful to some. Changes to your passwords, changes to your security answers, and something called “Checkpoint completed” are all listed in the Administrative Records area.
So, yes, Facebook does store excruciatingly precise information about your logins and gadgets. You can stare at it till your vision blurs. This data may be dumped by a security specialist to detect probable hacking, but the common user will find little of interest.
Facebook Knew Things I Didn’t Know
I hadn’t given much thought to what data Facebook stores about me before my latest trial. It obviously needs to save my posts and photos, and I’m aware that it employs certain algorithms to determine which ads to show. My Facebook archive was a huge eye-opener after downloading and paging through it. I was surprised by an number of things, some of which were positive, some of which were negative, and others which were simply…surprising.
- Your whole Facebook history can be indexed in the Timeline archive. In your live Facebook feed, it’s nearly impossible to scroll back a few years, but you can search the full timeline in the archive.
- Facebook is aware of more than simply my friends. It recognises everyone who has asked to be a friend, even if I have declined. It knows who I’ve unfriended and who I’ve turned down friend requests from. Maybe it’s not so horrible, but I was taken aback.
- The archive’s video list is organised from newest to oldest and includes a date/time stamp for each video. However, you don’t get to see the full post; the video is displayed in a little rectangle, and it doesn’t appear to work in Firefox.
- Some of the items on Facebook’s “my” ad subjects list make sense, while others look bizarre. It’s eye-opening to realise I’ve clicked 100 ads in less than two months.
- At some time in the past, I gave Facebook permission to collect all kinds of unrelated contact information. Surprisingly, it simply lists phone numbers, despite the fact that I’ve never called 90% of the people on the number, and many of them are deceased. Unsettling.
- Your archive lists a list of everyone with whom you’ve ever communicated via Messenger, which seems useful. However, the information is unorganised and difficult to follow, and you can’t search your messages.
The top of this page & download your own archive using the instructions. Page through it, think about it, and try to get past the portions that are poorly constructed. The archive isn’t only proof of what Facebook knows about you. If it doesn’t encourage you to delete Facebook, you may make it into a beneficial resource.
If you’re going to keep My Facebook, I strongly encourage you to disable the platform that allows Facebook to share your data. That means you have to give up your games and apps, those nefarious little spies. You must also use unique passwords to log in to websites. But they are all positive things! You can continue to use Facebook while maintaining (most of) your privacy if you take these steps.
Do you enjoy what you’re reading?
Sign-up for the Security Watch newsletter to received our top privacy and security articles in your inbox.