The Setup

I created an account for Facebook back in 2013ish. I didn't want to, I needed to use it for work. I used a similar but fake name. My profile pic was a stock avatar icon. I added some garbage information: lived in Colorado, worked at Starbucks, liked the Golden Girls (that is the only true part), followed a minor league baseball team, etc. I added a couple of coworkers as "friends" and logged-in as infrequently as possible. 

Skip ahead to around 2019/2020. I no longer work at the company that required the facebook account. I moved to a different state. The small town I live in uses facebook for community stuff. The fake info remains but I repurpose my account and join two real groups to keep up on local news and events. I only logged into facebook a few times per month. This works fine for a couple of years.

• I only use facebook on a desktop PC in my house
• I have never installed a facebook app, used it on any other device, or even accessed it from any other device.
• my email address for facebook was unique to facebook. I signed up for a .gmx email account specifically for use with facebook. This email was not found on haveibeenpwned.com
• I use a password manager.
• My password manager created a random 18 character password that included uppercase, lowercase, numbers and special characters.
• My password manager calculated this at 109 bits of entropy.
• My password manager (keepass) is local only, it is backed up to SpiderOak encrypted storage.
• SpiderOak uses a different email and very strong password.
• My desktop uses a different, strong, and unique password.
• I use uBlock Origin to block ads and trackers

I am not a celebrity. My facebook account had 3 friends. It was not worth stealing.

The above is to make clear a few key points. I take privacy ande security seriously, both probably too seriously. My Facebook account is empty and worthless to hackers, it is not worth hacking. My Facebook account was worthless to Facebook. They can't advertise to me, I rarely logged in, and I never stuck around "engaging" with the site.

The "Hack"

I try to log into facebook one day and it tells me my account was hacked. My email address was changed the day before. According to facebook, somebody was able to guess my random email address and guess my 18 character random password. This hacker then changed the email address associated with the account. They also changed my picture, from the stock avatar to a *real* face of some guy.

No worries says facebook, all I have to do is provide my cell phone number and email a copy of my drivers license. Haha, no way! It wouldn't work anyway since I used a fake name that doesn't match my license. Now if they had said we think this is a fake account, please prove you are real, I would buy that. But hacked, no.

It has been over 6 months since the hack. The old account has not changed. It has the same cover photo of nachos I pulled off the internet. He has the same 3 friends (they all know the account was hacked). He still likes Starbucks and Wisconson cheese. The only pictures are my cover and profile pic and the one "he" uploaded.

If I believe Facebook, that the account was hacked, the Hacker hacked the account for what? What is the motive here? To change a picture? 

I don't want the account back, I don't really care, it is a big Whatevs to me. But there is more to the story and that is what I am interested in.

The Investigation

There is only a single piece of evidence that I have access to- the new picture.

Looks fairly boring at first glance. It is in fact too boring. Where is it taken and why would you choose this picture? 

When I (literally) look closer things start to look off. I am fairly certain this is an AI generated face. 

They eyes (left/right is reversed when speaking anotomically vs looking at the face.)

• his right pupil is square
• his right medial canthus is absurdly sharp
• his left lower eye looks warped around shape of the iris
• his left iris appears to bleed through the upper eyelid

This guy kind of looks like Ricky Gervais so here are Ricky's eyes for comparison. Ricky has round pupils, similar shaped eyes, and you can't see the iris shape through his eyelids.

The all important Philtrum, aka snot slot, the little channel that runs from your nose down to your lips. 

• Philtrum that doesn't run to the center of the mouth.
• one really large or fused tooth
• either a pink tooth or a tooth shaped part of the gums.

Here is a picture of Ricky's mouth. [insert hilarious british teeth joke] The philtrum is obscured by hair but you can tell where it is by the direction of the hair. Some silver fillings maybe, but no pink teeth.

A few other oddities I noticed but won't zoom into: his part is blurred, his right eyebrow has some odd smudging, and the collar pattern on the sweater seems to come and go and change thickness.

Conclusion

Facebook knows the account is "hacked" and I am locked out. But the new "user" is allowed to change the profile picture. The account remains "active" but there is no activity.

Facebook's entire revenue stream is based on having users and selling their data to advertisers. Facebook needs to have high users to attract advertisers. User growth stagnates in 2021.

8 billion people on planet earth. 25% are under 15 year of age. That leaves 6 billion people 15 and over. Facebook claims 3 billion monthly active users (MAUs). When a $500,000,000,000.00 (previously over 1 trillion) company's value is based on a single metric, that metric is defined by Facebook, Facebook is allowed to change the definition, and that metric is measured internally and opaquely by Facebook- there is an ungodly amount of pressure to make sure that metric is high.

So am I saying Facebook is taking over inactive or non-valuable accounts to boost their numbers? Nope, I am simply throwind around some dots. Connect them how you want.

PS yeah yeah, it is Meta now. 

Ricky Photo Source:

https://static.independent.co.uk/s3fs-public/thumbnails/image/2020/07/10/09/ricky-gervais.jpg?width=1200&auto=webp&quality=75