Show Hide image

People you may know: is Facebook’s friend-finding algorithm putting you at risk?

Facebook is under fire after it recommended that a psychiatrist's patients add one another as "Friends".

The girl you went on a date with two months ago. Your therapist. The personal trainer you haven’t seen since January. Your lawyer, barber, maybe even your drug dealer. Scrolling through Facebook’s curated suggestions of  “People you may know” will often leave you feeling like the social network can read your mind. Don’t worry, it can’t. But it is reading your address book.

Most people are unaware that if you give Facebook access to your phone and email contacts (you can check if you’ve done so here and here) then it will use this information to recommend you “Friends”. In fact, simply having a phone number linked with your account means Facebook can and does mine your contacts. Although many users find it creepy and mysterious, this is why your Tinder date or the man you once sold a coffee table to will pop up in your sidebar from time to time. But what about the other – seemingly random – people listed under “People you may know”? According to, you may be more connected than you think.

Speaking to Kashmir Hill, a Fusion editor, a psychiatrist revealed how Facebook suggested that her clients should all become friends with each other on the site. The psychiatrist, who wished to only be identified as Lisa, said that one of her clients showed her his friend recommendations and she recognised many of her patients on the list. Hill concluded that because Lisa’s clients had saved her number in their phones, Facebook’s algorithm assumed they were all connected in a network.

Shocking as it is, Lisa’s case is nothing unusual. If you search the words “people you may know therapist” on Twitter, there is a tweet almost every day of someone complaining that Facebook recommended their health professional as a friend. If this many people are seeing their therapists within the suggestions, it is possible they’re also seeing their therapists’ other clients, whether they know it or not.

Dr Dawn Branley, a health and social psychologist specialising in the risks and benefits of internet and technology use tells me that if the algorithm works like this, the consequences could be “particularly problematic”.

“In addition to breaching patient confidentiality through allowing clients to identify one another, this could also raise issues over the triggering of negative behaviour,” she says, referring to patients who suffer with eating disorders or self-harm. “For example, it could encourage communication between vulnerable users or draw users’ attention to social media profiles which may include images or posts that could trigger negative health behaviour.”

Branley recommends that to avoid these issues, professionals should not link their Facebook with their work mobiles or email addresses. “There are options on Facebook to remove synced contact information and to opt out of syncing your phone contacts, should users wish to do so,” she says. “Therefore this should not pose too much of a problem providing users are tech savvy and aware of the implications of allowing access to their phone and email contacts.” As Whatsapp is on the cusp of sharing its one billion users’ phone numbers with Facebook, it’s also important to be careful there.

Unfortunately, being careful in this instance might not be enough. Even if you don’t share your phone contacts with Facebook, if someone who has your number shares their contacts, Facebook will still know you are connected. There is also potential that even if you don’t use Facebook, the site might assume two users are connected if they both have your phone number. If this is the case, psychiatrists would need to have one phone for each of their clients – an impossible task.

And it’s not just health professionals who are at risk. Anyone who uses their personal phone for work, or has download Facebook on their work phone, is vulnerable. Not only is it unnerving to see your clients on your recommended friends, potentially exposing your clients to one another is a problem for everyone from lawyers to drug dealers, to landlords to prostitutes.

“Almost every professional person I have had contact with has ended up in my ‘People you may know’ tool,” says Maya, a 37-year-old from Sydney who was shocked when her ex-therapist popped up nearly two years after she stopped seeing her. “Personal trainers, naturopath, accountant, yoga teachers, dietician, real estate agent, even customers at my work. It's always such an awkward feeling and has only served to reinforce why I share as little information about myself as possible.”

Maya didn’t have her therapist in her phone contacts, nor did she ever email her. It is likely that Facebook made the connection because her therapist had her number or email saved, making Maya’s own attempts at privacy redundant. She speculates, however, that Facebook made the connection for other reasons.

“The only way I can possibly imagine she would have been included would be if she had looked at my profile,” she says.

Although there is little evidence for this, it has long been a rumour that people who are stalking your profile appear as recommended friends. These rumours are given credence because Facebook’s description of how the “People you may know” tool works is extremely ambiguous. It reads:

“We show you people based on mutual friends, work and education information, networks you’re part of, contacts you’ve imported and many other factors.”

These “other factors” might be people who are looking at your profile, as Maya speculates, or they might be people who share the same phone contacts, as Hill believes. Facebook readily admits that it uses “the info you’ve uploaded about your contacts to make friend suggestions for you and others”, but it couldn’t confirm Hill’s case because Lisa was unable to share her clients’ confidential information with the site.

For now, then, individual users are the ones highlighting this flaw. Be it the woman who allegedly found out her husband had another family because of the tool, or the journalists worried about exposing their protected sources, multiple people have expressed their concerns. As far as finding out who your real friends are, then, Facebook has been indispensable. It is now clearer than ever that the site cannot be trusted. 

Amelia Tait is a technology and digital culture writer at the New Statesman.

John Moore
Show Hide image

The man who created the fake Tube sign explains why he did it

"We need to consider the fact that fake news isn't always fake news at the source," says John Moore.

"I wrote that at 8 o'clock on the evening and before midday the next day it had been read out in the Houses of Parliament."

John Moore, a 44-year-old doctor from Windsor, is describing the whirlwind process by which his social media response to Wednesday's Westminster attack became national news.

Moore used a Tube-sign generator on the evening after the attack to create a sign on a TfL Service Announcement board that read: "All terrorists are politely reminded that THIS IS LONDON and whatever you do to us we will drink tea and jolly well carry on thank you." Within three hours, it had just fifty shares. By the morning, it had accumulated 200. Yet by the afternoon, over 30,000 people had shared Moore's post, which was then read aloud on BBC Radio 4 and called a "wonderful tribute" by prime minister Theresa May, who at the time believed it was a genuine Underground sign. 

"I think you have to be very mindful of how powerful the internet is," says Moore, whose viral post was quickly debunked by social media users and then national newspapers such as the Guardian and the Sun. On Thursday, the online world split into two camps: those spreading the word that the sign was "fake news" and urging people not to share it, and those who said that it didn't matter that it was fake - the sentiment was what was important. 

Moore agrees with the latter camp. "I never claimed it was a real tube sign, I never claimed that at all," he says. "In my opinion the only fake news about that sign is that it has been reported as fake news. It was literally just how I was feeling at the time."

Moore was motivated to create and post the sign when he was struck by the "very British response" to the Westminster attack. "There was no sort of knee-jerk Islamaphobia, there was no dramatisation, it was all pretty much, I thought, very calm reporting," he says. "So my initial thought at the time was just a bit of pride in how London had reacted really." Though he saw other, real Tube signs online, he wanted to create his own in order to create a tribute that specifically epitomised the "very London" response. 

Yet though Moore insists he never claimed the sign was real, his caption on the image - which now has 100,800 shares - is arguably misleading. "Quintessentially British..." Moore wrote on his Facebook post, and agrees now that this was ambiguous. "It was meant to relate to the reaction that I saw in London in that day which I just thought was very calm and measured. What the sign was trying to do was capture the spirit I'd seen, so that's what I was actually talking about."

Not only did Moore not mean to mislead, he is actually shocked that anyone thought the sign was real. 

"I'm reasonably digitally savvy and I was extremely shocked that anyone thought it was real," he says, explaining that he thought everyone would be able to spot a fake after a "You ain't no muslim bruv" sign went viral after the Leytonstone Tube attack in 2015. "I thought this is an internet meme that people know isn't true and it's fine to do because this is a digital thing in a digital world."

Yet despite his intentions, Moore's sign has become the centre of debate about whether "nice" fake news is as problematic as that which was notoriously spread during the 2016 United States Presidential elections. Though Moore can understand this perspective, he ultimately feels as though the sentiment behind the sign makes it acceptable. 

"I use the word fake in inverted commas because I think fake implies the intention to deceive and there wasn't [any]... I think if the sentiment is ok then I think it is ok. I think if you were trying to be divisive and you were trying to stir up controversy or influence people's behaviour then perhaps I wouldn't have chosen that forum but I think when you're only expressing your own emotion, I think it's ok.

"The fact that it became so-called fake news was down to other people's interpretation and not down to the actual intention... So in many interesting ways you can see that fake news doesn't even have to originate from the source of the news."

Though Moore was initially "extremely shocked" at the reponse to his post, he says that on reflection he is "pretty proud". 

"I'm glad that other people, even the powers that be, found it an appropriate phrase to use," he says. "I also think social media is often denigrated as a source of evil and bad things in the world, but on occasion I think it can be used for very positive things. I think the vast majority of people who shared my post and liked my post have actually found the phrase and the sentiment useful to them, so I think we have to give social media a fair judgement at times and respect the fact it can be a source for good."

Amelia Tait is a technology and digital culture writer at the New Statesman.