1) doctor uploads his contacts (phone number/email addresses) to facebook and sets his contact info
2) you upload your contacts and set your contact info
if there's one match between them, facebook believes (correctly) that there is some sort of existing relationship between you. The fact that its professional and not personal and you want facebook to just be personal doesn't change it.
In other cases facebook can see you are friends with many of them same people and hence figures you might know each other.
After all, if you have someone in your contact list (phone or email), you've probably been in touch at least once.
Nefarious? Debatable. But also totally predictable.
1) The doctor/practice does not have my latest mobile phone number as I have not been to them in years. Having said that, it may be an old number on which I used to use Facebook. This friend suggestion is only in the past few months, which suggests that they are mining friend circles in historic usage data - everyone you know, and ever knew. All that being said, this would require my doctor to have my personal mobile number on her personal mobile phone on which she would have used Facebook at some point in time, which is absolutely impossible in a professional setting.
2) I have not installed Facebook on my current phone.
I'm still not convinced by any argument here, beyond the doctor actively looking me up on Facebook personally outside work.
2) my argument has nothing to do with your phone, just what info you have given facebook (email/phone number). If someone else uploads their contacts that includes one of those pieces of information, facebook makes a connection.
Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care:[1]
Names All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000 Dates (other than year) directly related to an individual
Phone numbers
Fax numbers
Email addresses
1. Facebook tracking pixels on websites (if you visit a website with the pixel, you can be targeted in many different ways).
2. Email. If you have sent or received an email to the doctor, and either of you has associated that email to FB, you can be tracked.
3. Searching on FB, you say its unlikely for him to look you up on FB, yet theres always a chance that being a family doctor, he might have at some point seen one of your family member's FB and stumbled upon a picture or post in which you were tagged.
4. Whatsapp Contacts. As you know, Whatsapp and FB are part of the same company, hence have access to linked information. If you share certain Whatsapp contacts, a connection can be inferred.
http://www.businessinsider.com/facebook-data-brokers-2016-12
It wouldn't surprise me if a credit card payment for a doctor visit might lead to such an association or suggestion.
In testing with a few people who never even had FB accounts and who I clearly did not import any contacts, etc., was that they fairly immediately received friend suggestions and even requests from people they knew. This was also despite the fact they'd never used the computer or even IP address used in the registration of the account. At the time it helped me prove a point that not participating in social media could be a security problem & to always take social media verification seriously. Obviously FB has since fixed that vector.
https://caseysoftware.com/blog/social-media-for-social-evil-...
About 2: Email. I don't understand. If I send an email from my gmail address to his hotmail address, and both of us use the addresses for Facebook registration, how does that link us? And you say "either", so only one of us uses it for Facebook. I don't get it.
About 3: Maybe he has many links to other people on FB, people in his social circles, one or two or even three steps away. If you have enough of these people, the link is made. And they just show these people, and at some point you see it and all the others go unnoticed, but this one pops out.
I agree that it's likely not "either" but both email addresses matching but I'm convinced that some friend recommendations come from gmail. There's no other way.
Sure, if we have each other's email addresses in our contact lists on Facebook, I can see how the connection was made.
I'm not sure who I was most disappointed in. The hospital for purchasing the ad, Google for tracking my hospital visits, or myself for trading privacy for the convenience of services like Google Now.
Amazon and eBay have this same problem, wherein they show you things similar to things you've already bought.
Which is especially silly when it's something you'd only buy once. "Oh, you bought a table saw? Why not fifteen more?!"
Where ___ is any applicable attribute such as intelligence, privacy, etc.
Corollary 1: You will be surprised at who is included in the set of "friends" that have a Facebook account.
Corollary 2: You will be surprised at how low the lowest ____ is for your "friends."
1) you have instagram or whatsapp and use them frequently
2) you use an app that has Facebook login, that has location access or just has the SDK lying in app but not being used.
3) I don't know about what access react native/js frameworks have in terms of device resources, but that "may be" an another source of info leak.
4) your contacts/friends uploaded a photo on one of these services where you were there in the photo
5) if any of these apps have microphone access (when you record videos) it's "possible" to do many surreptitious things.
All of the above, done by 1 or many of your friends/contacts on Facebook/instagram/WhatsApp, FB identified you and correlated it somehow.
The correct answer is that if you have the FB app installed, it tracks your location. If you are in any place with another person with the FB app also installed multiple times, it assumes you two know each other.
It is why therapists and other medical professionals should not have FB (or any social network app, for that matter) installed on their phone (or, alternatively, on while in the work place).
Any ideas on how that came about? It's hard to believe it's anything other than some app listening to audio.
How can it be?
We think they did a whois on his IP address which was at his company address, which we all know is doable, but seeing companies proactively do this is crazy.
OP: Can you exclude the possibility that the doctor just searched your name on FB? Why wouldnt he do that...?
Just because your communication happened on paper doesn't mean that they haven't stored your email address or phone number in some service digitally, and that somehow that info has been shared (e.g. a phone with a facebook app that uploads all contacts)
I brought it up to her, we wondered how it happened, and she admitted that she'd searched for my profile a week before.
I'd say this aspect of the system is a good feature. If you're searching for someone, it's nice to give them an opportunity to "independently" reach out to you.
