Insecure Facebook Demands Your Passport, Bank Statements, Medical Records, ...
By Duane Thresher, Ph.D. October 8, 2018
As I reported in Facebook Has A Database Of User ID Photos, Facebook has been demanding users upload their ID photos (not profile photos) for account verification, assuring users the photos were secure and would be deleted after use. In the meantime, as I reported in Yahoo-Then-Facebook CISO Alex Stamos Allows Yet Another Massive Data Breach, Facebook admitted to a data breach that compromised 50 million user accounts. Continuing the investigation into Facebook's demand for user ID, I discovered that insecure Facebook is demanding that you upload your passport, birth certificate, driver's license, marriage certificate, green card, voter ID card, bank statements, credit card, medical records, Social Security card, ... Further, Facebook is keeping your entire search and location history forever. If Congress really cared about the security of the American people, and not just its access to free Facebook advertising -- see Fake Federal Facebook Fury Finally Finished -- it would make Mark Zuckerberg testify about this outrageous invasion of privacy and the FBI would investigate it.
If you wisely refuse to upload your ID photo to Facebook when it is demanded, your account will be disabled. If you then try to log into your Facebook account you are told "Your Account Has Been Disabled" and "For more information, or if you think your account was disabled by mistake, please visit the Help Center." Going to the Help Center you are told by Facebook:
Why was my account disabled?Obviously Facebook would not need to do this now if it had this policy all along. As I mentioned, early on Facebook was thrilled with having fake and multiple accounts since it artificially inflated the number of users that Facebook could brag about to investors and advertisers. (The account these notices are from is over 5 years old.)
Your account was disabled for violating the Facebook Terms.
- Your account must list your authentic name.
- Personal accounts must represent individual people only. It's a violation of our policies to use a personal profile to represent anything other than yourself (ex: celebrities, pets, ideas, objects, etc.).
- Impersonating anyone or anything is not allowed.
- Maintaining multiple accounts is a violation of our policies.
- Accounts created for the purpose of spamming or harassing others are strictly prohibited.
Now, after the Russians have used Facebook to meddle in U.S. elections, Facebook is desperately trying to clean up its act. It is doing so with a long history of user privacy violations, which it obviously learned nothing from (remember Cambridge Analytica?). Unfortunately, Congress can't live without the free advertising Facebook provides them, so will do nothing to protect the American people from Facebook.
If as instructed, you then let Facebook know that you think your account was disabled by mistake, Facebook presents you with the scariest demand for information you'll ever see, including from U.S. Government agencies like the NSA and FBI:
Group OneAfter that shocking list Facebook tries to reassure you:
You can send us one of the items from group one to confirm your name or get back into your account. Anything that you send us should contain either your name and date of birth or your name and photo.
• Birth certificate • Personal or vehicle insurance card • Family certificate • Driver's license • Non-driver's government ID (ex: disability, SNAP card, national ID card, pension card) • Visa • Passport • Green card, residence permit or immigration papers • National age card • Marriage certificate • Tribal identification or status card • Immigration registration card • Official name change paperwork • Voter ID card • Tax identification card
If you don't have anything from group one, you can send us two different items from group two. The name on the items that you send us should be the same name that you want to show on your profile.
Keep in mind that if you've lost access to your account, you may be asked to provide something from the list that also shows a photo or date of birth that matches the details on your Facebook account. This extra precaution is so that we can make sure that the only one with access to your account is you.
• Bank statement • Magazine subscription stub • Social Security card • Religious documents • Transit card • Medical record • Utility bill • Certificate of registration for accreditation or professional • Check • Membership ID (ex: pension card, union membership, work ID, professional ID) • Yearbook photo (actual scan or photograph of the page in your yearbook) • Professional license card • Credit card • Paycheck stub • Company loyalty card • Polling card • Employment verification • Permit • Contract • Health insurance • Library card • School ID card • Family registry • Address proof card • • School record • Diploma • Social welfare card
What happens to my ID after I send it to Facebook?"Securely" is of course complete nonsense, given Facebook's recent massive data breach with 50 million user accounts compromised, as well as Facebook's selling of such information in scandals like Cambridge Analytica.
After you send us a copy of your ID, it'll be stored securely while we resolve your issue. We also delete the copy of your ID after 30 days.
The promise to delete it is unbelievable as well. For example, when you are told your account has been disabled, besides being given the option of going to the Help Center, you are given the option to "Download Your Information". Apparently, even if you can't prove the account is yours, you have the right to the account information, which turns out to be extensive.
It takes a while to download all the account information but when you finally do, you see why it took so long. You'll get a listing of every search, with date and time, you've ever done on Facebook (over 5 years' worth for the account in question). That means of course that Facebook has this search history. Facebook, so the NSA, FBI, police, and hackers, can tell a lot and do a lot of bad stuff to you with this information. You'd better not be connected to anyone these agencies find objectionable.
Additionally, you'll get a listing of every IP address you've ever logged into Facebook from. This means Facebook, so the NSA, FBI, police, and hackers, know where you are and were.
Big Brother never had it so good.
I'd advise you to write your congressman, but as mentioned that probably won't do any good. The only way to protect yourself is to have a fake Facebook account or not be on Facebook at all. For millions it's already too late.