“JLT” is not happy with Facebook. Not at all. The independent researcher from the EU contacted me to ask, “Hey I just found out something and you know way more than me about US law so maybe you can help me with this: isn’t it illegal for a company to not allow you to unsubscribe from their email listing? Like this “unsubscribe” doesn’t work:
![This message was sent to [redacted]. If you don't want to receive these emails from Meta, please unsubscribe.](https://pogowasright.org/wp-content/uploads/meta_unsub.jpg){kind=small}
“What do you mean, it doesn’t work? The link doesn’t lead anywhere, or you submit it but haven’t been unsubscribed?” PogoWasRight asked.
JLT replied:
Well I created a FB account to try and msg a company. Since I created it with a VPN, as soon as it registered, the account got hit with captcha. After I fought the captcha for 5 minutes because of my VPN IP address, it asked for my email code confirmation. So I input that and got that welcome to FB email and then my account got instantly suspended.
I tried unsubscribing from the email list until the account gets deleted in 180 days but I get this instead:
By now, PogoWasRight was thoroughly baffled. As someone who doesn’t have a Facebook account, it was not obvious why it should take 180 days to delete an account or how they can demand biometric data like a facial picture to delete an account they suspended when the user wanted an account.
The message JLT received demanded a “verification selfie” that would clearly show his face — a selfie that they would then keep for up to a year to help them train themselves to detect fake photos unless he tried to change the length of time.
There seemed to be no option for him not to provide a selfie if he wanted the account deleted.
Not only were they demanding a selfie to delete the account in 180 days, but they were also demanding a selfie if he tried to get them to unsuspend his account.
The only reason JLT had tried to open a FB account was to reach a FB user to alert them that they had an exposed server leaking personal information. Not only did he wind up unable to use FB to contact the leaking company, but now FB seemed to have him trapped, unable to delete himself unless he turned over more personal information on himself.
“Pretty sure this shit shouldn’t be legal lol,” JLT muttered. “Basically they are holding my email hostage until I provide a picture of me? ”
Not to go down without a fight, JLT wrote to Facebook’s data protection office:
Hello, I’m reporting what I believe is a privacy violation of users. I tried registering an account to contact a company about a server they have with exposed data and used my VPN to register, after going through a captcha to verify I wasn’t a bot and confirming my email with the 6 digit code I got a welcome to facebook email and at the same time got my account instantly suspended.
I tried unsubscribing from the email listing so I don’t get spam while I wait for the account deletion in 180 days and the unsubscribe link redirects me to a page asking me to upload a photo with my face that facebook will hold onto for a minimum of a month up to a whole year.
Why do I need to provide a photo of my face to remove my email from your listing, are we holding peoples emails hostage until they provide private data to facebook?
The following was Facebook’s non-responsive response to JLT:
“Guess I’ll try Ireland data protection commission now,” JLT told us.
We hope they respond to him.
A previous version incorrectly located JLT in the UK. It was corrected to read EU.