Shadow profile

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Shadow profile describes the situation when users' or non-users' information is collected without their consent.[1] The most discussed case of shadow profiling is on Facebook, which is reported to collect information on people which they did not provide.[2]

Shadow profile's history[edit]

Early in 2012,[3] a data breach of over six million Facebook users' personal information indicated the existence of shadow profiles, since the leaked information was not provided by users themselves. After this, Facebook started to combine user's shadow profiles with their public profiles. The combined profiles were then further shared with the users' friends if they used Facebook's Download Your Information (DYI) tool.

Shadow profile and major firms[edit]

Shadow profile and Facebook[edit]

Instead of asking for consent from its users, Facebook has been collecting their personal information for years without consent. Specific information that Facebook obtained without users' permission includes but is not limited to offsite email address and phone numbers, which Facebook then use them to match accounts.

Once the incident breaks out, there was an increasing number of people who became outraged due to privacy concerns.[4] According to comments on Facebook blogs and some other community websites such as Hacker News, we see that some people were surprised or even angry when they found out Facebook owned information that they never gave. Users were also wondering why would Facebook own their private information.

According to Facebook, it states users should be aware of the data collection [1], but there was no specific feedback for matching people's information. The Chief Executive Officer of Facebook, Mark Zuckerberg, has even claimed his ignorance of shadow profiles. Based on Facebook's responses to ZDNet, a business technology news website, it states that it would take "precise and coincidental timing" for a malicious person to use the DIY tool with intent and obtain Facebook's combined (shadow profile) data on a targeted user.

Shadow profile and Google[edit]

While Google's mission is to provide worldwide information and make it accessible to all the people, it has been collecting data which exceeds users' comprehension.[5] It is promised under Google's terms such that it will not disclose the full extent of users' information that they collect. Nevertheless, according to an Android smartphone's result it shows that Google has been keeping shadow profiles from the users. One of the instances is that, Google's "My Activity" page omits much of the data that Google collects and only shows certain history; the omitted data, in this case, would be users' shadow profile.

Shadow profile's influence[edit]

Positive influences[edit]

The influences brought by shadow profile can be perceived from a two-sided perspective: positive and negative. Benefits brought by shadow profile related behaviors include a more efficient way of data collection and anomaly behaviors detection.[6] Some other researches show that integrated conceptualizations of Internet Privacy Concerns (IPC) have several implications: the third-order factor of IPC can differentiate the relation between IPC and other constructions and allows both website users and managers to analyze the importance of various privacy contexts.[7]

Negative influences[edit]

Possible harms to users from privacy and information leakage include collection of sensitive data like financial account numbers, health information and precise geolocation.[8] In the 21st century, the workplace is one of the most quintessential social establishments where employees perform in a given and defined condition and there starts to emerge a blurred line between workspace and personal space. Even when people knowingly share their thoughts online through comments or likes, their traces can affect real live events such as recruiting decisions due to the surveillance conducted by employers.[9]

Possible privacy issue factors[edit]

Some argue that users are aware of the possible privacy invasion, the potential benefits and risks while utilizing social media. However, researches show that users upload a large amount of personal information into online space. Some researchers describe this phenomenon as users' lax attitude, and possible explanations for this behaviors are a combination of high gratification, usage patterns, and a psychological mechanism similar to third-person effect.[10] Users themselves are sometimes found as the reason of information leakage. To generate more customized results, sometimes users are willing to share their information with Internet of Things (IoTs) for their own convenience.[8] Other circumstances that users would share their information is when they feel anxious, concerned, or being able to protect themselves from privacy invasion, the more likely they will conduct privacy protection behavior. In other words, when users feel no control over privacy invasion, they are less likely to protect their information.[11]

There are also researchers argue that there is a correlation between information leakage and companies' cooperation with third-parties. Online platforms would need to find a balance between the monetization with third-parties and managing users' private information, and a study shows that higher privacy concerns from users would drive up publisher websites’ decision making and third party market structures, such that higher privacy concerns lead to higher industry concentration.[12] Even more, different situations and environmental factors while conducting online behaviors are highly likely to influence people's behaviors, and may lead to rational/irrational decision makings.[13]

In terms of protection from the officials, by drawing reference to case law on Article 8 of the European Convention on Human Rights, some researchers conclude that the current law cannot adequately address the issue of privacy nor provide protection for open source.[14]

Possible privacy issue solutions[edit]

To address the issue of leaking personal information there exist multiple facets. One category of the solution suggests focus on users. One of the argued solutions points out the inefficiency of privacy terms that companies use to ask for users' consent, such that they are sometimes too lengthy (Facebook's privacy terms has 9,500 words),[15] involved with professional vocabularies that only few would fully understand or the users do not understand who are the other parties they are granting their information to.[16] As a result, one of the solutions is to advance the privacy terms by making them easy to read and understand.

In addition, the conversation among users is another factor that leads to information leakage such that people share their information with each other but they become incapable of controlling over the spread of that information afterwards.[17] Thus some argue that instead of focusing on what companies can do to provide a clearer picture of the possible information access, users themselves should be the primary target of controlling over their personal information online and this would work as an efficient way to ease both companies' and consumers' concerns with data collection.[16] Another proposed argument also emphasizes the focus on users, which claims that by making users fully aware of what they are doing online and the logistics behind online behaviors, they will put more trust into the virtual world and would take care of their personal information even more.[18]

Instead of merely focusing on users, some other suggest the interdependent relationship between users and online platforms or companies, and the social contract between them: while companies collect personal data and feedback from users, users would be benefited from the modified functional improvements. As a result, as companies are not merely the side notifying users about the privacy norms but being a contractor responsible for maintaining a mutually beneficial relationship with users, the privacy tension is eased.[19]

See also[edit]


  1. ^ Garcia, David (August 2017). "Leaking privacy and shadow profiles in online social networks". Science Advances. 3 (8): e1701172. Bibcode:2017SciA....3E1172G. doi:10.1126/sciadv.1701172. ISSN 2375-2548. PMC 5544396. PMID 28798961.
  2. ^ Debatin, Bernhard; Lovejoy, Jennette P.; Horn, Ann-Kathrin; Hughes, Brittany N. (October 2009). "Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences". Journal of Computer-Mediated Communication. 15 (1): 83–108. doi:10.1111/j.1083-6101.2009.01494.x. ISSN 1083-6101.
  3. ^ "The data Facebook collects without permission". Retrieved 2020-11-12.
  4. ^ Wottrich, Verena M.; Reijmersdal, Eva A.; Smit, Edith G. (September 2019). "App Users Unwittingly in the Spotlight: A Model of Privacy Protection in Mobile Apps". Journal of Consumer Affairs. 53 (3): 1056–1083. doi:10.1111/joca.12218. ISSN 0022-0078.
  5. ^ "Google's Shadow Profile: A Dossier of Consumers Online and Real World Life" (PDF). February 2019. {{cite journal}}: Cite journal requires |journal= (help)
  6. ^ Hirano, Manabu; Tsuzuki, Natsuki; Ikeda, Seishiro; Kobayashi, Ryotaro (December 2018). "LogDrive: a proactive data collection and analysis framework for time-traveling forensic investigation in IaaS cloud environments". Journal of Cloud Computing. 7 (1): 18. doi:10.1186/s13677-018-0119-2. ISSN 2192-113X.
  7. ^ Hong, Weiyin; Thong, James Y. L. (2013). "Internet Privacy Concerns: An Integrated Conceptualization and Four Empirical Studies". MIS Quarterly. 37 (1): 275–298. doi:10.25300/MISQ/2013/37.1.12. ISSN 0276-7783. JSTOR 43825946.
  8. ^ a b Kirtley, Jane (October 2018). "Too Smart for Its Own Good: Addressing the Privacy and Security Challenges of the Internet of Things". Journal of Internet Law. 22: 1–33.
  9. ^ "Page Cannot be Found". SSRN 2004438. Retrieved 2020-12-06.
  10. ^ Debatin, Bernhard; Lovejoy, Jennette P.; Horn, Ann-Kathrin; Hughes, Brittany N. (2009-10-01). "Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences". Journal of Computer-Mediated Communication. 15 (1): 83–108. doi:10.1111/j.1083-6101.2009.01494.x.
  11. ^ Wottrich, Verena M.; Reijmersdal, Eva A. van; Smit, Edith G. (2019). "App Users Unwittingly in the Spotlight: A Model of Privacy Protection in Mobile Apps". Journal of Consumer Affairs. 53 (3): 1056–1083. doi:10.1111/joca.12218. ISSN 1745-6606.
  12. ^ University of Connecticut; Gopal, Ram D.; Hidaji, Hooman; University of Calgary; Patterson, Raymond A.; University of Calgary; Rolland, Erik; California State Polytechnic University; Zhdanov, Dmitry; Georgia State University (2018-01-01). "How Much to Share with Third Parties? User Privacy Concerns and Website Dilemmas". MIS Quarterly. 42 (1): 143–164. doi:10.25300/MISQ/2018/13839.
  13. ^ Barth, Susanne; De Jong, Menno D.T. (2017-11-01). "The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior – A systematic literature review". Telematics and Informatics. 34 (7): 1038–1058. doi:10.1016/j.tele.2017.04.013. ISSN 0736-5853.
  14. ^ Edwards, Lilian; Urquhart, Lachlan (2015-12-11). "Privacy in Public Spaces: What Expectations of Privacy Do We Have in Social Media Intelligence?". Rochester, NY. SSRN 2702426. {{cite journal}}: Cite journal requires |journal= (help)
  15. ^ Custers, Bart (2014). "Privacy Expectations of Social Media Users: The Role of Informed Consent in Privacy Policies" (PDF). Leiden University, ELaw – Centre for Law in the Information Society. 3: 268–295.
  16. ^ a b Norberg, Patricia (2007). "The privacy paradox: personal information disclosure intentions versus behaviors". Journal of Consumer Affairs. 41: 100–26. doi:10.1111/j.1745-6606.2006.00070.x.
  17. ^ Trepte, Sabine (2020-05-07). "The Social Media Privacy Model: Privacy and Communication in the Light of Social Media Affordances". Communication Theory: qtz035. doi:10.1093/ct/qtz035. ISSN 1050-3293.
  18. ^ Dinev, Tamara; Hart, Paul (2005). "Internet Privacy Concerns and Social Awareness as Determinants of Intention to Transact". International Journal of Electronic Commerce. 10 (2): 7–29. doi:10.2753/JEC1086-4415100201. ISSN 1086-4415. JSTOR 27751182. S2CID 45443569.
  19. ^ Martin, Kirsten (2016). "Understanding Privacy Online: Development of a Social Contract Approach to Privacy". Journal of Business Ethics. 137 (3): 551–569. doi:10.1007/s10551-015-2565-9. ISSN 0167-4544. JSTOR 24755765. S2CID 145609867.