When you install an app on your smartphone, you’re often asked whether you’d like to share your list of contacts with that app. That might be a convenient way to connect with friends and family likewise using, say, Instagram or Whatsapp, but it also means you’re giving away their personal information to the app developers.

And that personal info could end up being used to create so-called “shadow profiles” of your contacts—even if they don’t use that app or social media service.

Shadow profiles emerged as a potential problem in 2011 when an Ireland-based advocacy group accused Facebook of gathering information on nonusers, including names, email addresses, phone numbers and physical addresses.

The following year researchers showed that social network companies such as Facebook could use machine learning to pretty accurately predict whether two nonmembers known by the same member also know one another. Not exactly Big Brother, but a recent study in the journal Science Advances raises the stakes.

In that work, David Garcia, chair of systems design at the sci-tech university ETH Zürich, used a social network member’s personal information to infer relationship status and sexual orientation of the members’ contacts who did not have their own user accounts on that social networking site. [David Garcia, Leaking privacy and shadow profiles in online social networks]

He was able to do that using, of all things, data from the now defunct Friendster social networking site. He says he chose those two attributes—relationship status and sexual orientation—because they can carry important privacy consequences and were both available in the Friendster data set.

Garcia is careful to point out that he didn’t prove that shadow profiles exist, just that they can be created. His work also reminds us how much we wind up revealing online—about ourselves and about the people in our lives.

—Larry Greenemeier

[The above text is a transcript of this podcast.]