[compsciphd]

We've gone through this many times, its nothing nefarious.

1) doctor uploads his contacts (phone number/email addresses) to facebook and sets his contact info

2) you upload your contacts and set your contact info

if there's one match between them, facebook believes (correctly) that there is some sort of existing relationship between you. The fact that its professional and not personal and you want facebook to just be personal doesn't change it.

In other cases facebook can see you are friends with many of them same people and hence figures you might know each other.

[yjftsjthsd-h]

I think we could reasonably disagree about whether or not it's nefarious. Siphoning everyone's contacts is iffy to start with.

[deepsun]

The thing is: users explicitly allow facebook to do that when they agree to ToS, just as they allow it to store their personal photos, statuses, and messages.

[jedimastert]

It's not exactly without consent

[uzoodoo]

My old manager wanted me to install WhatsApp. WhatsApp wanted to access my phone's address book so that it could upload all of my contact info to their [Facebook's] servers. I denied it, and it refused to work. I didn't want to share my contacts - I just wanted to communicate with a specific set of people. The only workaround I could find is back up and delete all my contacts before letting WhatsApp rummage through my address book.

I wouldn't say this practice is very "consensual".

[paulcole]

You wanted to use the app. The app makes the rules. Either use it or don't. I don't see how they had a gun to your head.

[uzoodoo]

Sure, as Congressman Sensenbrenner said, “Well, you know... nobody’s got to use the Internet”

http://wapo.st/2nPh3JN

[naner]

Everyone in the contact list didn't provide consent. Facebook better understands the privacy implications here more than individual users so I don't see anything wrong with placing most of the blame on Facebook.

[mtgx]

It pretty much was the entirety of the Facebook app's life. And it only somewhat changed when Google introduced permissions where the user actually has to opt-in (post app install).

[detaro]

Going to a doctor implies consent to have your contact data shared with Facebook?

[caseysoftware]

There doesn't have to be a match. Simply the fact that either person either uploads their contacts (either via linking to their email or installing Facebook on their phone) is enough to assume the link.

After all, if you have someone in your contact list (phone or email), you've probably been in touch at least once.

Nefarious? Debatable. But also totally predictable.

[matt_heimer]

So they Kevin Bacon it? (https://en.m.wikipedia.org/wiki/Six_Degrees_of_Kevin_Bacon) Has anyone generated enough fictitious people to determine the number of degrees they'll go to? I would imagine at 4 hops the list gets huge and well outside your personal circle but it'd be interesting to see some studies.

[compsciphd]

I strongly believe so. There are people who I know of in passing in real life (we exist in same extended social circle, but who I have never really spoken with), but as we have lots of mutual friends they come up as suggested matches for me on facebook.

[throwaway_374]

Thanks for your reply but I have no idea why this is the top voted reply as it does not consider my factors . As noted by others:

1) The doctor/practice does not have my latest mobile phone number as I have not been to them in years. Having said that, it may be an old number on which I used to use Facebook. This friend suggestion is only in the past few months, which suggests that they are mining friend circles in historic usage data - everyone you know, and ever knew. All that being said, this would require my doctor to have my personal mobile number on her personal mobile phone on which she would have used Facebook at some point in time, which is absolutely impossible in a professional setting.

2) I have not installed Facebook on my current phone.

I'm still not convinced by any argument here, beyond the doctor actively looking me up on Facebook personally outside work.

[compsciphd]

1) the doctor might have only uploaded their contacts to facebook recently

2) my argument has nothing to do with your phone, just what info you have given facebook (email/phone number). If someone else uploads their contacts that includes one of those pieces of information, facebook makes a connection.

[abraca]

No,your doctor actually is not allowed to upload your contact information as a patient to Facebook. It is against regulations. Patient information is private, including contact information. If he or she has done so it IS nefarious.

[abraca]

Extract from wikipedia about protected health information below: note that names and email addresses are PHI and must be treated with special care....

Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care:[1]

Names All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000 Dates (other than year) directly related to an individual

Phone numbers

Fax numbers

Email addresses

[compsciphd]

that's actually a reasonable argument but would imply that a doctor cannot use any cloud connected phone (i.e. android or ios). Heck, even using gmail from the web might be a problem.

not a lawyer, so dont know the implications.

[tobylane]

The suggestion is that as you go to your nearest doctor's office (or one of the nearest) you're likely to have social friends in common.

[williamscales]

I think the original asker said he had never uploaded his contacts. Presumably though Facebook could just follow the reverse relation from the doctor without needing to confirm that it goes both ways.

[throwaway_374]

Thanks for reading my post and noting this. I'm not sure the reverse relation applies either as it would require the doctor to have my personal contact on her mobile which is absolutely not the case as this is a shared practice and I haven't been to her in years.

[compsciphd]

the asker doesn't have to upload his contacts, he just has to tell facebook his number or email address. the doctor might have uploaded his contacts which include one of those pieces of information.