Congress Grills Facebook CEO Over 'Shadow Profiles'

(Image credit: C-SPAN)

In the second Congressional hearing on Facebook’s data practices, several House representatives brought up the issue of Facebook tracking users even when they log out or when they don’t even have accounts. The company has long been accused of creating these "shadow profiles."

Facebook’s Long History With Shadow Profiles

Facebook introduced the "Like" button for web pages in 2010. Months later, a Dutch security researcher discovered that the button was sending data about the pages you were visiting to Facebook, even if you never clicked on it. Facebook said that what the researcher found was a bug and promised to fix it.

When the Wall Street Journal found that Facebook’s Like button was still collecting data in May, 2011, Facebook reiterated that the Like button is not used nor intended to be used for tracking. Later that year, Facebook began auto-sharing what people were reading with their friends. At first, people thought that simply logging out of Facebook would stop this sort of tracking, but others soon discovered that it actually didn’t work. Facebook promised to fix the issue so that users are no longer tracked when they log out of their accounts. The company also added that it doesn’t track users or target ads at them via the Like button, and that it deletes or anonymized the data after 90 days of using it.

In 2014, Facebook announced that it will use the Like button and other widgets to track users and to create more targeted ads against that data.

In 2015, Facebook was threatened with a 250,000 euro per day fine unless it stopped this sort of tracking against internet users who didn’t even have Facebook accounts. The company claimed it was using Like button tracking for security reasons, in order to stop fake accounts and botnets. The company had initially won the lawsuit based on a jurisdiction issue.

However, as the jurisdiction issue clarified in the following years, a Belgium district court eventually ruled that Facebook must end its shadow tracking, delete all the shadow profiles it had illegally created over the years, and comply with EU privacy laws. Otherwise, the company would have to pay a fine of 250,000 euro a day until it made those changes.

Congress Confronts Zuckerberg Over Shadow Profiles

Today, in the second hearing Congress has done on Facebook’s data policies and the recent Cambridge Analytica scandal, Congressman Ben Luján from New Mexico asked Zuckerberg about shadow profiles. However, he claimed he was not aware of that term. After explaining it, Luján confronted Zuckerberg about his statement that all users control their data when internet users whose data has been collected by Facebook through shadow tracking in fact have few ways to do so.

Zuckerberg said that non-Facebook users can only opt out of ad tracking. However, considering he also said that the company tracks all users who visit pages with Facebook widgets on them for security purposes, that means not all tracking will stop. Luján then pressed him on how many data points the company collects on both users and non-users, but Zuckerberg said he doesn't know.

In an earlier discussion with another Congressman, Zuckerberg also said that users can download or delete all the data they’ve ever posted or that has been created through their own interactions with the Facebook. However, he also implied that the data Facebook may have collected about individuals through other means may not be deleted.

Although Facebook may be forced to stop using tracking non-users in the European Union, that may not be the case in the U.S. and elsewhere, even if the company has promised to bring GDPR privacy controls to everyone.

The only way the company may stop its shadow tracking in the U.S. is either if the FTC’s new investigation concludes that this behavior is illegal, or if new regulation requiring consent for all use of consumer data would ban the company from doing it without explicit user permission.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • therickmu25
    I completely understand the person that wants to use Facebook to watch news or events and avoids sharing person data, to not want Facebook tracking their likes offline. But I would argue this person is in the minority for a service designed to share your data with other people.
    For the millions of people that post hundreds of pictures of their kids, their names, the location the picture is taken, restaurants they're going to, gyms they attend, games the play; It's kind of laughable that they're outraged when all of a sudden Facebook knows that you like to buy Hagen Daz.
  • 0deafmute0
    I believe you misread the article THERICKMU25
  • 0deafmute0
    Considering they are collecting data on children who have no accounts, without parental consent; it may very well be found illegal.
  • GT von
    Facebook should be shut down on principal alone not to mention the info theft it perpetuates.
  • epdm2be
    Why is everybody picking on facebook?

    Why did suddenly everybody forget the real perpetrator, Cambridge Analytica? Why is the CEO/board of this firm not being questioned and/or in jail?

    Also from the various news- and media sites it was my understanding that some "professor" took/bought this data from facebook and then later sold/gave to Cambridge Analytica? The same question here, why is this M?I?5?-?a?g?e?n?t? professor not being questioned about supplying personal data to ?M?I?6? Cambridge Analytica?
  • epdm2be
    I'll correct that for you: " The CEO/board of Cambridge Analytica should be shut down on principal alone not to mention the info theft it perpetuates."
  • 10tacle
    20880454 said:
    Why is everybody picking on facebook? Why did suddenly everybody forget the real perpetrator, Cambridge Analytica? Why is the CEO/board of this firm not being questioned and/or in jail?

    Nice deflection but what does that have to do with the price of apples in Japan? The CEO has already stepped down and more are going to as well. They did nothing actually illegal which I'll explain below. Cambridge Analytica ASKED for user consent of users in cooperation with Facebook. Facebook in turn "quietly" allowed CA to read PMs (and only God knows what else). FB let them in the back door. They were co-conspirators. Why pick on Facebook? Please, read on:

    On the other hand, Facebook operatives themselves have been exposed, as posted above, for attempting to datamine people who don't even HAVE Facebook accounts INCLUDING CHILDREN. Second, maybe you missed the other memo too, but Facebook was caught trying to obtain MEDICAL RECORDS of users WITHOUT consent. That is a Constitutional VIOLATION of privacy rights and illegal in most US states. I assume same in Canada and EU nations as well who themselves are suing FB as I type this.

    And so far this week, Zuckerberg has told Congress 42 times in an answer that "I'll get back to you on that" on testimony questions he could not answer there on the spot. Why pick on Facebook? The head can't even answer basic business related questions any CEO should at least give a ball park answer to like "How many companies have a Facebook page?" It's apologists for FB like you who are continuing to embolden their power and tyranny against privacy rights and now stepping out of law bounds. When is enough ENOUGH???
  • alextheblue
    Not a fan of FB but I wonder if they'll slap this "non-user tracking" (I think the term non-member would be more accurate) fine on Google too. If not, it's definitely cherry picking.

    My biggest issue with the big social media networks is their de facto censorship. Their "selective filtering" of user content ends up crushing free speech, and there's not a lot of alternatives. When grilled even Zucc could only point to dissimilar services and not a true viable FB competitor.
  • canadianvice
    If you're on FB... you signed away your privacy, and it's in plain text. No pity there.

    However, the shadow profile thing is patently wrong and almost certainly illegal. That's gotta stop - you can't co-opt people into your product who never willingly entered a relationship with you.

    Not only is it against privacy, but it's anti-capitalistic as well - the whole premise of capitalism is the free association of individuals.
  • The Reebo
    So FB tracks anyone who uses pages that have FB like buttons on them (presumably any page that has a "login using FB button" as well, even if they are not FB users.

    So what?

    Does anyone really think that the other players in that icon row (twitter, Instgram, etc. etc.) are not doing the same thing?

    Do you think that the incredibly massive number of pages that have Google analytics embedded in them are not collecting data as well?

    Why is FB the demon all of a sudden? You can hate FB for whatever you personal reason, but lets not pretend that they are doing something unique or evil here. They are doing what any significant web presence company is doing. It's not illegal, it's not even immoral. It's how they pay their bills for the free services they offer.

    If you want to change things, stop picking on one kid you don't like and calling him names, and instead start pressing your representatives for better privacy legislation.