How to Review Your Amassing Facebook Data
12th September, 2018 | Cyberprivacy | Entropic
In our previous article we reviewed the current options available for boosting your Facebook sign-in security.
In this article, we'll show you how to download and interpret the data that Facebook accumulates about you, with a focus on identifying the more important elements of your personal information.
The use of a centralized storage approach - holistic elements of your personal information that are stored and replicated across the globe, continues to be the single most significant vulnerability of Facebook.
This approach to information storage makes Facebook data centers very high value targets which are subject to a constant barrage of attempted infiltrations from nation states, cybercriminals, or seemingly legitimate entities, such as Cambridge Analytica that find ways to circumvent legal and technical loopholes, to glean and leverage your personal information.
If you have opted not to #DeleteFacebook, then at the very least you should regularly review the information that is accumulating about you in Facebook data centers across the globe. You can do this using the Download Your Information feature that Facebook provides in Settings.
This is important for several reasons, including:
- Over time, it helps you to better understand what pieces of information about you are accumulating in Facebook's data centers.
- Helping you to identify, remove, and even prevent the collection of specific items of information that you don't need or want to be collected, analyzed and shared.
- Helping you to understand what third party apps and web sites might be accessing your personal information.
- Helping you to verify whether specific information is still being collected about you, after you have instructed Facebook to stop collecting it. This is especially applicable in cases when Facebook might change the layout of their user interface, relocating options that you were previously familiar with.
In the event of a data breach or unintended data loss, the less information that you have left accumulated in Facebook, the better off you will be.
Facebook Information Categories
Please note that the classifications discussed below are generalized and are based on a review of data accumulated on several different Facebook accounts that have existed for a period of 3-5 years. We consider how sensitive this accumulated data might be in the event of a data breach or unintended data loss, where the lost information could be correlated against other information sources, such as stolen DNA data. Each of us has our individual perception of privacy, which varies based on factors such our culture, upbringing, experiences, lifestyle, and personal beliefs.
Accessing and Reviewing Your Facebook Information
Now we'll go into details about how to download and review your Facebook information.
Important - Before We Start
- The file you are about to download will likely contain way more information than you expected.
- We're about to download an unencrypted zip file containing all of your personal information from Facebook to be stored on your notebook or PC. Due to this, please take the following security precautions:
- Secure Your Network - Make sure you are connected to a trusted network. Preferably a non-public WiFi network, such as your secured home network.
- Secure Your Notebook/PC - Make sure that your notebook/PC is virus/malware free. Run a full virus scan and clean beforehand, or preferably rebuild your system entirely if you suspect that any malicious software is running.
If you cannot be sure of the above, please do not proceed!
- When you are done with reviewing your Facebook information, it's really important to clean up this information, so it is not left lying around for someone, or something else to pick up. This includes deleting the downloaded zip file, the folder you extracted it to, and finally emptying the trash to prevent it from being recovered.
- Though Instagram and WhatsApp are also part of Facebook, the process to view and manage the information amassed by these services is entirely different and is not covered by the Facebook "Download Your Information" feature. Viewing and deleting your accumulated information on these services can be done using their respective web sites/apps.
How to Download Your Facebook Information
- Firstly, you'll need a desktop PC or Notebook. This can also be done on a mobile device if you want using slightly different steps. The examples below are based on using a Mac.
- Go to Facebook, and sign in.
- Select "Settings", then select "Your Facebook Information" from the options on the right.
- Select "Download Your Information", then under "New File", select "All of My Data".
- Select "HTML" format, and select the "Create File" button.
- After a few minutes you will receive a notification that Facebook has prepared your information, and that it's ready to download.
- Once you receive the notification, select the "Download" button to download your Facebook information to your notebook/PC.
How to View Your Facebook Information
- Once the download has completed, open or extract the downloaded zip file, which will be named something like "facebook-yourname1234.zip".
- You will see a folder containing a subfolder for the different types of information being accumulated by Facebook. You can open the main index (index.html) in the root folder to view the available categories of data, or just load the html file from each folder directly. We'll do the latter.
- Much of the information listed here is self explanatory, or you will be able to recognize it from regularly using Facebook. Lets review some sections prioritized by importance. Please note that this list is not exhaustive.
How to Interpret Your Facebook Information
Information with High Sensitivity
MESSAGES
- This most important folder is a log of conversations between you and every person you have ever talked with on Facebook.
- In this folder there will be a separate folder for every person, along with the photos that were included in that conversation. A summary view of all of these conversations is in your_messages.html.
PROFILE INFORMATION
- Your personal information, including name, date of birth, work, education, places you have lived, etc...
- Historical details related to updating your profile information.
ABOUT YOU
- The information included here might include your address book, for instance from your phone, which you might have opted to share with Facebook.
POSTS
- Posts, videos, text and status updates you have shared on Facebook.
COMMENTS
- Comments you have posted on any Facebook posts.
- Comments other people have shared on your timeline.
LIKES AND REACTIONS
- Pages you've liked or reacted to.
- Likes you have made from external sites that you signed into using Facebook.
- Posts and comments you've liked, or reacted to.
CALLS AND MESSAGES
- Basic details about Calls and Messages that have historically been made via Facebook Messenger, and possibly other dialer/messaging apps that allow you to sign-in with Facebook.
- This can include details such as the name and number of the caller/person called, whether the call was outgoing/incoming, date/time, and call duration.
PHOTOS AND VIDEOS
- A historical record of photos and videos uploaded to Facebook. Summary is in your_photos.html.
YOUR SEARCH HISTORY
- The history of all of your searches on Facebook.
LOCATION HISTORY
- A series of GPS co-ordinates representing your precise physical location history, as tracked by the Facebook App over time.
YOUR PLACES
- A list of physical locations that you have defined as Facebook Places, that people can check in to on Facebook.
SECURITY AND LOGIN INFORMATION
- Used IP Addresses
- This is a simple display of every IP address that has been used historically to signed into Facebook.
- If you see an IP address that you don't recognize, you can use an IP address lookup service to determine the approximate origin of the IP, such as the city/state/country from which the sign-in occurred.
- Login Protection Data
- Information used by Facebook to monitor and secure your sign-in to Facebook, including the IP addresses you use to sign-in, the approximate GPS location deduced from that IP address, and Cookie related information.
- Note the "Estimated Location inferred from IP" section which shows the approximate GPS co-ordinates based on the IP address.
- You can copy/paste these GPS co-ordinates into any maps app to reveal how accurately Facebook is are able to pinpoint your location, even when your location sharing is disabled.
- Alternatively, you can use an IP address lookup service to determine the approximate origin of the IP.
- Where You're Logged In
- Periods of time you've been actively signed into Facebook, along with information about the device that you used at the time.
- In cases where you have signed into Facebook with the mobile App, additional information, such as your cellular provider, and the exact model of your smartphone are included in the collected information
- Account Activity
- A record of account activity on Facebook, including Sign-ins, Sign-outs, Automatic Sign-ins, Forced Sign-outs, Third Party App API Sign-ins and Sign-outs.
- This is a good way to understand what other people or apps might be accessing your Facebook account, and when.
Information with Moderate Sensitivity
FRIENDS
- Details about people you are currently connected to, have sent friend requests to, have connected with, have rejected, or removed.
GROUPS
- Details about Facebook Groups you have joined/unjoined.
- Details about your Activity on these groups.
FOLLOWING AND FOLLOWERS
- A list of people, organizations, or businesses that you choose to see content or posts from.
- A list of Facebook pages that you follow/unfollow.
APPS AND WEBSITES
- A list of third party apps and websites that you have signed into using your Facebook username and password.
- This is a good way to understand what other people or apps might be accessing your Facebook account, and when.
PAGES
- Facebook pages that you own or are the administrator of.
EVENTS
- Information about events that you have received and how you responded to them.
SAVED ITEMS
- A list of Facebook links, videos, places, and more that you have saved for possible sharing at a later time.
ADS
- Information about your topics of interest, gleaned from how you interact with Facebook.
- A list of advertisers that are in possession of your contact information.
- Information about Ads you have interacted with.
- Information you directly submitted to advertisers using a form they provided on Facebook.
Information with Low Sensitivity
MARKETPLACE
- Items you've purchased on Facebook Marketplace.
- A record of messages you have sent to businesses on Facebook Marketplace.
SECURITY AND LOGIN INFORMATION
- Logins & Logouts
- A basic historical log of logins/logouts on Facebook.
- Administrative Records
- A record of administrative changes to your Facebook account, such as password updates, and updates to contact details.
OTHER ACTIVITY
- Other activity associated with your Facebook account, such as Pokes given and received.
PAYMENT HISTORY
- A record of payments you have made using Facebook.
Removing Specific Items of Information
After reviewing your downloaded information, you might ask "How do I prevent collection of all or part of this information?". Under the Your Facebook Information in "Settings", select the "Manage Your Information" option.
This section is less user friendly, leading you down the path of seemingly arbitrary help links that may, or may not actually help you to prevent collection, or delete specific items of information. In short, you'll need patience to navigate this area - Facebook has not made this as user friendly as it could be. This also means it's worthy of future discussion in detail, in terms of how to get things done.
Removing Your Entire Account
The option to Delete Your Account and Information is a lot more user friendly than the "Manage Your Information" option, and allows you to permanently delete your personal information from Facebook data centers, and close your account.
Unfortunately, permanently doesn't imply immediate. You'll have to wait 14 days for this to happen, and will have to somehow resist the urge to re-activate your account during this time :) Following this period, Facebook requires an additional 76 days (90 days in total) to permanently delete all of your personal information from their data centers.
Conclusion
As a final reminder, once you have finished reviewing your Facebook information, don't forget to delete the Facebook zip data file that you downloaded and empty your trash, as previously discussed.
In a future article, we'll discuss new technologies related to deterring the distribution of personal information, including photographs and images. Blockchain technologies are already being developed that will help identify the original authors or owners of specific works of digital art, as discussed in this article by Bennett Garner, originally posted on CoinCentral.com.
If you have any feedback, questions, or suggestions, please let us know.
Acknowledgements:
Photo by Christopher Alvarenga on Unsplash