IPTC metadata automatically added to uploaded images on Facebook
According to this site:
Special Instructions [IPTC Core] Alternative label from older IPTC IIM schema, used for "Instructions."
Instructions [IPTC Core] This is a simple text field that can include any of a number of instructions from the provider or creator to the receiver of the photograph. Any of the following might be included: embargoes (eg: News Magazines OUT) and other restrictions not covered by the Rights Usage Terms field (or new PLUS rights related fields); information regarding the original means of capture (scanning notes, color profile, etc.) or other specific text information the user may need for accurate reproduction; additional permissions or credits required when publishing. Note: This field is “shared” with the “Instructions” field in the Origin panel of the Adobe Photoshop File Info dialogue.
Examples: *Image to be used one time only, non-exclusive in English-language-edition magazine as inside image, no larger than a full page in color. Additional third-party rights to be negotiated with Julie Doe / XYZ Agency in advance. All rights not specifically granted are reserved. See delivery memo for specific license.
For consideration only; no reproduction in any form without prior, written permission.*
That's the International Press Telecommunications Council (IPTC) standard Information Interchange Model (IIM).
I haven't been able to decode Facebook's data, but pasting, downloading, and pasting an image again will change the data slightly.
Using IrfanView to set special instructions to "testing" in a JPG without IPTC data, adds these bytes to the header:
I've downloaded 339 images with instruction length 94 after the FBMD, and the following bytes stayed the same:
0 {'0': 339}
1 {'1': 339}
2 {'0': 339}
3 {'0': 339}
4 {'0': 339}
5 {'a': 339}
8 {'0': 339}
9 {'3': 339}
10 {'0': 339}
11 {'0': 339}
12 {'0': 339}
13 {'0': 339}
18 {'0': 339}
19 {'0': 339}
20 {'0': 339}
21 {'0': 339}
26 {'0': 339}
27 {'0': 339}
28 {'0': 339}
29 {'0': 339}
34 {'0': 339}
35 {'0': 339}
36 {'0': 339}
37 {'0': 339}
42 {'0': 339}
43 {'0': 339}
44 {'0': 339}
45 {'0': 339}
50 {'0': 339}
52 {'0': 339}
53 {'0': 339}
58 {'0': 339}
60 {'0': 339}
61 {'0': 339}
66 {'0': 339}
68 {'0': 339}
69 {'0': 339}
74 {'0': 339}
76 {'0': 339}
77 {'0': 339}
82 {'0': 339}
84 {'0': 339}
85 {'0': 339}
90 {'0': 339}
92 {'0': 339}
93 {'0': 339}
I also found 3 images with only 86 mystery bytes after FBMD, e.g. 23000986030000f91d0000e5230000502900004889000041ac000004c900007aee0000cf0f0100f02d0100, also saved in the past few months. Same bytes there were:
0 {'2': 3}
1 {'3': 3}
2 {'0': 3}
3 {'0': 3}
4 {'0': 3}
5 {'9': 3}
6 {'8': 3}
8 {'0': 3}
9 {'3': 3}
10 {'0': 3}
11 {'0': 3}
12 {'0': 3}
13 {'0': 3}
16 {'1': 3}
18 {'0': 3}
19 {'0': 3}
20 {'0': 3}
21 {'0': 3}
26 {'0': 3}
27 {'0': 3}
28 {'0': 3}
29 {'0': 3}
34 {'0': 3}
35 {'0': 3}
36 {'0': 3}
37 {'0': 3}
42 {'0': 3}
43 {'0': 3}
44 {'0': 3}
45 {'0': 3}
50 {'0': 3}
51 {'0': 3}
52 {'0': 3}
53 {'0': 3}
58 {'0': 3}
59 {'0': 3}
60 {'0': 3}
61 {'0': 3}
66 {'0': 3}
67 {'0': 3}
68 {'0': 3}
69 {'0': 3}
74 {'0': 3}
76 {'0': 3}
77 {'0': 3}
82 {'0': 3}
84 {'0': 3}
85 {'0': 3}
86 {'\x00': 3}
This blog post appears to know more about it:
[...] on 2014-11-13, Facebook introduced a new tracking code. It appears as an IPTC Special Instructions metadata field. They look like:
Special Instructions: FBMD01000ac60300004a1d00002d4b000067580000c9650000d5fc000054350100953a0100d3420100e84b01005f8f0100
Special Instructions: FBMD23000969010000b1590000cb7700000a8600000c07010046820100b8c0010052590200e5c902006e440300
I think that "FBMD" stands for "Facebook Member Data" (but I could be wrong).
I've manged to decode one interesting aspect in these strings: the length. Each string starts with "FBMD", two hex characters (1 bytes), and a 16-byte (4-character) length. Then comes length+1 sets of 32-bit (8-byte) values.
FBMD01 000a = length 10, so expect 11 fields: c6030000 4a1d0000 2d4b0000 67580000 c9650000 d5fc0000 54350100 953a0100 d3420100 e84b0100 5f8f0100
FBMD23 0009 = length 9, so expect 10 fields: 69010000 b1590000 cb770000 0a860000 0c070100 46820100 b8c00100 52590200 e5c90200 6e440300
I've asked the Facebook community about it.
Well looks like someone is watching.
I have found this at first, there is link to this stack post
Citing from above:
"Upload picture and Facebook tags it with a secretly embedded tag: A008E8E97FA55
Friend “A” on Facebook downloads it.
Friend “A” texts it to another friend – someone you don’t know, their friend Friend “B”, and another friend of theirs Friend “C.”
Friend “B” isn’t on Facebook, or maybe they mostly just post to Reddit.
Friend “B” posts to Reddit. Facebook sees this (by scouring Reddit systematically, the way search engines scour the entire ‘web’ in general). After seeing this a few times, quickly repeated, Facebook now knows you are somewhat close to Friend “B.”
So now Facebook knows who another of your “Friend of a Friend” connections are – a person you don’t even know about yourself!
Repeat this activity on a large scale, and now Facebook knows your Facebook friends, Facebook followers, and your real-world friends, co-workers, and associations. They even know your “friends of friends” (people you don’t know) and their buying and lifestyle details, and yours, and how your friendship circles fit together, even outside of facebook."
Some more stuff on Twitter