I actually got a peek at Facebook's behavior maybe 5 years ago when I signed up to beta-test a video game. They had used the Facebook login API for their beta forums without marking it on their site, so signing up for the game signed me up for Facebook.
Suddenly all the Facebook ads everywhere knew my name. Three weeks and about 40 emails to "update my Facebook profile" that I reported to Gmail as phishing later, I received the dubious honor of being banned from Facebook without ever using it.
I threw all their domains into loopback in my hostfile at home and haven't seen their site or ads on that machine since, but if I log into LinkedIn in my work browser it starts all over again, so I've figured for a while there's probably also an account for everyone who has LinkedIn.
My suspicion is pure and simple: Both Facebook and LinkedIn are operating business models that are based on stalking users on the web. If this is your mission it is almost obligatory to implement something similar to Panopticlick [1] to stalk on anything and everything that could be one of your (future) users.
I have the same feeling about LinkedIn! I only recently signed up for LinkedIn, about a year ago, using my GMail address I use for job-hunting purposes. I've had this account since circa-2008 but I ONLY use it for work purposes (since it's a bit more professional sounding). I also have another GMail account which I have had for much longer and shared amongst friend and some old colleagues.
When I signed up for LinkedIn, I put in my name and "work" email address and straight away, without me having provided any other piece of information it was suggesting people I may know. It was not possible that it could have shadow guessed this from my email since those colleagues don't have that one, but both my GMail accounts are linked so I wonder if that was the weak point. Definitely something strange going on and it scared me somewhat...
I should also note that at no point did I use the "find my friends" type feature and give it access to my GMail to mine my contacts either.
LinkedIn's "people you may know" is notorious for its creepy accuracy. Not only colleagues, current and past, but friends, acquaintances, ex girlfriends, university professors, landlords, hairdressers and more.. The least paranoid explanation is that, unlike me and you, many others click "find my friends" and let LinkedIn slurp their thousand-entries address books.
I imagined so too, but what were they basing this match on? The people they were suggesting did not, or at least should not, have had this particular email address since it was created after I had worked with them. They only ever emailed (for group meetups/drinks) on my "personal" email address.
Now I can recommendations for other people in the same company, previous colleagues who were at the same company at the same time, "friends of friends" and all that makes sense. But creepy as you say. Maybe the guys who wrote the algorithm now work for the NSA...
This was long after (4 years) I had left the company in question, so nothing to do with IP range. Besides, it was a BIG company, and it fairly accurately found my colleagues that I worked most closely with.
Suddenly all the Facebook ads everywhere knew my name. Three weeks and about 40 emails to "update my Facebook profile" that I reported to Gmail as phishing later, I received the dubious honor of being banned from Facebook without ever using it.
I threw all their domains into loopback in my hostfile at home and haven't seen their site or ads on that machine since, but if I log into LinkedIn in my work browser it starts all over again, so I've figured for a while there's probably also an account for everyone who has LinkedIn.