Home > Hacking, Privacy, Trust > Facebook Photo Hack Bypasses Privacy Settings

Facebook Photo Hack Bypasses Privacy Settings

Do you use Facebook?  Since over 700 million people do, the odds are pretty high that you fall in this category.  Are you concerned with your privacy and want control over who sees your content?  Have you taken all the steps necessary to keep your private information private and feel pretty good about yourself?  Well think again.  While you may be taking every precaution to keep your data private, some items (such as your photos) are totally open.  Still feel good about yourself?  Keep reading.

Let’s say that you are on vacation and decide to take a few pictures to memorialize the trip.

You want to share your pictures, but you only want to do so with some of your closest friends (you don’t want these photos to be public).  So, you select the upload photo option, point to the picture on your local computer, make sure that the Friends option is selected, and click Post.

The picture appears on your wall where only you and your friends can see it.  You verify this by viewing the audience for the picture as follows:

Your friends comment and you all get a big laugh from the picture.  But one of your not so close friends thinks it would be funny to show the picture to someone else – outside of your friends community – without your permission.  Now, they could download the picture to their local computer and upload it somewhere else, but that takes too many steps – Facebook makes it much easier for you to be compromised.

Simply click on the image to open Facebook’s photo viewer.

Now right-click on the photo and select “Copy Image URL” from the browser menu that opens.  You will have copied something like this:

https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash4/417289_3438286326144_1540095830_3027971_342095865_n.jpg

If you look at the URL, you can see that this image is not hosted on Facebook’s site.  Instead, it is hosted on Akamai’s site (a place where your privacy settings do not apply).  By simply knowing this photo’s URL, anyone in the world can see this picture.  All your “friend” has to do is share out this URL and all the time and efforts that you have taken to be private are now out the window.

Don’t believe me?  Try this for yourself.  Or simply click on the link above to see a picture that I have supposedly made private in Facebook.

About these ads
  1. November 2, 2012 at 6:15 pm

    And at that time, your fb profile was also included in the photo link.
    For example your fb profile is http://www.facebook.com/profile.php?id=1540095830 which was the third number embedded in the URL. However, I hadn’t notice but sometime this year they have changed that.

  1. March 12, 2012 at 2:25 am
  2. October 4, 2012 at 7:14 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 621 other followers

%d bloggers like this: