Mark Zuckerberg, CEO and co-founder of Facebook, testified for the second day in front of Congress on April 10. Over the past several weeks, Facebook has been under much-needed scrutiny after the Cambridge Analytica information breach.

Members of Congress made sure their homework was done before grilling the CEO in front of the cameras. Through their precisely formulated questions, members of the Senate Judiciary Committee and the House Energy and Commerce Committee attempted to gain deeper insight into how Facebook collects information on people without their knowledge. Specifically, Representative Ben Lujan of New Mexico asked Zuckerberg about “shadow profiles.” Shadow profiles are supposedly information-dense profiles, created by Facebook, that represent individuals regardless of whether or not they actually have a Facebook account.

How it works: if you don’t have a Facebook account but have a friend who does, it is likely that Facebook has information about you. This is simply because you are in the contact list of your friend who does have a Facebook. The social network compiles information about everyone to create these shadow profiles, mostly without their consent.

While Zuckerberg admitted to not knowing what the unofficial term “shadow profiles” entailed, he did say “In general, we collect data of people who have not signed up for Facebook for security purposes.” Zuckerberg attempted to change the hearing’s narrative to point out that people do in fact have control over what information is known about them. Yet the implication of Zuckerberg’s statement suggests that this is untrue.

This raises a pressing matter: how much does the Internet truly know about us? And what guarantee do we have that it won’t be used against us? The answer to the latter is none.

While some may argue that Facebook’s possession of information about individuals isn’t all that terrible, the focus of the discussion should not be on possession of personal data, but how that personal data could be used. Having this information stored somewhere means that there is a way to access it—whether it be by governments or corporations with a penchant for sneaky advertising. Proved with the Cambridge Analytica fiasco, there is no way to make sure our information is safe. Our privacy has been and is still being compromised, and all of this is happening completely without our informed consent. The internet knows things about us that we didn’t even know about ourselves.

Can we continue to trust Facebook?

Some representatives questioned Zuckerberg on Facebook’s compliance with the 2011 consent decree. This decree states that any breach in privacy must be identified and dealt with accordingly. While Zuckerberg contends that Facebook complied, recent events prove otherwise. Facebook’s lack of accountability is another reason to fear that third party entities may have access to your personal information. How can we be certain that this platform will be safely protected from such breaches?

Facebook might argue that this information gets collected purely for security purposes. And it’s true that with any domain there is always the risk of an outsider finding a way to penetrate the system. Still, a fine line remains between collecting information for the purposes of security and collecting information for the sake of collecting information. For Zuckerberg and his team at Facebook, their stance on either side of this fine line has yet to be clearly determined.

Aditi Mahesh is a member of the Class of 2021 and can be reached at amahesh@wesleyan.edu