Me And My Facebook Data #2

What’s more important: the privacy of users or their security? That’s a hard question and it probably depends on many parameters. Security reasons are often presented to defend some kind of violation of our privacy. The government would say that mass surveillance by the government is necessary to find terrorists, for example, or, more project specific: Facebook would argue that they need to track the user’s location and their web activity to effectively protect the account information against hackers or access by others more generally.

This blog is not intended to answer the above question. Rather, the general purpose is to explore the data that is given to us by Facebook. So, let’s look at the security tab of my data!

In total there are 8 sections on this page:

  • Active Sessions
  • Account Activity
  • Recognized Machines
  • Logins and Logouts
  • Login Protection Data
  • IP Addresses
  • Datr Authentication Cookie Info
  • Administrative Records

There are no explanations of what each section means. I also wasn’t able to find further information in Facebook’s Help Center, only this general list of where to find different kinds of user data and what is included in the download.

Some observations I have made: Active Sessions only list dates with IP addresses since January 1, 2017. The title of those sessions are all »Unknown«*. Account Activity (i.e. »Login«, »Checkpoint Flow Started«, »Checkpoint cleared«) seems to be connected to Active Sessions as those records also only date back to January 1 of this year. Recognized Machines practically shows all the different ways I have logged to Facebook (e.g. from »Safari on my iPhone« or on »Spotify«). Logins and Logouts just lists the time stamps since the beginning of this year. Login Protection Data includes Cookie IDs with the time they were created, but also (again, without any explanation) shows IP addresses and »Estimated location inferred from IP« dated back to August 2016. IP Addresses lists, as expected, all IP addresses. Datr Authentication Cookie Info, I would say, is probably the least useful for us, but has caused big discussions about privacy in the past. Essentially, those Datr cookies store user browsing habits and are sent to Facebook from sites that have a Facebook Like button. Read more about this on BBC, TechCrunch, Guardian. Most of my cookies were only »seen« 1-2 times, with a maximum of 12 times once – what this means for me is that it’s good that I regularly delete my cache and cookies. The last section is Administrative Records, which also provides similar data points like Account Activity, but dates back to 2012 and include labels like »Password Change«, »Remove Profile Photo«, and »Security question and response changed«.
Now, just seeing a list of IP addresses is not very helpful in understanding the value of this data. So here is one way to visualize the security data Facebook has stored:

Active Sessions

Again, this only shows data for January to March 2017. You can see that I have been traveling.

Recognized Machines

This probably is the most comprehensive list of my online activity, not only where I was and when, but also what device/OS and service I was using since 2012. Some records even surprised me as I did not remember them, e.g. Al Jazeera America.

IP Addresses

These records don’t have any time stamps, but are interesting nevertheless. With an IP address one can determine the device location (area) – sometimes just the country, but often it is as detailed as the city. What I observed as well, is there are IP Addresses/locations that I definitely have not been, but I use a VPN quite frequently, so this is not such big surprise.

What I have not looked at so far is the actual time of the day of all my activities and if they at all cluster for example late at night. I’ll publish further progress on my GitHub.


*I would be curious to see if other people see something completely different! If you would be up for sharing your data and help me test (my code), you can contact me at hang[at], there is always the option to just delete sensitive information or just simply not include some files before sharing it with me.