Got an e-mail list of customers or readers and want to know more about each — such as their full name, friends, gender, age, interests, location, job and education level?

Facebook has just the free feature you're looking for, thanks to its recent privacy changes.

The hack, first publicized by blogger Max Klein, repurposes a Facebook feature that lets people find their friends on Facebook by scanning through e-mail addresses in their contact list.

But as Klein points out, a marketer could take a list of 1,000 e-mail addresses, either legally or illegally collected – and upload those through a dummy account – which then lets the user see all the profiles created using those addresses. Given Facebook's ubiquity and most people's reliance on a single e-mail address, the harvest could be quite rich.

Using a simple scraping tool, a marketer could then turn a list of e-mail addresses into a rich, full-fledged set of marketing profiles, with names, pictures, ages, locations, interests, photos, wall posts, affiliations and names of your friends, depending on how users have their profiles set. Run a few algorithms on that data and you can start to make inferences about race, income, sexual orientation and interests.

While that information isn't available for all users, Facebook changed its privacy settings in early December so that certain information can't be made private, including one's name, current city, profile picture, gender, networks and friend list (the latter can be somewhat hidden from public view).

Anyone with your e-mail address can harvest that information, the company admits.

That's unacceptable, according to the Electronic Frontier Foundation's Kevin Bankston, who says that's not the Facebook people signed up for.

"Just because Facebook users want to share personal info with their friends does not mean they want to share it with any nefarious parties on the internet," Bankston said, "but that is exactly what Facebook is forcing its users to do."

With the new privacy settings, users can shut off being found by their name by changing who can find them on Facebook or by web searches. But even if you restrict as much as you can, if an outsider knows your e-mail address, they can find the rest of your profile information that Facebook now designates as public – namely your name, profile picture (if you've uploaded one), current city (if you've filled one out), networks (if you've joined any) and pages you are a fan of, according to Facebook.

"If someone knows your e-mail address, they can find you even if you've restricted search privacy," Facebook spokesman Andrew Noyes told Wired.com.

That's very valuable information to marketers, who can use it to evaluate their product, understand their user base better, create targeted marketing materials or sell the information to others.

But Facebook says it works to catch rogue marketers and sets a limit on the number of e-mail addresses that can be run through its system, according to Noyes.

"We've developed several systems to detect and block malicious use of the Friend Finder," Noyes said. "For example, we don't allow users to upload contact lists past a certain size. We also block users who upload contacts at an anomalous rate.

Still, the onus is on users to make a decision about their information, according to the company.

"However, we encourage people with concerns to configure their privacy settings appropriately," Noyes said.

Users should know that the information exposed in this little hack is not unlike that which is turned over to third-party applications whenever you or one of your friends installs an application, including such things as quizzes to decide what kind of pet you are.

It's not clear if any marketers are using this loophole, but it would be very difficult to know

Facebook is pushing its users to share information in an attempt to keep Twitter from eclipsing the site as the center of the net's online conversations. The site hopes getting users to publish more publicly will make it the place people turn when they need to find recommendations, a function currently dominated (with great profit) by Google.

But privacy activists say Facebook has broken the contract with its users. Some groups have filed a formal complaint with the FTC, saying the recent changes are illegal.

Augmenting marketing data to learn even more about customers isn't new, and has been offered by companies such as Choicepoint for years. Rapleaf offers a strikingly similar service to the demonstrated hack for companies willing to pay money.

Screenshot via Christopher Blizzard

See Also: