Insecure Facebook Demands Your Passport, Bank Statements, Medical Records, ...
By
Duane Thresher, Ph.D. October 8, 2018
As I reported in
Facebook
Has A Database Of User ID Photos, Facebook has been
demanding users upload their ID photos (not profile photos)
for account verification, assuring users the photos were
secure and would be deleted after use. In the meantime, as I
reported in
Yahoo-Then-Facebook
CISO Alex Stamos Allows Yet Another Massive Data Breach,
Facebook admitted to a data breach that compromised 50 million
user accounts. Continuing the investigation into Facebook's
demand for user ID, I discovered that insecure Facebook is
demanding that you upload your passport, birth certificate,
driver's license, marriage certificate, green card, voter ID
card, bank statements, credit card, medical records, Social
Security card, ... Further, Facebook is keeping your entire
search and location history forever. If Congress really cared
about the security of the American people, and not just its
access to free Facebook advertising — see
Fake
Federal Facebook Fury Finally Finished — it would
make Mark Zuckerberg testify about this outrageous invasion of
privacy and the FBI would investigate it.
If you wisely refuse to upload your ID photo to Facebook when
it is demanded, your account will be disabled. If you then
try to log into your Facebook account you are told "Your
Account Has Been Disabled" and "For more information, or if
you think your account was disabled by mistake, please visit
the Help Center." Going to the Help Center
you are told by
Facebook:
Why was my account disabled?
Your account was disabled for violating the Facebook Terms.
Our Policies
- Your account must list your authentic name.
- Personal accounts must represent individual people only.
It's a violation of our policies to use a personal profile to
represent anything other than yourself (ex: celebrities, pets,
ideas, objects, etc.).
- Impersonating anyone or anything is not allowed.
- Maintaining multiple accounts is a violation of our policies.
- Accounts created for the purpose of spamming or harassing
others are strictly prohibited.
Obviously Facebook would not need to do this now if it had
this policy all along. As I
mentioned,
early on Facebook was thrilled with having fake and multiple
accounts since it artificially inflated the number of users
that Facebook could brag about to investors and advertisers.
(The account these notices are from is over 5 years
old.)
Now, after the Russians have used Facebook to meddle in
U.S. elections, Facebook is desperately trying to clean up its
act. It is doing so with a long history of user privacy
violations, which it obviously learned nothing from.
Unfortunately,
Congress
can't live without the free advertising Facebook provides
them, so will do nothing to protect the American people from
Facebook.
If as instructed, you then let Facebook know that you think
your account was disabled by mistake, Facebook presents you
with the
scariest demand
for information you'll ever see, including from
U.S. Government agencies like the NSA and FBI:
Group One
You can send us one of the items from group one to confirm
your name or get back into your account. Anything that you
send us should contain either your name and date of birth or
your name and photo.
• |
Birth certificate |
• |
Personal or vehicle insurance card |
• |
Family certificate |
• |
Driver's license |
• |
Non-driver's government ID (ex: disability, SNAP card,
national ID card, pension card) |
• |
Visa |
• |
Passport |
• |
Green card, residence permit or immigration papers |
• |
National age card |
• |
Marriage certificate |
• |
Tribal identification or status card |
• |
Immigration registration card |
• |
Official name change paperwork |
• |
Voter ID card |
• |
Tax identification card |
Group Two
If you don't have anything from group one, you can send us
two different items from group two. The name on the items
that you send us should be the same name that you want to
show on your profile.
Keep in mind that if you've lost access to your account, you
may be asked to provide something from the list that also
shows a photo or date of birth that matches the details on
your Facebook account. This extra precaution is so that we
can make sure that the only one with access to your account
is you.
• |
Bank statement |
• |
Magazine subscription stub |
• |
Social Security card |
• |
Religious documents |
• |
Transit card |
• |
Medical record |
• |
Utility bill |
• |
Certificate of registration for accreditation or professional |
• |
Check |
• |
Membership ID (ex: pension card, union membership,
work ID, professional ID) |
• |
Yearbook photo (actual scan or photograph of the page
in your yearbook) |
• |
Professional license card |
• |
Credit card |
• |
Paycheck stub |
• |
Company loyalty card |
• |
Polling card |
• |
Employment verification |
• |
Permit |
• |
Contract |
• |
Health insurance |
• |
Library card |
• |
School ID card |
• |
Family registry |
• |
Address proof card |
• |
Mail |
• |
School record |
• |
Diploma |
• |
Social welfare card |
After that shocking list Facebook tries to reassure you:
What happens to my ID after I send it to Facebook?
After you send us a copy of your ID, it'll be stored
securely while we resolve your issue. We also delete the
copy of your ID after 30 days.
"Securely" is of course complete nonsense, given Facebook's
recent
massive
data breach with 50 million user accounts
compromised.
The promise to delete it is unbelievable as well. For
example, when you are told your account has been disabled,
besides being given the option of going to the Help Center,
you are given the option to "Download Your Information".
Apparently, even if you can't prove the account is yours, you
have the right to the account information, which turns out to
be extensive.
It takes a while to download all the account information but
when you finally do, you see why it took so long. You'll get
a listing of every search, with date and time, you've ever
done on Facebook (over 5 years' worth for the account in
question). That means of course that Facebook has this search
history. Facebook, so the NSA, FBI, police, and hackers, can
tell a lot and do a lot of bad stuff to you with this
information. You'd better not be connected to anyone these
agencies find objectionable.
Additionally, you'll get a listing of every IP address you've
ever logged into Facebook from. This means Facebook, so the
NSA, FBI, police, and hackers, know where you are and
were.
Big
Brother never had it so good.
I'd advise you to write your congressman, but as
mentioned
that probably won't do any good. The only way to protect
yourself is to have a fake Facebook account or not be on
Facebook at all. For millions it's already too
late.