Logan T. Miles M.S.ISA, CISSP, HCISSP
Long Beach, CA

Logan is an Information Security Engineer based out of Long Beach.

The content and opinions displayed on this website are mine and mile alone. None of the content here is presented on behalf of any of my employers and the content seen here does not reflect the positions or opinions of anyone else.

Blog Information Security Privacy Technology

What’s In My Facebook Data?

on
August 16, 2020

In the spirit of my last blog post, I’m in the process of writing a guide on how to properly quit Facebook and try and replace the services it provides for you with other more privacy centric solutions, while at the same time not letting perfection be the enemy of doing any good. So to start, I wanted to download all my data first, The main thing I knew I wanted to ensure I had was a copy of my videos or stories, everything can be deleted without the bat of an eye. However, being curious to see the full extent of the text data. When I peeked inside, i immediately knew it required its own post.

How to Download your Facebook Data

1.)  Log in to Facebook on your computer and access Account Settings: click at the top right of any Facebook page and select Settings.

2) Click Your Facebook Information in the left-hand column.

3) Click Download Your Information.

When I was ready to download mine, Facebook automatically split up the downloads based on type. One for all photos and video, one for all the text and other history. The total size of my posts not including any media was almost 17 Gigabytes. Once I selected all the various pieces of information and clicked on Create File, it took about 12 hours to finally post, your time may vary.

Here, you can see all of the various types of information you can download below.

  • About Me: Information you added to the About section of your Timeline like relationships, work, education, where you live and more. It includes any updates or changes you made in the past and what is currently in the About section of your Timeline.
  • Account Status History: The dates when your account was reactivated, deactivated, disabled or deleted.
  • Active Sessions: All stored active sessions, including date, time, device, IP address, machine cookie and browser information.
  • Ads Clicked: Dates, times and titles of ads clicked (limited retention period).
  • Address: Your current address or any past addresses you had on your account.
  • Ad Topics: A list of topics that you may be targeted against based on your stated likes, interests and other data you put in your Timeline.
  • Alternate Name: Any alternate names you have on your account (ex: a maiden name or a nickname).
  • Apps: All of the apps you have added.
  • Birthday Visibility: How your birthday appears on your Timeline.
  • Check-Ins: The places you’ve checked into.
  • Currency: Your preferred currency on Facebook. If you use Facebook Payments, this will be used to display prices and charge your credit cards.
  • Current City: The city you added to the About section of your Timeline.
  • Date of Birth: The date you added to Birthday in the About section of your Timeline.
  • Education: Any information you added to Education field in the About section of your Timeline.
  • Emails: Email addresses added to your account (even those you may have removed).
  • Events: Events you’ve joined or been invited to.
  • Facial Recognition Data: A unique number based on a comparison of the photos you’re tagged in. We use this data to help others tag you in photos.
  • Family: Friends you’ve indicated are family members.
  • Favorite Quotes: Information you’ve added to the Favorite Quotes section of the About section of your Timeline.
  • Followers: A list of people who follow you.
  • Friend Requests: Pending sent and received friend requests.
  • Friends: A list of your friends.
  • Gender: The gender you added to the About section of your Timeline.
  • Groups: A list of groups you belong to on Facebook.
  • Hidden from News Feed: Any friends, apps or pages you’ve hidden from your News Feed.
  • Hometown: The place you added to hometown in the About section of your Timeline.
  • ID: A copy of the ID you submitted to confirm your identity and to help improve our automated systems for detecting fake IDs and related abuse.
  • Interactions: Actions you’ve taken on Facebook
  • Locale: The language you’ve selected to use Facebook in.
  • Location: Information related to your location (GPS coordinates, etc.)
  • Logins: IP address, date and time associated with logins to your Facebook account.
  • Logouts: IP address, date and time associated with logouts from your Facebook account.
  • Marketplace: Your activity on Marketplace, things you searched, things you bought.
  • Matched Contacts: Contact information that may be associated with your account.
  • Messages: Messages you’ve sent and received on Facebook. Note, if you’ve deleted a message it won’t be included in your download as it has been deleted from your account. (This includes nudes you have sent and people have sent you.)
  • Name: The name on your Facebook account.
  • Name Changes: Any changes you’ve made to the original name you used when you signed up for Facebook.
  • Networks: Networks (affiliations with schools or workplaces) that you belong to on Facebook.
  • Pages You Admin: A list of pages you admin.
  • Payment History: A history of payments you’ve made through Facebook
  • Pending Friend Requests: Pending sent and received friend requests.
  • Phone Numbers: Mobile phone numbers you’ve added to your account, including verified mobile numbers you’ve added for security purposes.
  • Photos: Photos you’ve uploaded to your account.
  • Photos Metadata: Any metadata that is transmitted with your uploaded photos.
  • Physical Tokens: Badges you’ve added to your account.
  • Places: A list of places you’ve created.
  • Pokes: A list of who’s poked you and who you’ve poked. Poke content from our mobile poke app is not included because it’s only available for a brief period of time. After the recipient has viewed the content it’s permanently deleted from our systems.
  • Political Views: Any information you added to Political Views in the About section of Timeline.
  • Posts by Others: Anything posted to your Timeline by someone else, like wall posts or links shared on your Timeline by friends.
  • Posts by You: Posts you’ve shared on Facebook, posts that are hidden from your timeline and polls you have created
  • Recent Activities: Actions you’ve taken and interactions you’ve recently had.
  • Recommendations: Information from your activity used to recommend posts and other content on Facebook. I.E. What Facebook thinks of you.
  • Registration Date: The date you joined Facebook.
  • Religious Views: The current information you added to Religious Views in the About section of your Timeline.
  • Removed Friends: People you’ve removed as friends.
  • Screen Names: The screen names you’ve added to your account, and the service they’re associated with. You can also see if they’re hidden or visible on your account.
  • Search History: A history of your searches on Facebook
  • Spoken Languages: The languages you added to Spoken Languages in the About section of your Timeline.
  • Status Updates: Any status updates you’ve posted.
  • Security and Login Information: A history of your logins, logouts, periods of time that you’ve been active on Facebook and the devices you use to access Facebook.
  • Work: Any current information you’ve added to Work in the About section of your Timeline.
  • Videos: Videos you’ve posted to your Timeline.
  • Voice Recording and Transcription: A history of your voice recording and transcription on Facebook

That…is…extensive. Now when I skim this list, the thoughts in my head are, “Well yeah…this makes sense…yeah that makes sense.” However, I honestly don’t believe we all are fully understanding the impact of what ALL of this actually is.

What’s in Mine?

I’ll be Paul Bettany in Master and Commander and cut myself open here for everyone to see. When it says it saves your search history, it means that anyone you’ve ever creeped on or searched in the top search bar will be saved here.

Searches

For example, a couple years ago I was booked in a comedy show in a Vape shop and I searched for the other comics that were also booked. Dakota Freeman and the late Big Liam were other comics booked on the show I searched, because at the time I hadn’t met them yet.

If you’re curious if those people you creeped on when you matched when them on tinder’s names are there, yeah, they’re probably there too.

Messages

I have stumbled upon angry long walls of text of conversations I regret having. Oh brother, there’s so much cringe at it all. Every single conversation I’ve had over Facebook is there, 780 in fact.

Look at them, this is like a crappier version of the ending of Raiders of The Lost Ark. What people don’t realize is that this data is shared among those in the threads which means that you’ve ever discussed any anything illegal with anyone over messenger, it’s still there. If you’ve ever sent nudes to someone, they probably still have them. If you ever gotten drunk and slid into my DMs around 10 years ago, yeah that’s in here. Don’t worry, by the time this blog is posted, that whole message folder with all those threads will be deleted. Frankly, I’m not interested in outing any closeted pastors. Facebook however, they will probably still have it stored somewhere on their servers.

We don’t realize the full extent of our data’s footprint when using these services. It’s understandable, we’re simple creatures and we often operate on an out of sight, out of mind basis, but if you haven’t operated appropriately and placed your bets that your privacy is protected on these services, you’re going to be disappointed.

It’s like this, but with Facebook.

Locations

Facebook records your location history, it tracks everything. For example, Facebook knows what gas station I used to pump gas in Winnemucca, Nevada in August of 2015 (40.965954, -117.742577). Facebook also knows where I drank Westvleteren 12 in Bruges, Belgium(51.210825, 3.222831). Facebook knows where I puked for the first time after drinking too much beer after attending a Ghost concert in Pittsburgh in 2013(40.428713, -79.974572). It knows practically every single concert I attended or restaurant I ate at, campfire I camped at, place I’ve slept. Facebook even knows about all the places I have been to in South America, they had 3G when I was there. It even knows where I wrecked my Harley in El Sobrante, California at 2am.

I’m trying to figure out why I was so comfortable with this to begin with. I don’t know exactly, but maybe it’s an underestimation of what that full location data entails when we step into the service. The human mind is not good with large collections of sets, at least mind is, we gloss over things, simplify things for our consumption. Maybe we simplify the weight of the data to be a few locations we visit, but not fully think through what everything, every single thing truly means.

Groups, Posts, and Notes

Every comment you’ve ever made in a private group is there. Here’s an example of 2 comments I made to a friend in a Pentecostal theology group in 2013 and wow, 2008 Facebook was lit.

Remember those stupid 25 things status forwards on myspace? I remember doing one on Facebook and here it is. Ahh the good ol’ days, when I thought Obama was the Antichrist. And my god, my abrasiveness to the user is just years of high school of tech support built up in me.

I know what you’re thinking, Logan, why the hell would you post something that’s that embarrassing about yourself? I did it to highlight something in my next point.

Information Used For Recommendations

Facebook has to summarize you into a profile. This is the main profile used to show what Facebook feels is relevant to you. What relevant is defined as is the main variable here, but most social media are driven by engagement, so it’s no stretch of the imagination to assume the following topics are information that will statistically cause me to respond than not.

Newsfeed :

Motorcycles, Sport Utility Vehicles (SUVs), Video Games, Comedy, Aquatic Animals, Desserts & Sweets, Recipes & Tips, Painting, Football (American), Stand Up Comedy, Restaurants & Dining, Environmental Science, NCAA College Football, Rock Music, Documentaries, Metal Music, Shooting Video Games, Ice Cream, Cars & TrucksCar Racing, Motorsports, Dogs, Baseball, Alcohol & Cocktails, Horticulture & Gardening, Sculpture, Bugs & Worms, Fantasy TV & Movies, Animation, Horror TV & Movies, NFL, Reptiles, Snakes, Twitter, Advanced Micro Devices, Pittsburgh Steelers, Jussie Smollett, Star Wars, Game of Thrones, HBO, Ryan Shazier, Intel

New Topics Recommendations:

Donald Trump, Joe Biden, Stand Up Comedy, Kanye West, Religious Studies & Theology, Beer, Intel, Advanced Micro Devices, Music Videos, Cakes, Game of Thrones, NVIDIA, Jussie Smollett, Airlines, Bernie Sanders, Craft Beer, Beef, Police & Military Dogs, Apple, Cell Phones & Accessories, Chocolate

Facebook’s reasoning is “The topics are based on your previous interaction history with things like links, videos, photos and Pages you’ve liked.” And that’s part of the shocking thing. Some of these topics such as Jussie Smollet, Bugs & Worms, Ryan Shazier, The Steelers, and even snakes don’t feel as if they’re accurate, or more appropriately things I’m interested in. I hate snakes and the Steelers, but Jussie Smollet is a real headscratcher, because I don’t remember even discussing that situation with anyone, but I did follow it when I saw an update in the news. Remember, this list isn’t supposed to be things I’m interested in, but things Facebook knows I would click on.

And this is where we need to understand something that is so central to Facebook, how these recommendations are designed and engineered. My opinion on the Jussie Smollet isn’t that extreme, in fact, it was a story that was so pumped full of politization that I would prefer to hear less about it. That’s why it’s so striking to me that Facebook thinks I want to hear more. Thinking back, I really didn’t get invested into the story until the charges were dropped and the whole situation got crazier. I remember my dissatisfaction in it, but still, at the time there were so many other issues that I felt were more important, that I remember getting exasperated by it. There’s enough eyes on it that they’ll get to the bottom of it, I don’t understand why it was so popular. It makes sense now that it was in the algorithm, but think about it.

What if, some of these recommendations that Facebook thinks you want to see because you’ve reacted to them, actually make you angrier? A reaction isn’t inherently a good thing. Treating them all as such could easily lead to a feedback loop of the specific things that continue to anger or radicalize the user. If that anger increases the depth of the reactions, then it would pour more and more priority into those subjects. Driving people further right and further left. If that is the case then Facebook is a multifaceted radicalization machine, a chaos bomb thrown right into the center of societies, continuously pouring gasoline over everything. Facebook might just be the most effective polarization and radicalization tool ever created.

This leads me into another troubling issue, that Facebook and other companies in this age have a “profile” on me, and regardless of the accuracy(it’s absolutely more engaging than I want to admit), it makes me think about how much these profiles are tied to us and how easy our behavior can change it or if we are always in this box of Facebook’s time stamped definition of us that then alters what we see based on it. At that point, if our newsfeed is being manipulated based on how we react to a feed that’s already being manipulated, it’s already a snowball rolling downhill in the direction wherever Facebook wants.

All the Data is There, Ripe to be Used.

What happens when the police gets involved with your activity? For example, a New Jersey police department is pursued cyber harassment charges against five people who tweeted and retweeted a protest photo that was inquiring about a cops identity since allegedly this police officer was hiding their face with a mask and physically violent with protesters. A couple people retweeted the now deleted tweet and they were charged as well. Imagine that, a felony for a retweet.

Eventually the charges were dropped, but only after prosecutors realized that they didn’t have a case. That is far too long, that shouldn’t allow us to be comfortable and assume that no harm was done. We shouldn’t allow the normalization of police officers arresting protesters, roughing them up and let them go when the constitution comes knocking. That should give us serious pause that it was allowed to go that far. Police departments around the country are exploiting that legal lag time in order to intimidate protestors from voicing their First Amendment rights.

Reminder, being a U.S. based corporation, Facebook is subject to National Security Letters (NSLs) with accompanying gag orders which forbid them from talking about the request. This combination allows the government to secretly force companies to grant complete access to customer data and transform the service into a tool of mass surveillance. From July to December 2019, Facebook received 140,000 requests from law enforcement and 74.4% of those requests produced data.

What happens when other digital flags or markers are treated similarly similar to how the police in New Jersey those retweets? There’s nothing to stop law enforcement from querying the list of people who responded to a BLM protest or have “liked” the city’s BLM chapter. The FBI is treaking the Blueleaks organization as a cirminal hacker group despite the group insisting they aren’t involved with any hacking. Foreign governments have done the FBI’s bidding and taken servers offline, how long until the FBI treats Facebook likes and an equivalent?

That sounds insane for me to type out, but I also think it’s insane at the amount of beatings at the hands of police I’ve seen in recent months, so this sort of authoritarian creep should stop surprising us. Facebook is becoming the CVS receipt for our entire digital lives that we don’t realize is documenting every thing we do. That receipt can come to define us and we may not even have the ability to escape its definition of us. It’s like a palantír, the seeing stones from Lord of the Rings. There are amazing things we can see and connect with, but just like Gandalf says, “We do not know who else may be watching” which is partly true, because we can say we at least know enough.

Also, I totally get that I am this guy now.

TAGS
RELATED POSTS