Privacy is Dead

Mysterious Website Shows Your Facebook Privacy Settings Aren’t So Airtight After All

"WE KNOW EVERYTHING ABOUT YOU"
Thought your stuff was private? Think again. (Wikimedia Commons)

Thought your stuff was private? Think again. (Wikimedia Commons)

My Facebook has been semi-private for quite a while, but just last week, I locked it up as tightly as possible. I figured I had made all my personal information totally inaccessible to outsiders — but a scary new website proved I was completely wrong.

With my new privacy settings, people who aren’t my friends see a nearly empty profile, consisting of only a profile picture, a cover photo, where I work and my friends list (only because I couldn’t figure out how to hide it). No one — as far as I knew — was able to see any photos, check-ins or any of those embarrassing “likes” from years ago. Nothing.

So, I wasn’t worried when I stumbled across DigitalShadow.com, a website that, with permission to access your public Facebook profile, uses algorithms to return a full report on your life. The site is a marketing stunt for a new Ubisoft game called “Watch Dogs,” and it provides information as if the user is a target of a hacker or assassin.

Curious to see if the site would be able to retrieve my private information, I decided to check it out. I immediately saw the words “You are not an individual. You are a data cluster” sprawled across the homepage.

After entering the site and watching the “loading target” meter go from zero to 100 percent, pixelated images of my life started to appear on the screen.

The report began:

“WE KNOW WHO YOU ARE

Lazzaro, Sage

You can be identified with 96.5% accuracy”

Below were photos others posted of me, dating back as far as high school (eww).

A section called “WE KNOW WHO YOU CARE ABOUT” came next, along with photos of six of my friends. It was shockingly and eerily accurate, depicting images of my six real-life best friends.

Next, the report listed my “stalkers” who monitor my activity; “liabilities” who tag me frequently and expose my data; “obsessions” who don’t reciprocate my interactions; and “scapegoats” with whom I rarely interact.

“WE KNOW WHAT MAKES YOU TICK” was the next section of the report, which dug a little deeper than my friends list.

It revealed my most used word as “party,” and allowed me to see the top five words used by any of my friends by simply selecting a name from my entire friends list.

It created a graph plotting my (and a selected friend’s) commonly used words based on corresponding emotions and personality traits.

(Screengrab: DigitalShadow)

(Screengrab: DigitalShadow)

The next section, titled, “WE KNOW WHEN YOU’RE VULNERABLE,” provided me with multiple handy charts displaying my Facebook usage — proving that if they really want to, hackers can find everything about my connectivity.

(Screengrab: DigitalShadow)

(Screengrab: DigitalShadow)

At least the sly site fell short when it came to “WE KNOW WHERE TO FIND YOU.” It couldn’t find my location. At least that’s reassuring.

Finally, I scrolled down to “WE KNOW ALL YOUR SECRETS,” to see rows of periods actively transforming one by one into half coded book and movie titles in true spy fashion.
I know those are things that I’ve “liked,” but I also know that they are among the private information on my profile.

(Screengrab: DigitalShadow)

(Screengrab: DigitalShadow)

I have no idea how this site was able to get all this information about me, because as I recounted earlier, my Facebook profile is private. I expect it got some of the information through my friend list, but still, I was shocked by the report’s depth and accuracy.

Somehow, the site was able to access so much that I thought was private, from things I’d “liked,” to my most frequently used words. It even counted the frequency of words used by friends, and scanned their profiles for photos of me.

Seeing all of this was frightening and eye-opening enough, but now I’m left wondering, if a website created as a promo for a new video game can find all of this, how much more can a skilled hacker with malicious intentions dig up?

Update:

After talking with DigitalShadow.com, Betabeat discovered the site isn’t “hacking” into your Facebook, exactly. Yes, it dug through our private information, but that’s because we gave it permission to do so, without realizing it. 

Turns out, when you click that “Log in with Facebook” button on DigitalShadow.com, you give the site access to your Facebook profile, and we’re not just talking about what you have visible to the public.

As revealed in the report, giving that permission releases a whole lot of private information out online and into the hands of… well, we don’t really know.

The scary part is that we click that button allowing sites and apps to access our profiles all the time. This wasn’t about learning all the information hackers can stealthily get their hands on — it was about learning how much information we unknowingly consent to giving out.

As mentioned, the site was released as a promotion for a new game called “Watch Dogs.” A conversation with the game’s makers brought the reason behind the creepy, yet telling promo to light.

“Watch Dogs has come to life,” Ann Hamilton, associate director of brand management for Ubisoft, said.

The game is centered around Aiden Pearce, a hacker in Chicago who can use his cell phone to access a central operating system that connects him to every piece of computerized data. He can walk by a person on the street and know everything about him from his bank account information to cell phone conversations, police reports, and of course, social media usage along with much much more.

“When we began developing it, it was almost like a science fiction game,” Ms. Hamilton said. “But four years later, most of the hacks can happen in real life.”

Follow Sage Lazzaro on Twitter or via RSS.