Vassilios K.Manoussos, Computer Forensics Expert
Jun 17, 2014
What you did not know, is that there may be a copy of your old Facebook profile, online on another website.
Facebook has created controversies in it short life, especially when it comes to its users’ privacy and the ownership of their posts and photos.
Truth be told, Facebook does have the tools for users to restrict their exposure, and make sure their posts, photos and intimate thoughts are not available to anyone outside their trusted circle of friends. However the T&Cs are and have always been long, and complicated. If lawyers have problems understanding them or simply following them, then surely it will be a minefield for the rest of the population.
I Google my name from time to time, because I want to see if anyone has commented on articles I have written, but also because it is a good business practice to actually check what other people say about your business, and take appropriate steps when necessary.
Recently I came across a Google hit on my name from a website called profileengine.com. Most of the people reading this article never heard of it, but this site has heard of you! In fact this site is mirroring people’s profiles from Facebook, with all the data you had available on your Facebook profile.
I started doing some digging and one of the first things I saw was that my profile was machine generated (it was generated automatically; I certainly did not create it). Then I saw a link on the ProfileEngine website to “Claim my profile”. I followed the instructions, registered my email and I got access to my account. The first thing I noticed was that the account had a profile picture from a few years ago. It also had a list of friends that was not up to date. Many of these people I had deleted from my contacts many years ago, some of them are now even blocked. However it seemed that this website did not really care about this. Some more digging into their terms and conditions revealed the truth about my mirrored Facebook profile. According to their help pages:
“Profiles on the Profile Engine were collected from two sources:
1. Profile Engine launched in 2007 and since then about ten million people have directly created a profile on profile engine and requested that we make it public and searchable in order it is easier for other people to find them.
2. Facebook made available about 420 million public profiles and contracted with us to provide a powerful search engine for Facebook (originally simply called “Advanced Search for Facebook” and later renamed “The Profile Engine”. We added these profiles from Facebook to the profile engine database with the full knowledge, approval and permission of Facebook. Facebook agreed to this because we provided them with powerful and innovative search engine features which are not available on Facebook itself.
The profiles which Facebook gave to profile engine were also given to various other search engines and market research organisations. They were also distributed to the general public and facebook even permitted millions of them to be downloaded and distributed as bit torrent files. This data is publicly available and widely distributed, not just on profile engine. If your profile incliudes friends or group memberships then it is one of the ones which Facebook made public.”
And then that document goes on saying that:
“The majority of the data on Profile Engine was collected between 2007 and 2010. Images were updated when possible until around the end of 2011. You should therefore not assume that information on Profile Engine is up to date, current or correct.”
So the lesson here is that Facebook allowed another company to index their public profiles (420 million at the time) and then let all that data available to be hosted by another company, in New Zealand (way out of the US jurisdiction) where enforcing a removal of all those profiles would become very difficult. Not only that, but Facebook did not take the proper legal action against ProfileEngine when their partnership was ended, in order to secure the private data of its members.
As a result, your profile may simply be there. It may contain people marked as friends that you no longer are associated with. Even worse it may contain relationship details (ex partners, ex spouses etc.) or even the details of people who are now diseased. ProfileEngine disclaim any responsibility, they state that since your profile settings were set to “Public” on Facebook, the time they had access to it, then they did not break any law and did not do anything wrong. ProfileEngine claims that once you ticked “Allow my profile to be indexed by search engines” on Facebook, that gave them the right to create mirrored profile of your Facebook account. Personally I do not believe that mirroring and indexing are the same thing. Wikipedia defines search engine indexing as : “The purpose of storing an index is to optimize speed and performance in finding relevant documents for a search query. ”
Ethics aside, I am sure there is some violation of privacy when they set a profile with your data without your knowledge, they lose the ability to update that profile, they do not set it to Private when you did on Facebook and certainly they do not remove it when you remove it from Facebook. Even worst, the process of claiming a profile did not provide any reassurances as to the security of the unclaimed profiles.
Data Privacy is a big deal. And like it or not, it will be even bigger a deal in the very near future. Identity theft is on the rise, and the internet allows for dissemination of stolen data around the planet within seconds. Most people do not realise it, but EVERY computer connected to the internet for more than a few minutes has been under attack. The attackers usually are kept our by our firewalls and antivirus software. But if you count these attacks, cyber stalking, online sex related crimes and identity theft, it is obvious that electronic crime in terms of occurrences exceeds any numbers of traditional crime. With police forces in the UK having backlogs of up to a year, and with more than 80% of their resources focused on crimes like child pornography, it is a no brainer that identity theft and online fraud are and will be (for the foreseeable future) the most unpunished forms of crime.
Vigilance and COMMON SENSE are the most important tools in your hands. Check Google for references to yourself, your family and your business. Keep track of important keywords, by placing an alert with free tools like Gmail. When you find something about yourself that you do not like, then simply contact that website and ask them to remove it. If they do not comply, then you can simply ask for some expert advice on how to go about it. Whatever happens, do not ignore it.
Notes and Sources:
- ProfileEngine help section : https://profileengine.deskpro.com/kb/articles/24-where-did-the-information-on-profile-engine-come-from-when-and-how
- The spelling mistakes on the quoted text are not corrected to maintain the integrity of the original document
- Giving permission for my profile to be created: https://profileengine.deskpro.com/kb/articles/25-i-don-t-think-i-gave-permission-for-my-profile-engine-profile-to-be-created