> Facebook also had a tool that would let you give them your username and password for other sites, and would scrape contacts for you.
I remember FB recommending me a contact, I thought "Why does that distinctive name sound familar?". I looked through my e-mails and I had sent a few emails back and forth with the person because of an eBay transaction.
I know I never told FB to scrape my email account, but I'm guessing this person did. And it's certainly not even the address book, but the email addresses from people's inboxes (and why not the names from the "From" field as well. If I was tasked with this I'd even suggest scraping any signature fields).
Several years ago (~2016), I was working on writing a facebook integration for the company I was working for at the time. I'd deleted my personal facebook account years before that, so I created a new facebook profile to test with. I faked all the information (My actual first name, but the company I worked at for last name, used my company email, made up a birthdate, etc.) I was using a different computer than I'd ever logged in to facebook before, and I was on the company network.
On the first page after signing up, it wanted me to "Add some Friends", and suggested a bunch of people I knew. Including my cousin with a different last name, and who lived several states away.
I've always been fairly privacy conscious, always using an adblocker, but that was downright creepy.
A guy I used to work with was super proud of his privacy stance, and "look at my new IPhone" levels of telling everyone about it. He was routinely bellowing how HIS phone number would never be in Google's hands, by god.
I told him "Don't worry John, they already have it. You're in my contacts list." and the realization that hit him was almost physical.
I find it "amusing" that FB (or well, a lot of phone apps) can see how your relationship with people ebb and flow.
E.g. for a dating situation: new WhatsApp contact, growing frequency of texts, growing frequency of WhatsApp calls, culminating in a night where both phones were connected to the same SSID / locatable in one geo-location throughout the whole night, without their users checking them.
When that happens it'd be time to show them ads with the text "Your new love interest is highly interested in these products"...
It'd also be "amusing" to big-data the whole thing and get the computer to spit out the answer to the question "Where is this relationship going?"
It definitely uses connection IPs as some heuristic.
I exclusively used Facebook for family (years ago before deleting it) and received recommendations of otherwise socially-unconnected roommates who habitually accessed FB through house wifi.
I don't think that they'd go as far as scanning mailboxes, the return on the effort doesn't seem worth it. More likely the person you were connected to added you to an address book (or perhaps their mailer added you automatically) as someone they have dealt with before. Some anti-spam measures use a source address existing in a connected addressbook as a whitelisting clue.
I remember FB recommending me a contact, I thought "Why does that distinctive name sound familar?". I looked through my e-mails and I had sent a few emails back and forth with the person because of an eBay transaction.
I know I never told FB to scrape my email account, but I'm guessing this person did. And it's certainly not even the address book, but the email addresses from people's inboxes (and why not the names from the "From" field as well. If I was tasked with this I'd even suggest scraping any signature fields).
Hey, at least it bought Zuck a $900K watch.