Deleted Data, Removed Friends, Log-In Record and More Available to European Facebook Users

Facebook offers users the Download Your Information tool to let them get a copy of all their content and connections, but we’ve now learned that the site is storing additional data about users not available in this export. This data includes deleted content, rejected friend requests, removed friends, a list of all of a user’s logins with timestamps and IP addresses, and several unfilled data fields that could pertain to unreleased products.

European citizens can request for Facebook to send the a CD loaded with a .PDF of this data plus much of what’s available in Download Your Information independently or through a privacy organization called Europe vs. Facebook, as Silicon Filter reports. However, Facebook makes users fill out a complicated form and reports indicate it doesn’t always comply with requests right away.

Still, the knowledge that Facebook is storing so much data, meta-data, and deleted data on users may impact how they use the site and view the company. Facebook should consider making more of the data it holds available to each user regardless of their citizenship. Most of the data wouldn’t be valuable to competitors, but just knowing they could retrieve it might quiet the privacy and data portability concerns of some.

Critics and security researches often complain about how Facebook handles user data. Just this week, Facebook came under some partially misguided criticism about the cookies it stores on a user’s device after they log out. Nik Cubrilovic thought Facebook was using some cookies for ad targeting when they were actually to improve site security. However, Facebook did confirm a bug discovered by Cubrilovic was causing User ID numbers to be stored in cookies in some cases, and has pledged to fix this today. More transparency could reduce the frequency of these complaints.

Highlights from the Facebook Privacy Data CDs

European users who succeed in leveraging their right to access personal data about themselves receive a CD containing the following data fields:

Here we’ll look closer at some of the more interesting data fields and discuss why users might be concerned that Facebook is holding this information:

Removed Friends and Friend Requests

Last week, a guide surfaced explaining how to use a complicated process and the new Timeline profile to determine who you are no longer friends with but once were. This data is readily available in the Facebook data CD.

User     Peter Freund (2266770044)
Time     2008-06-05 23:54:03 UTC
Removed By     2266770044

Also available is the date, sender, recipient, and status of all the friend requests a user has sent or received. Users might be surprised to find out even their rejected friend requests are being stored.

Sender     Peter Unfreundlich (1122334455)
Recipient     Max Mustermann (123456789)
Rejected      true
Time      2008-08-25 06:50:56 UTC

Logins and Account Status History

The Facebook data CD includes a record of the time, IP address, and site of every time a user has ever logged in to Facebook. This data may be deleted by Facebook after some time. As there is no record of visits or time-on-site, this is the closest users can get to finding out how frequently they’ve checked Facebook. Also available is a record of all the account activations and deactivations, which could be used to identify those especially concerned with privacy.

Time     2011-06-27 17:41:16 UTC
Site     WWW

Photos, Shares, and Wall Posts

While users can find some of this data in Download Your Information, these fields also included content users had deleted as well as lots of meta data. Shared links and wall posts that users had deleted appeared in the data CD.

It appears that when a user deletes a tag of themselves from a photo, that tag is actually only “deactivated” and may still be present in Facebook’s records. All the meta data about a photo’s location, when it was taken, with what device, and many of the device’s photo settings are also available in the data CD but not Download Your Information.

Album    Mobile Uploads
Image    [Fofo-Datei]
Titel    Picture of Max, Perta and Kurt
Upload Ip
Uploaded     2009-04-10  13:06:43 UTC
Tags               Subject Id     123456789
                      Subject Name     Max Mustermann
                      Creator Id     123456789
                      Created     2009-04-10 17:25:23
                      X      51
                      Y      23
Comments     User     Max Mustermann (123456789)
                     Text      I love this pic!
                     Time     2009-04-10 17:28:10 UTC
Taken     2009-04-10  11:03:46 UTC
Modified     1234567890
Camera Make     Apple
Camera Model     iPhone 3GS
Orientation    1
Original Width    0
Original Height     0
Iso Speed     0
Focal Lenght    
Latitude     48.123456789012
Longitude     16.3655

Last Location

This shows the geographic location of a user’s last login to Facebook, including latitude, longitude, altitude, accuracy, altitude accuracy, heading, and speed. This data could be based on IP address, mobile phone sensors, checkins, listed current city, and more. It could be used to personalize the site’s content. It could also help Facebook identify suspicious logins that may have come from hackers, such as if a user logged in from California then soon after logged in from Russia.

Time     2011-04-16 18:51:27 UTC
Latitude     37.34688913
Longitude     121.94080227
Altitude     0
Accuracy     675
Altitude Accuracy    -1
Heading     -1
Speed    -1

Name Changes

Users are able to change their name on Facebook a small number of times. The record of different names used is not available to a user or their friends through the site, but can be found on the data CD. The information could be used to help law enforcement identify someone by a previously used alias.

Time 2010-03-19 11:48:50 UTC
Old Name Max Mustermann
New Name Max NonOfFacebooksBusiness

Credit Cards

Users who have purchased Facebook Credits will have their credit card information included in an encrypted format on their data CD. The inclusion of this data may contribute to the thorough verification process Facebook makes users undertake to attain the CD.

Profile Blurb

This field came up blank for those who posted excerpts of their data to Europe vs. Facebook. It could possibly be an old “About” section of the profile, or could indicate a forthcoming profile info section that would display introduction on the new Timeline profile design.

Physical Tokens

This field also came up blank. It could be used to list an ID number or something similar for Facebook employees who use a physical key card or security device such as RSA to enter Facebook offices. Alternatively, there’s a chance it could point to a future location product that uses near field communication-enabled devices to let users swipe to check in to Places.

Publish date: September 27, 2011 © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT