Facebook offers advertisers 'shadow contacts' that are not exposed to users


by Stock Catalog

When using SNS such as Facebook and Twitter, you may register your phone number and mail address, and you may be forced to share a "contact book" that registers contact information for family members and friends. A paper has been published demonstrating that Facebook provides information on this contact book to advertisers and advertisers are conducting targeted advertisements based on the phone numbers registered in the contact book.

Investigating sources of PII used in Facebook
targeted advertising
(PDF file) https://mislove.org/publications/PII-PETS.pdf


Facebook Is Giving Advertisers Access to Your Shadow Contact Information
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051


The research team at North Eastern University and Princeton University in the United States gets a Facebook account that registered a contact such as a phone number and how the information of the contact book linked to that contact is used for the advertiser I examined whether it was broken. At the time of the survey, Facebook needed to register a phone number for 2-step verification. And as a result of the investigation, I found that this phone number was targeted for advertisement within a few weeks. The research team says the user who wants to strengthen the security of the account entrusts privacy to Facebook instead of enabling two-step authentication by registering a phone number.

About this matter, Facebook spokespeople said, "We use personalized information to provide more personalized experiences such as displaying relevant advertisements to users". Meanwhile, Facebook changed from the end of May 2018 so as not to require telephone number registration by 2-step verification.


by Maurizio Pesce

Also, when a user A shares a contact book with Facebook that contains contact information of a user B who has never registered a phone number with Facebook, the user B's telephone number was targeted by the advertisement about a month later It was. From this result, the research team argues that user A's information was provided to the advertiser from the contact book that user A shared to Facebook. However, it is impossible for user B to delete his / her contact from user A's contact information, because of privacy trade-off, so long as someone shares the contact book, he does not know his personal information It can be said that it will continue to be used by advertisers.

Mr. Kashmir Hill, a writer of Gizmode, "Shared data of contact books that advertisers can access, although they are not publicly available" is called "shadow contacts", and users can read "shadow contacts" He seems to have appealed to Facebook for more than a year for editing. However, Facebook has refused to disclose the shadow's contact book, assuming that handling of shared contact information is internal secret.


by CAFNR

In addition, the research team made a list of fixed phone numbers placed at North Eastern University and created a Facebook account on the device that registered the list. These telephone numbers lead to each office of North Eastern University, and those who work in the office do not know who is registering this number itself at the time of account creation. However, there is a possibility that someone uploading the phone book registered with the number of the fixed telephone number in the office for the function "Search for friends".

As a result of the experiment, I found that despite that many of these fixed phone numbers are not registered in the account, they are targeted for advertisement. When researchers advertise on Facebook as an experiment, Professor Alan Mislove who had registered office telephone numbers on the list said that advertisements issued by researchers on the newsfeed were displayed.

Regarding this experimental result, when Mr. Hill asked for comments on Facebook, Facebook spokeswoman acknowledged that "Advertisement was probably displayed because someone uploaded contact information". Facebook has not objected to any of the findings of researchers, "Facebook has received advertisements based on data policies and uses that information to control the advertising experience including custom audiences Please refer to this article for details on how to manage the data used to display the user's advertisements. "It is said that a spokesperson sent an e-mail to Mr. Hill.



Associate Professor Alan Mislove of Northeastern University Computer Science Department, who has a name in my thesis, says, "I think that many users do not fully understand the mechanism of modern advertisement targeting.The advertiser is the user's email address, telephone number · Based on name and date of birth, you can specify exactly who you want to display advertisement, not only Facebook but also Google · Pinterest · Twitter. "

in Web Service,   Security, Posted by log1i_yk