By now, most of you will know the context of why we’re talking about Facebook and privacy right now. What I’d like to do in this article is explain why you should download your Facebook data, how you can download it, and what you can do with it.

Obviously, I’m not the first one writing about this. If you feel that you would like some background on the Cambridge Analytica data scandal and the timeline of recent development on this issue, I recommend Charged – “#164 Facebook looses the narrative” – a very good read1. At the end of this article, you’ll also find a list of other relevant articles I came across.

Why Should you Download your Facebook Data?

We all know that Facebook is constantly collecting huge amounts of data about us. You may not think about it much or you may believe that Facebook not only collects data but also records all your phone calls… If you just got slightly nervous about “records all your phone calls”, let me clarify: according to Facebook, they don’t listen in on your phone calls – but if you ask people, they’re totally convinced that this is a thing2.

Considering the amount of data that Facebook collects about all of its users, it is plausible to say that they simply don’t have to listen in – the combined metadata of peoples’ interactions is extremely powerful on its own. Collecting data on individual persons is of limited use to Facebook (e.g. for customizations of the user experience), but relational data between large numbers of datasets is incredibly valuable. When Facebook leverages this relational data, they are able to target you with extremely tailored ads that directly relate to what you were just doing, or are about to do. When a company with somewhat obscuve business goals gets granular control over this tailoring, they can go as far as performing emotional analysis of whole populations and predicting their reaction to subconscious messages (closing the loop back to Cambridge Analytica)3.

Sidenote: Contrary to popular belief and large headlines, Facebook does not give your data to advertisers. Instead, advertisers get fine-grained control over the kind of people they would like to target (in terms or demographics, interests, geography, etc.) and Facebook will match their ads with people who these ads should be most relevant to based on the available data. Advertisers never get information on individual identities of the people that were targeted. This is in distinction to app developers, who may get access to profile data by requesting app permissions (here is the list of possible permissions). When apps request more permissions than what the app functionality really requires (e.g. a flashlight app requesting access to the friends list and the user photos for no good reason), this may be a sign of a data harvesting app. Check the Applications section below to find out how to remove unnecessary permissions.

Getting your data will allow you to get a peak at what Facebook and potential partner companies have to work with. But what can you do about it?

  • If you don’t want to deal with this in the future, you should go ahead and #deletefacebook.
  • If you want to stay on Facebook but be ultra nerdy about it, you can set up encryption tools on Facebook like these guys.
  • If you want to stay on Facebook but have better control over your data, you should read on.

How to Get to your Facebook Data

First, let me show you how to get to your Facebook data. One important remark: The data file can be huge (mine was around 800MB). If you don’t have that much disk space available, skip this section and read below – you’ll still be able to get something useful out of the following sections.

Okay, let’s get the data:

  1. Click the small down-arrow in the upper-right corner of any Facebook page and click on Settings in the menu.
  2. On the Settings overview page, find the small link that says “Download a copy of your Facebook data”.
  3. You’ll be taken to a page where you can request your data.
Navigating to the page for the Facebook data download.

It will take a few minutes until your data is ready.

Once your data is ready, you will receive an email notification as well as a Facebook notification.

  1. Click on the notification to go to the download page.
  2. Download your data file and store it in a secure location.
  3. Extract the ZIP file facebook-<yourname>.zip in order to see its contents.

You’ll find a folder called facebook-<yourname> which contains file called index.html as well as several folders.

Overview of the Dataset

Alright, open the index.html in your browser.

Overview of the Facebook data dump.

You won’t be too surprised about the content of the data dump if you’ve thought about this before on other occasions, or if you’re one of those crazy people who actually read the Terms of Service (shudder! all others should check out TLDRLegal to get a quick overview of the services they use – in plain English rather than legalese).

In any case, what can you do with all that stuff?


It starts out as expected, but you might be surprised how many things you “liked” over the years. This is a major input factor into ad targeting, and you might be embarrassed by a couple of things on this list (at least, if like me, you’ve been on Facebook for literally a decade). This is a good time to point out that if you haven’t changed your privacy settings away from the default, your Facebook friends might see targeted ads like Johannes Becker likes this thing that started being uncool in 2011.

What you can do about this:

  • Go to and do some spring cleaning on your likes list.
  • Go to the Ad Settings page and thoroughly go through all sections, deactivating all the “features” you don’t feel comfortable with.

Contact Info

This one had me shocked. I had 640 lines of contacts including their names and phone numbers (some times multiple numbers) listed in this section. Now again, this is a decade’s worth of data and I might be a contact hoarder, but still, doesn’t feel good.

What you can do about this:

  • Don’t allow the Facebook app or the Messenger app to synchronize your contacts! Infuriatingly, this is the default setting. The Facebook and Messenger apps will give you a choice about this when you install the app, but the UI choices are designed such that allowing access is the “recommended” choice. Go here and here for instructions on how to control these settings.
  • I feel like it’s appropriate to note here that by syncing your Facebook/Messenger with your phone contacts, you’re uploading personal data of people who have NOT necessarily consented to Facebook’s ToS and of whom Facebook is therefore collecting information in a non-controllable fashion (so-called shadow profiles – that’s for another article). Please don’t continue enabling them to do this, it’s super unethical.


I found this pretty cool, actually – it’s like a time machine. I like hoarding logs of old messages, and that’s exactly what it is.

What you can do about this:

  • Scroll back to the end of the feed and cringe hard.
  • Go to your Privacy tab as well as your Timeline and Tagging tab to make sure you only share your posts with the people you actually want to share them with.
  • There is no one right answer here, but if you set stuff to “public” here, be conscious about the fact that you are always broadcasting to the world (including your post being indexed on search engines for people to stumble upon outside of Facebook).
  • Think before you post. Mindcasting vs. Lifecasting is a very good article on the topic.


Same as Timeline for me – I enjoyed this, to be honest. If you have not opted out of Facial Recognition (see below), then at the very bottom of this page you will find a link with the same title which will show a page with a bunch of gibberish, which is supposed to be your raw facial recognition signature. Have fun with that? I guess?

This is a good time to tell you to:

  • Check the Facial Recognition settings and make sure you are OK with it.
  • When uploading images, post privacy and tagging settings (see above) apply.


Same as above, that’s a really cool feature. I guess the number of videos you post to Facebook will be a main driver to the size of your archive – turns out I don’t post that much. It’s neat that the videos (at least low res versions) are actually contained in the archive.

Keep in mind that

  • When uploading images, post privacy and tagging settings (see above) apply.


Uhm, neat? I like this, mostly because it’s a much cleaner friends list than the stuff you can see on Facebook directly. It’s interesting to see who where your “first 10 friends” etc…

What you can do about it:

  • Reminisce?
  • Do some spring cleaning and remove friends that you have no clue about who they are… remember, if you set your posts to “Friends only” and have 2000 randos in your Friends list, then your friends and 2000 randos will be able to see your posts.


Again, I like collecting messages for all eternity. If anything, this is a reminder that whatever you communicate on Facebook will stay on their servers well past the Apocalypse, so if you don’t like that, consider offloading your communications to a more secure messaging system (Signal, Telegram, or this if you’re really EFFing serious)


That’s the most messy event list I’ve ever seen. I don’t really know what to do with this to be honest (it’s probably great for full-text searching that one thing that you went to 5 years ago that you can’t remember the name of) but other than that, it’s mostly a reminder how precise Facebook logs your life and you usually don’t think that much about it.

Account Security

Wow, that’s dry stuff. Feel free to hang out here if you enjoy reading browser User Agent Strings (I didn’t think so…). If you ever had a suspected breach, this is useful information; if not, just know that user agent strings are one of the many components that Facebook uses to fingerprint your every move on the Internet.

What you can do about this:


As mentioned further up Facebook does not pass on youd data to advertisers directly, but there are still ways advertisers can connect to you:

  • Data collection on websites outside of Facebook (mailing lists, giveaways, mandatory registrations on websites, etc.) which is then imported into the Facebook ad system by the advertiser (see here for details)
  • You’ve visited a website with a tracking pixel that let’s the website owner target you with ads later.
  • You’ve given an app permission to use your profile data, which can be used to target you later.

In all of these cases “you” have given that data. You may just not be aware you did.

What you can do about this:

  • Go to the Ads Settings and make sure you clean that up.
  • When installing new Apps or connecting websites to Facebook, always review the permissions that the app requests and tailor that to what you actually what it to be able to have.
  • Again, install Ghostery and the Facebook Container to prevent pixel tracking on the Web.


Now, if you’ve made it this far you’re probably actually interested. This is where we come back full circle to the Cambridge Analytica issue… Any data that these third party apps (especially those you don’t know) may have, might have already been used in ways you can’t control, so it’s definitely worth the time to thoroughly comb through them and make sure you don’t continue exposing data:

  • Go to the Apps and Websites settings page
    • Remove everything that you don’t know and need.
    • Everything you do need, click “view and edit” and fine tune what you want to share with that app. Does an app you use for uploading photos really need access to all your friends?
  • If you want to get completely rid of all apps, you can do that too (with all the potential limitations that this might entail).

It is worth mentioning that Facebook has done a lot to overhaul this section. App access now automatically expires after a while, which is a feature (more info in this press release) they only introduced shortly before or after Zuckerberg’s testimony in the US Congress and Senate (I believe – I have not seen this before).

What else?

What Facebook offers you to download is by far not everything they have on you, even if they claim so. The New York Times scratched a little bit on the surface on this:

I’m not trying to make you paranoid here. We live in a data society and Facebook is a data-centered company, you bet they’re doing more than just listing your posts in chronological order. That whole Pandora’s Box of graph data / metadata / shadow profile data is way too much to just include in this article. Would you be interested in a writeup on that? Let me know!

Also let me know if you’re interested in this format in general (i.e. lengthy articles) or if I should package it differently. Feel free to suggest topics or directions, I appreciate your interest.

Further Reading

  1. The Charged newsletter is a super nice-to-read clutter-free weekly round-up of everything relevant happening in technology. I use it to stay up to date without browsing noisy news outlets daily. 

  2. The episode Reply All: #109 Is Facebook Spying on You? is very much worth a listen. 

  3. Note that I wrote “when”, not “if”. At this point we know it is happening, and has been happening for a while. 


Leave a Comment