Facebook’s ID Scraping Is Even Worse Than We Suspected

Facebook’s ID Scraping Is Even Worse Than We Suspected
Image: iStock

In the midst of the current scandal rocking Facebook, many people are wondering whether they should stay on the social network and exactly what data Facebook has. It turns out, some of the information Facebook gathers is, frankly, quite scary.

I downloaded my Facebook history and was amazed, perhaps shocked is a better word, at what was in my profile – personal information that others thought was hidden. Here’s how to access your full history and how to look through it.

Given recent events, I was curious to find out what information Facebook had connected to my profile. So, I started by accessing my archive. And once I was in, I found that Facebook was sharing information with me that was meant to be hidden from me.

How to download your Facebook history

Accessing your history is quite straightforward.

  1. Log into Facebook using a web browser (I could find how to do this via the iOS app).
  2. Near the top-left area of the screen, there’s a downward-pointing triangle. Click on it and then choose the settings option that’s second from the bottom of the menu.
  3. Facebook’s ID Scraping Is Even Worse Than We Suspected
  4. At the Botton of the list of items in the main section of the display, click the “Download a copy of your Facebook data” option.

Once you’ve done that, you’ll see a new screen with a green “Download archive” as well as an instruction to protect your archive. That’s ironic given how well Facebook has protected our data.

Facebook’s ID Scraping Is Even Worse Than We Suspected

The process of creating the archive takes a while but you’ll receive a Facebook notification and an email telling you when it’s done. You can then receive a zipped archive of your Facebook history.

Accessing your history

Once you unzip the archive, you’ll end up with a new directory of files and folders. There’s no need to scroll through each folder. Just open the folder that was created when you unzipped the archive. It will be called “facebook-username”. Mine contained four folders and one file.

Facebook’s ID Scraping Is Even Worse Than We Suspected

That file, index.html, is the one you need to open. When you do that, the file will open in a browser window, presenting you with a simple website with all your content.

Down the left side, you’ll see links to

  • Profile
  • Contact Info
  • Timeline
  • Photos
  • Videos
  • Friends
  • Messages
  • Events
  • Security
  • Ads
  • Places Created
  • Applications

Clicking on each of these will reveal various parts of your history that have been retained by Facebook.

Here’s the scary bit

I started by taking a look at the Contact Info section. Incredibly, five of the first six contacts on the list were not my Facebook friends. Yet I had their names and phone numbers right there in my contacts. The name at the top of the list was someone I only met and communicated with, completely outside Facebook, for the first time last week. My contact with that person was via email on various devices and over the phone from my iPhone.

The second name on the list is someone I’ve had the occasional business interaction with the other three people I have no recollection of every speaking to or meeting.

Yet Facebook has shared their personal information with me.

When I called the first person on the list, they were surprised I had access to that information as, even though they had put their phone number into Facebook, they had only elected to share it with friends.

When I looked at their profile on Facebook, their phone number was hidden from me. Yet, it was available through my archived history. In fact, when that person checked, he had locked his account down so that the number wasn’t even available to his friends. I followed this up with another party on my list who was similarly shocked.

In other words, Facebook is making data accessible to me that the owner has explicitly tried to keep hidden.

I contacted the Office of the Australian Information Commissioner (OAIC) to find out whether this was a potential breach of the Privacy Act. They declined to make a comment but did provide a statement, saying

I am aware of the reports that users’ Facebook profile information was acquired and used without authorisation. My Office is making inquiries with Facebook to ascertain whether any personal information of Australians was involved.

I’ve also asked Facebook for a comment but, at the time of publication, they haven’t come back to me. If they do, I’ll publish a response.


  • Hi,

    Could this be as a result of the fact you chosen to share your devices contacts with Facebook?

    I’m not sure whether it’s the Facebook app or the Messenger app, but I seem to recall one them constantly prompted you to allow Facebook to access your devices contacts.


      • By default, within the Messenger app the “Sync contacts” setting under People is turned on … all your iPhone contacts are auto-uploaded to Facebook with this turned on.

    • The problem is that Facebook is giving you new information about people you once had contact with. I looked through my archive contacts and noticed that I had updated phone numbers for people I haven’t been in touch with for years, and who aren’t in my current phone contacts. So I noticed a guy I knew 10 years ago – before Facebook – who I had an Australian phone number for. That number got slurped by Facebook, and it appears when he moved overseas, Facebook updated his number with his new US number and supplied that to me in my archive.

      This is potentially very dangerous for people keeping a low profile for family or other reasons as Facebook is joining the dots across multiple platforms and contact lists.

  • How many times were users warned? It’s hard to feel any sympathy.

    Companies like Facebook and Google don’t give a damn about your privacy. They will harvest all of your data, and sell it. It’s why they exist.

      • Assuming that laws have been broken, what could possibly be done about it anyway?

        Kick Facebook out of Australia? Add it to the banned URL list so that Aussies can’t get to it? Fine them?

  • Good story Antony.

    Only with real examples will people start to understand what it means when they give up their privacy.

    This is a breach of laws, and trust. However, even if companies stay within the law and their own policies, the average person has put little thought into how their data may be used, and the consequences, which if explained, the consumer would not be happy about.

  • I clicked the “contact info” link as you suggested, but just just comes up blank. All other sections have data. Am I doing something wrong, or does this mean they have no info on my contacts etc?

Show more comments

Log in to comment on this story!