Facebook CEO Mark Zuckerberg testifies before a joint hearing of the Commerce and Judiciary Committees on Capitol Hill in Washington. Photo / AP
Facebook CEO Mark Zuckerberg testifies before a joint hearing of the Commerce and Judiciary Committees on Capitol Hill in Washington. Photo / AP
Mark Zuckerberg has endured 10 hours of questioning from US senators over the past two days. Some questions were good, many were benign, one or two were weird and some betrayed a total lack of understanding of the digital age.
But there was one subject the social media mogul definitely didn't want to talk about: "shadow profiles".
When Zuckerberg was asked about Facebook's so-called shadow profiles he was visibly uncomfortable (well, more than usual) which had plenty of people asking what exactly are they?
Behind the regular Facebook profile you've built for yourself, the company has another one essentially built from the inboxes and smartphones of other Facebook users who have shared their contacts.
So contact information that you've never shared with the social network ends up being stored and associated with your account giving the company a more extensive map of your social connections.
You know those creepy and sometimes seemingly inexplicable friend suggestions Facebook prompts you with — shadow profiles are often behind them. When you share your number with someone on Tinder and later see them as a Facebook friend suggestion, well you get the idea.
It's this system that powers the company's People You May Know algorithm and from a privacy point of view it's one of the most insidious things Facebook does.
It also keeps these sorts of shadow profiles on internet users who don't even have a Facebook account.
The company collects data on people's online habits regardless of whether they are users. It pays third-party websites and mobile apps to let it place "cookies" and invisible pixels — as well as "like" and "share" buttons — on them. These identify non-users and report back to Facebook on people's surfing habits.
For instance, technologist Daniel Kahn Gillmor from American Civil Liberties Union recounted to the AP how he once got an unsolicited email from Facebook encouraging him to join. It included names and email addresses of friends and relatives and at least one "web bug" designed to identify him to Facebook's web servers when he opened the email.
For some reason shadow profiles rarely came up during the hearing the past two days but New Mexico Senator Ben Lujan had clearly done his homework.
At one point he asked Zuckerberg whether Facebook "has detailed profiles on people who have never signed up for Facebook".
After hesitating, in response the 33-year-old billionaire said: "In general we collect data on people who have not signed up for Facebook for security purposes."
Then the senator got straight to the point.
"So these are called shadow profiles, is that what they've been referred to by some?" he asked.
The response from Zuckerberg was perhaps the most dubious of the entire session: "I'm not — I'm not familiar with that," he said.
There was a collective eye roll from educated viewers watching along. One tech reporter called the response "bulls**t of the highest order".
Technology journalist for The Guardian Alex Hern, who covers Facebook extensively, wrote on Twitter: "It is unthinkable to me that Zuckerberg is not familiar with the concept of 'shadow profiles', and the absence of a straight denial that they exist is probably the strongest evidence that yes, Facebook continues to maintain shadow profiles."
Despite Zuckerberg's claims of ignorance, the Mr Lujan pressed on with his line of questioning.
"I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?" he asked, hoping in vain for a straight answer.
"I do not know off the top of my head," Zuckerberg replied.
"Do you know how many points of data Facebook has on the average non-Facebook user?" Lujan asked.
"Congressman, I do not know off the top of my head but I can have our team get back to you afterwards," came the familiar response which has become a crutch for Mr Facebook whenever he's been asked a question which may elicit an uncomfortable truth.
Zuckerberg is under all sorts of pressure. Photo / AP
As for the need to track non-Facebook users across the web, Zuckerberg cited the need to help prevent the unauthorised "scraping" of user data from the platform. He also said that "anyone can turn off and opt out of any data collection for ads, whether they use our services or not".
But that's not entirely true.
"It may surprise you that we've not talked about this a lot today. You've said everyone controls their data, but you're collecting data on people who are not even Facebook users who have never signed a consent, a privacy agreement," Lujan said.
The senator then pointed out that when you go to the "I don't have a Facebook account and would like to request all my personal data stored by Facebook" tab on the website it takes you to a form that says "go to your Facebook page and then on your account settings you can download your data".
"So you're directing people that don't even have a Facebook page to sign up for a Facebook page to access their data … We've got to change that," Lujan said.
News.com.au has sought comment from Facebook about its use of shadow profiles.
In February, a Belgian court ruled that Facebook had violated European privacy law by tracking non-users because it had not obtained consent either to collect or store the data.
While Facebook said it is changing its data policy for European users, the company has appealed the decision.
