Technology

Why Does Facebook Recommend Someone It Cannot Know I Know?

Friends of mine sometimes accuse me of being unsociable as I tend to steer clear of social media. I used to have a very active Facebook account with around 2,000 friends but a year or so back I found it to be too much of a distraction and deleted it. These days I do have another, virtually dormant, Facebook account with just the one friend, my partner, purely so she can send me messages easily. Apart from that my account is as anonymous as it’s possible to be. The only social media site I really use – and that’s for professional purposes – is LinkedIn.

Of course that doesn’t stop Facebook making constant friend suggestions which I barely register as they’re already friends of hers and I have no intention of adding them. But the other day I noticed among my Facebook recommendations two people who weren’t friends with her; investigating a little deeper I found they were partners of work colleagues. How can that be, I wonder, since there is nothing at all to connect my Facebook account with the office; I’ve never had any of my co-workers as connections and nowhere the name of the company I work for is mentioned. So how does Facebook know we have something in common? I did a bit of digging to see if I could find any clues as to how Facebook tries to connect people.

What Data Does Facebook Collect?

Facebook collects a lot of data about you, possibly more than you realised. From your name and email address when you sign up to everything and everyone you befriend, message, post, like, share and all other interactions on the site including where you live, went to school, worked and any other location based information. There’s also metadata included in photos you upload giving the time it was taken, the location and the type of camera. Whenever you use GPS-based services Facebook can track where you are and use that to determine not only friends and family nearby but also infer how you’re connected to everyone else at the same location. That’s a lot of information about you already but we’re not finished yet: whenever you take a look at someone else’s profile, even if you’re not connected, Facebook will record that action. It gets worse: any web page you visit with Facebook’s code – such as the “Like us on Facebook” or “Share this” options – will also be logged and stored against your profile together with other information relating to your visit. Also any Facebook applications you use on your PC or phone can also be used to gather information about you and your location.

As if that wasn’t bad enough, Facebook also mines data from the computer, mobile phone or other devices you use to access it. This can include, when you share the computer with others, the operating system you use, your IP address and other information such as your internet service provider, the type of web browser you use and all the web pages you visit.

These are just the actions you take which Facebook harvests, there are also the actions taken by your friends: tagging you in a photo or a status, making suggestions for friends and pages, posting pictures and links on your profile – I remember someone posting a link to my wall on my old account for a product available from Amazon which I had no interest in, but the next time I went to amazon.co.uk it recommended the same product to me.

Despite what you may think this is not news and it’s all publicly disclosed in Facebook’s data usage policy which you can read at here.

Facebook’s Only Explanation Is Not Relevant

Back to my original question, how does Facebook use all this information to suggest people you may know? It’s a little on the cagey side with explanations and refers only to the contact importer tool: “suggesting that another user add you as a friend because the user imported the same email address as you did, or suggesting that your friend tag you in a picture they have uploaded with you in it” and “To make it easier for your friends to find you, we allow anyone with your contact information (such as email address or telephone number) to find you through the Facebook search bar at the top of most pages, as well as other tools we provide, such as contact importers – even if you have not shared your contact information with them on Facebook.”

Having read that my first thought was it must have suggested them to me through my personal email address as I have the same one registered with LinkedIn and Facebook can search your email contacts if you give it permission to do so. But neither of these people use LinkedIn, I haven’t got their email addresses in my contacts and nobody from work nor connected to work has my personal email address. So that means Facebook’s only explanation is not relevant. Could any of the other ways Facebook collects information on me have been used instead? Not that I can determine. We have nothing in common online; the only commonality is that we both know some people in common but that knowledge does not extend to Facebook or online interaction in any way.

Beyond FB’s User Data Policy

So what are we left with that could possibly lead Facebook to know we might be friends? I think the answer lies in what I’ve already mentioned earlier quoting the data use policy: “…your IP address and other information such as your internet service provider, the type of web browser you use and all the web pages you visit” (my italics). While there’s nothing to suggest we visit the same web pages, what we do have in common is that my home gateway IP address will access my employer’s mail services very frequently to synchronise my inbox, and their home gateway IP address will do the same, plus the community of Facebook users who share this is going to be very limited as I don’t work for a large company.

Attempting to match other Internet services accessed over location-based broadband goes way beyond the Facebook data use policy. If for example I was working remotely on some classified government project could Facebook use their data-mining techniques to find out who else was working on the same project? Or say I was part of a secret criminal organisation using the Internet to connect with others, would Facebook discover this and squeal to the forces of law and order? Notwithstanding the fact that in these two scenarios there are much more secure ways to collaborate and communicate, to me this has the stink of privacy invasion.

It would seem the only thing to do is delete my Facebook profile and so miss out on all the presumably targeted advertising which generates their revenue. The fundamental question to ask would be is Facebook an advertising-funded social media tool or yet another Big Brother spying on you and what you get up to? If the latter is the case it is no wonder, then, that I want to be unsociable online.

The following two tabs change content below.

Rob Horne

Senior Consultant at Trustis Limited
Rob Horne has been involved in security for many years and although most of this has been within the sphere of information security he’s also dabbled in security of people, buildings and events, plus a year working as a close protection officer. Currently Rob is responsible for security at Trustis, a company he joined in 2009. Outside work, Rob enjoys many hobbies ranging from field archery to writing fiction.

44 Comments

  1. Just wanted to let you know that while perusing your article here, I invoked an accessibility feature in modern Web browsers that allow one to zoom in to make text larger or smaller. Since I had difficulty reading the article, I bumped up the text size on level as I often do on many other sites. In the case of your website, the floating “Share” banner in the left sidebar interferes with the text by overlapping it. This renders your website deficient from an accessibillity and usability standpoint. Wanted to let you know so you might consider revising it to correct this deficiency. Great article, by the way!

  2. “While there’s nothing to suggest we visit the same web pages, what we do have in common is that my home gateway IP address will access my employer’s mail services very frequently to synchronise my inbox, and their home gateway IP address will do the same, plus the community of Facebook users who share this is going to be very limited as I don’t work for a large company.”

    This… is on par with a user suggesting their printer stopped working after IT replaced their mouse…

    Your exit your home gateway to hit your work mail server. The people in question do the same.

    How does FB know about this IP? You say it’s for mail, not a web proxy, so you’re not browsing FB through the same IP. Are you, and them, actually going through your employer’s SMTP server to send mail to a facebook email address? If not, then how do you suggest that FB is aware of your desktop at home connecting to a remote IP? Your suggestion is that black-box, make-stuff-up thing that non-IT workers do when they don’t understand how something works. Your assertion here appears to be “facebook knows all the remote IPs on the entire internet that my machine communicates with, and all other users, and found two people who have connected to the same IP I have”.

    That’s ludicrous, Hollywood, and very make believe.

    • Do you have any other suggestions then hotshot? Considering he’s dead on with the IP assumptions. There’s only one thing that currently links two different facebook accounts of two different people using my computer, and that’s the use of my computer.

  3. Paul Dowsett says:

    I think this is a really good article until the conclusion, where you have left out any real evidence for your assertion. This is a shame, because I was almost ready to share it.

    Facebook does not know “ALL the web pages you visit”. As it’s policy states, it only “receive(s) data whenever you visit a game, application, or website that uses ‘Facebook Platform’ or visit a site with a Facebook feature (such as a social plugin)”. Furthermore, to support the other commenter (AJ), how could Facebook possibly know about the IP address that your machine’s mail client is connecting to? Are you suggesting that it is somehow circumventing the separation of concerns upon which all modern Operating Systems and browsers are based?

    • Paul and Aj, I am not saying that you are some PR guys, but I want to make sure readers notice that while you obviously have a technical background in such matters, none of you appears to be intrigued by the technical issue raised here – i.e. how does Facebook know?

  4. Rob Horne says:

    Hi Aj and Paul, thanks for your comments. The point of the article is I don’t know what information Facebook has used to suggest these people to me, but I do know all the published methods are not applicable. I’ve suggested an answer but I don’t know if it’s right or wrong; if you have any better ideas I’d appreciate hearing them.

  5. Paul Dowsett says:

    Ernest, contrary to what you may think, I am extremely intrigued by the lengths to which Facebook and other web services will go to profile their users, and concerned about them overreaching ethical boundaries. This is why I was so interested in your article. Thank you for clarifying the final section, which could be very misleading in its current form, especially for less technical people.

    I was equally unhappy with Facebook’s “people you may know” feature when I accepted a friend request recently. This friend had decided to set up a new account, and I was the first person that she added. Even though I have set my friends list privacy setting to “Only Me”, I was very confused when she was able to tell me who all my friends were, even those that I was certain she did not know. It’s clear that Facebook’s definition of “privacy” is different to everyone else’s.

    Now that we have established that Facebook is unlikely to be able to track the IP addresses used by 3rd party software, do your readers have any other suggestions? For instance, could it be that the algorithm extracts friends of friends of friends (in your case, your wife’s friends) and filters out all of those that do not live in your local area?

    • Well you say that they can’t but they track other info..

      I messaged my dad about an item I needed (on a txt message) and they started to advertise this product on my Facebook. .

      So they definitely can get information from 3rd party software

  6. It appears to me that Facebook is making connections using metadata that is gathered from third-party sources as a means of breadcrumbing to solidify connections that it suspects might exist between two entities on its social network. Bottom line: this is scary.

  7. Dave Howell says:

    The corollary is why does FB allow some Friend requests to erupt into backlash such as “harassment”. FB is not called “Friendbook” and after all isn’t FB supposed to be about connecting? Why then do they punish someone for reaching out to an unknown acquaintance when a potential Friend might already share 30% or more of your current friends?

  8. As others have stated, there is no possible way FB knows what other IPs you visit, so that is not it. I suspect the truth is quite simple, they suggest these people because they have looked at your page. Maybe they are connected somehow to your wife and can see you as one of her friends or maybe they just searched your name or whatever and found your page (there is no way to hide completely on FB) and by simply looking at your page, however locked down you think it might be, FB then knows they are interested in you so thinks you might be interested in them. LinkedIn does exactly the same thing, which is why occasionally random people from your past get suggested to you…

    But, People, if you think this is “scary” or has the “stink of privacy invasion” then vote with your feet! SIMPLY DON’T USE IT! There is no point in thinking what they are doing is evil and then justifying your subservience to them because your account is “as anonymous as it’s possible to be” or the other favourite I keep hearing is “well I don’t use it that much”. It’s like admitting Apple are evil because they devise £25 cables to make your old £25 cable obsolete, have the power to influence the media large portions of nations are exposed to and only let you run software on your device that they vet and make 30% from and yet still getting suckered in to a £800 contract to have one!

    The apathetical‎ herd is being willingly pushed off a cliff…

    • Rob Horne says:

      Hi Alan, thanks for your comment. As I use a fake name on FB – not a nickname or any combination of my real name – I cannot see any way they could’ve found my profile. They’re also not mutual friends with my partner and have no mutual friends in common. If there’s another explanation apart from the one I’ve put forward I’d like to hear it.

      Your second paragraph is spot on and I agree completely!

      • Thank you Rob for posting this. We have the exact same issue at my house. One computer was used for two profiles. There is no other shared information between the two.

  9. I discovered this article after a search simply because I have recently joined Facebook (I really can’t abide by it – it’s a drain on society), however some other apps I use require a Facebook account, which sucks. So I made a page with nothing on it and with no intention of using it. But like in the article the first email I get for ‘friends you may know’ show 5 people who I do know, from past and present – impossible. The only way I believe it can know that I know those people is because I have clicked on their Facebook pages previously – however get this, one of these people I probably checked on about 4 years ago. So the only reasonable explanation is that Facebook stores any search or facebook site you have clicked on from your computer at the time of doing so and keeps this for future in case you join Facebook. It’s the only way since I do not have these peoples information on my pc or anywhere else it could link me to them. The only way is via the web. One other name was an old work colleague from about 6 years ago – who I never even presumed was on facebook even and so I certainly didn’t click on their page. This contact can only come from mining my PC for information since their name would only be found on old documents on my PC, nowhere else, not email or phone, nowhere, just old excel files. so for sure Facebook goes right through all your files on your PC.

    I was justified in never having an account until now unfortunately.

    • Tony Bambrough says:

      Jack you are so right. I found your post while searching the same issue. It has to be Fb mining data. It cannot be the phone number solution suggested by Thwaiting, which sounds right but doesn’t answer my attempts.I have several unconnected Fb accounts and regularly get spooky offers of people I may know but there should never have been any connection. I tried setting up a new account on a different pc with totally different credentials and still got offered people I know. Worried.

      • Alphenex says:

        For me the scariest one and the reason I found this page through a search was an attorney I used which only would have been known through court documents as their phone number I do not have and has changed since then and was only to the firms main office and was labeled as such not as lawyers name but their name came up not law office page or other lawyers. Since court documents you would have to have odd access or searches for this really made me wonder about Facebook. I have had terrifying experiences with Facebook even with all the so called privacy settings to max, someone found my address and showed up at my house unannounced and unwanted, I have never been fond of this but it’s how distant relatives keep in touch but even deleted all the info is still in their systems now. It makes me wonder about third party data mining and how deep they nine our personal info as nothing seems personal anymore as we know the NSA has monitored us for years now, why wouldn’t tech business be able to mine a ton as well, ethically or not, we need to speak up and work for greater Internet privacy rights for the people.

  10. It’s the phone number connection. You give Facebook your cell phone number to validate. That random person has your phone number in their contacts. They sync their contacts with Facebook and viola… Connection made.

  11. If youre using your own email address to set up a facebook accout regardless of the name you use. All anybody needs to do us type in your email address to the search bar if your privacy settings are open to this your account will appear. You will then see them as people you may know because theyve viewed your profile.

  12. I have a fake name on Facebook and no friends yet Facebook knows who my friends are and suggest them as friends. Some I am certain I have never viewed on Facebook. So, the suggestion that it looks at who you are connected to may be true but I believe it gathers the information by nefarious means as well. This is one reason I dont use my real name.

  13. I believe it is phone number or data mining related. I run a campsite and keep getting friend suggestions of people who have stayed with us, yet the only contact has been by phone, text (they are not stored in my address book) or by email this work email address is accessed from the computer I use for facebook, but is not linked to facebook

  14. I have an example to add that happened to me just now. I was booking a cottage off a vrbo listing and confirmed the booking with one email via my gmail account to the owner. The next morning, Facebook recommends that owner as a friend. I was not on Facebook once between the time I first went to the vrbo site and discovering the new recommendation. I have no shared friends with this person and their name is not published in the rental listing. The rental listing is over 3000 miles away in a location were I have no friends. It would appear Facebook sees who I email on my “private” gmail account.

    I have tons of examples like this that make it very clear if you want your personal identity, your photo, and that of your family not very public you cannot use any social media and especially Facebook as they do appear to be the best at connecting the dots. I’m sure the NSA follows their work closely. This doesn’t bother me. What does, is that Facebook is hardly transparent in what is private and what is not.

    Oh, after I post this I’m sure all of you will be my friends on Facebook!

  15. This is scary stuff.

    I found your article after receiving an inexplicable suggestion, and thought I’d add it to the mix:

    The suggestion:
    A client at a new office I just started at.

    Reasons for suspicion:
    I use a fake name on fb
    My fb account is locked down to be unsearchable
    I have a separate email account for my fb account that I don’t use anywhere else
    My phone number is not linked to fb
    He is not a contact on my phone
    We have no friends in common
    We have never socialised, and have fairly different life styles
    We are not linked explicitly in any social media
    We have never communicated online, other than through our work Google domain – which I access in a different browser to my Facebook account
    I have never looked at his profile, nor any other fb profile from his company – I only really use fb for messaging real life friends

    I work in online technology, and find the scale and accuracy of fb data mining terrifying.

    Also saying, just don’t use it doesn’t really help: this is just a visible example of how tech companies can discover personal data beyond agreed terms.

    Just think what other, less visible, connections are being made about you, every time you go online.

  16. Agreed with the previous comment. FB is just too insidious. I have one “fake” email address tied to my FB acct and no phone. Suddenly my barely known neighbour – with whom I’ve only texted – shows up as a friend suggestion.
    I’m shitcanning FB tonight.

  17. Not Given says:

    You summed up everything that I have come to know about facebook as well. Between the intersyncing with nearly every site and data mining, they have been able to successfully collect and sell data.

    Most law enforcement agencies (FBI, Police, etc.) tend to check facebook first as they understand how much data facebook collects.

  18. Phone and email addys. I have multiple email addresses. I log in with my phone no. I just noticed fb suggesting friends from an account not used in any way for fb. Ever. I believe after you log in on any device, it records your activity. Ive only had my number for four yrs, people from over ten years ago showed up suddenly….as far away as china. All were contacts from that non related addy.

  19. Hi i really want to add something very unusual.
    I recently (2 weeks) started using pof dating site. Signed up the general way and created a new email address. Did not use my real details on the sign up or even give the area i am from. I only used my mobile phone and chatted to a few people who also use usernames not real names.
    Anyway today i used my pc to check an old facebook account i had not used for almost a year
    I was very shocked to see two top friend suggestions as two guys i have been talking to on the dating site. I did not even know their last names and both do not even know my first name yet never mind my surname!
    How on earth did fb know this. No mutual friends not even same area and neither could of searched as they don’t know my name.
    I had to delete my old account immediately as if they recommended me as a suggestion to them they would know all my details and all about me when i want to keep that private from men off there.
    Now fb must be spying what i am doing and then spying on whoever i am doing it with to be able to have done this??

  20. Marienplatz says:

    I actually feel a bit better now. I thought the person who could not possibly know my FB user info was the one spying on me–most of you are convinced it’s The FB algorithm itself. Thanks!

  21. I had a Facebook friend suggestion from a person that I barely knew 6 years ago (before I even had a FB account), she lives 3 hours away from me (so location services wouldn’t apply) and I do not have her phone number saved at all on my phone. Since we barely knew each other, I would assume she also would not have my information saved to her phone for the friend hint to be coming from her side of Facebook. I have had no contact with her in 6 years and she is an older lady and would have no reason to look for me. However I have an old email from her from back then, so my only conclusion is that Facebook scanned my emails to connect us. There is no other possibility. :-/

  22. I have not been concerned about privacy because I try to live transparently and authentically, so that I truly have nothing to hide; however, I have recently noticed some very disturbing information on FB. Since I confided these concerns to my (grown) daughters, they also have begun to note odd activity. I was initially alarmed when I was looking at my “about” page. It listed all the places I had visited – some easily traceable through my passport – but some that they should NOT have known about. For example, in 1966 at the age of 12, I traveled by car with my family from upstate NY to Valdosta, GA to attend a wedding. FB has noted that I visited Lancaster, PA while en route, and also my arrival in Valdosta. This was long before I had a driver’s license or credit card, so how did they obtain this information? A second example took place in 1973 when my boyfriend and I traveled from San Antonio, TX back to our hometown of Orlando, FL. We stopped en route at a hotel in Panama City, FL and spent the night together. I did not share this information with anyone, certainly not my parents or siblings, not anyone, since I didn’t want to be judged. Yet FB has included the fact that I visited Panama City in 1973. Since then I have also noticed that I can be discussing something random – aloud – with a friend or family member only to see it pop up in the ads within a couple of hours. So it is not getting it from emails or texts but rather from spoken conversation. I am not involved with any covert or weird organizations; however I am outspoken on FB about my Christianity, being a conservative, constitutional patriot, and a friend of Israel. In addition, I live and work abroad which I suppose could seem unusual. Since I told my daughters about this, they have also been noticing ads reflecting topics of conversation. Has anyone else seen examples of FB knowing more about your personal travels than it should, or picking up on random topics of conversation? Thanks for listening.

  23. I am not a te hnically advanced person by any means. I used Facebook for years and knew that they collect the data. However few recently suggested friends to me totally creeped the heck out of me. If I could if explained two by having their actual phone number, one was plain creepy. Haven’t talk to this person in years, no phone number, nothing. More importantly all of them showing up at the dame time as friends makes me want to close down my profile.

  24. I’ve only just started to get these recommendations and was concerned, hence I came upon this post. While reading through the comments I remembered that last week I temporarily downloaded the Facebook app onto my phone and used it a couple of times. I’m now convinced that FB has just stolen contact data from my phone. I have no doubt that I gave permission for it somewhere deep in their terms accepted by me, but that does not remove the fact that they now have this data and I have no way of reverting this. Consequently they are now recommending me (and vice versa) to thousands of business connections past and present.

    Little wonder FB is so hates by so many.

  25. I am very intrigued. Just a few minutes ago facebook recommended my new boss as a friend. I started a new job a couple of months ago, I am new in town and I have not added any connections from work to social media, so, if I don’t have any friends of friends of friends in common, and I have not connected with any coworkers (not even on Linkedin) I can only think of two possibilities:

    1) I have exchanged emails with my boss from my gmail account, which is NOT the email account that I use for facebook

    2) I have his phone number stored in my phone.

    Personally I can see how I could have provided access to my contacts through my phone app, but I find all of this very scary.

    • Is it possible that your boss searched your name on Facebook and clicked on your page? I imagine that a lot of employers research new employees on social media.

  26. I think FB can read open windows or tabs across your browser. I set up a profile with a throw away email and used it for a couple days all within an incognito chrome browser. There were never any friend suggestions. I made the mistake of logging in on a regular browser with my normal email open in another window. Suddenly, there were tons of friend suggestions which look to be people I’ve emailed, some only once or twice. And only a several few should have my phone number in their contacts…

  27. If you have a smartphone (99 out of 100 people do) and you access Facebook through your phone/Tab, Not only do you share your contacts, but also your behavior, the apps that you use on a daily basis, for example as app developers we had a small team dedicated to understand the way apps like tinder work. To our surprise, Facebook also mines and collects data from such apps and if a user “likes” another user profile on tinder or related apps, Facebook actually shows that user as a “a person you make know”… which brings a strong point in front, all the other apps which use Facebook to log in “anonymously” aren’t really helping you staying anonymous… are they?

  28. Just yesterday Facebook recommended someone I knew from school years ago despite us not living anywhere near each other (as far as I know), not having eachother’s phone numbers and not having eachother’s emails. I also didn’t have that school anywhere on my Facebook. It’s very strange as to how they could possibly know I knew this person.

  29. Met a person at a bar the other night. Total random as far as ‘friends of friends’ go. We spoke for about 15 minutes. Didn’t exchange phone #s email or even our last names.

    Two days later that person popped up on my FB as “people you may know”

    How could they possibly know that I had just met that person ?

  30. Facebook recommended as a friend a plumber I used and paid with a check. This was four years later. My name was fake but figured maybe the plumber searched me years ago when I used my true name. Now yesterday facebook suggested my two fellow managers at my new job. We have no mutual friends on FB and my last name is fake, I never listed my occupation or place of employment. I access work email from home on the same computer. My email used to register for facebook has one of the two managers listed as I sent her an email from that account once. This occurrence has no logical connection to me and boggles my mind. I deleted my facebook account. I just a week ago got an iphone and almost wish I hadn’t. I know my phone and credit card and probably every website I view or online purchase is known by someone.

    • I just remembered that I typed my work email address in a private FB message to a person that wanted to use me for a job reference. Crap. Still they are accessing something somehow. That info alone wouldn’t connect us with 32000 employees at the company in various locations and departments.

  31. I met someone (not a FB friend) just for coffee last week, who showed me, on her smartphone, a pic of her ex and his new girlfriend. I don’t know him or her from a bar of soap. He and his GF pop up as friend suggestions (I recognised them from the pic she showed me). Creepy!

  32. Today we set up a face book page to advertise and track a lost pet in our area. I used a fictitious name, not my birth date, an obscure email I set up not related to anything and not ever used, and gave no other information other than my phone number.
    FB Suggested people I have not seen or heard from for more than a decade, and people I know of through other people but do not know.
    The phone number must be the key. I have an old style phone (it doesn’t even take photos), but I am guessing the other people have my phone number on their phones which could be smart phones or other, never used one so I don’t know how they work. How the machinery works in the phones I do not know but it might be linked to such phones.
    Think we might go back to landline phones. All a bit alarming.

  33. How did this happen? I have some phone contacts that I am NOT friends with on FB. I noticed that some of their friends are showing up in people I may know in FB. Remember those contacts in my phone are not friends of mine and there are no mutual friends. I could see why these phone contacts could possibly show up in people I may know. Even though I didn’t sync or upload contacts from my phone. But why are their friends now showing up in people I may know? HELP!!!!

  34. Barbara WALTERS says:

    I found this article because I was freaked out by some of the friend suggestions that Facebook could not possibly know.. I have a theory that it is people who have viewed my profile on LinkedIn. I thought that data was very confidential.. I cannot even see it unless I pay a monthly fee and I do not.. so I can’t prove this theory.. but how could Facebook get this data?

Leave a Reply