back to article Facebook pages very much public, even when set as private

Facebook settings that are supposed to cloak user profiles can easily be bypassed to reveal the friends, pictures, and other attributes of users who have configured their accounts to be private. The inability to keep profile pages private would seem to contradict Facebook's promise that "The settings you choose control which …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    fairly obvious

    You're only ever as secure as the weakest link in your social chain.

    Lets say your friend Bono can see your profile. Your friend Bono isn't very bright. Once in maths class he ate his dunce cap. His Facebook profile also has a collection of the most powerful data mining apps ever designed masquerading as games. What do you think will happen when Bono visits your profile?

    1. Anonymous Coward

      no title

      You too?

    2. Anonymous Coward
      Anonymous Coward


      Thanks for the advise. I have now deleted the limousine liberal twat!

    3. Anonymous Coward
      Anonymous Coward

      I wonder if...

      ...Bob Geldoff has unfriended him yet...

  2. Mark 65

    Sounds about right

    I had a look at this Facebook thingy a few years back and it just seemed like an accident waiting to happen. Glad I steered clear as it seems that can't, or simply do not want to, keep information private to the level the user specifies. Me thinks all these "it happens to just make it public" episodes are in fact just APIs of sorts for their cash donating partners.

  3. Anonymous Coward
    Anonymous Coward

    How else can you socialise so much without moving from your chair?

    I think the idea of Facebook is that you want everyone on the planet to know everything about you, which evidently suits a lot of people. E-mail, snail mail and the telephone are reasonably confidential alternatives, and so is going to meet your chums in a quiet corner of the pub.

    I say this lest we forget.

    1. mittfh

      Email = relatively confidential?

      Err, if it's sent encrypted (perhaps using PGP), then maybe. If not, then it's just plaintext, which could easily be intercepted by any computer along the network path between your mail server and the recipient's mail server...

      It's been standard advice for years not to send confidential information via email unless encrypted (e.g. passwords, credit card numbers, bank account details)...

      As for FB, even if it did restrict what individual users could view via the interface, it would probably be very difficult (if not impossible) to persuade application / game developers to stop using the API to gather far more data than the application / game actually needs, regardless of their ToS. Only last week there was a story revealing that many games do this, including the dozen or so released by Zynga (FarmVille, Mafia Wars et. al.)...

      There's certainly a case for restricting the majority of information, but when push comes to shove, FB is a social network. In order to have the ability to add new friends, and (genuine) friends to find you, a certain amount of information (e.g. name, age, gender, hometown) needs to be visible. But they need to make it a lot easier to specify what information is visible (a) to the world at large, (b) to potential friends (i.e. those who've initiated contact with you), and (c) what's visible to your various friend lists (which also need to be easier to manage - having to click padlock, custom, specific friends, and typing in the name of the friend list is hardly an intuitive way to control who can see your postings!)

    2. Code Monkey


      Personally I draw the line at my status updates, photos, etc. leaking out.

      The fact that I'm discoverable is something I can live with. In fact it's one of the key advantages of Facebook. If you (not you personally, Letters to the Editor, I just loathe the word "one") don't like the discoverability you really should stick to email.

  4. MeRp

    Seems it is only a matter of time.

    "That means Facebook is technically correct..."

    Sure, they are technically correct until someone builds the script referenced earlier in the article and exposes it. At that point Facebook is no longer technically correct; one could search for the information, just not on Facebook (unless the programmer made a Facebook application to do so).

    1. John Robson Silver badge


      It's not correct now. A search does not have to be automated to be a search.

  5. Anonymous Coward
    Anonymous Coward

    Facebook will never provide real privacy

    It goes against their business model. People have cottoned on that one way to gain an extra bit of privacy is to deliberately spell their names in unusual ways or use mixed alphabets; however, Facebook is trying to put a stop to that too now, under claims of authenticity and a crack down on spammers.

    1. Anonymous Coward
      Anonymous Coward

      It's true

      I had great fun on Facebook, until they discovered that Malvern Hills isn't a person's name.

    2. John Latham

      Business model?

      Facebook have a business model?

    3. Wize

      What if your name is spelled an unusual way?

      Or have strange parents that call you stupid names that no one believes till they see your driving licence.

  6. Noodle

    Missing the point

    I have to wonder what people who want "complete privacy" are doing using Facebook in the first place. The only way they are going to achieve that is not use social network websites at all. People need to realise that Facebook is a business and it provides a "free" service by mining the data generated by the relationships and attributes of its millions of users. You don't get something for nothing, so if people are not happy with the way Facebook does things, use a different network or don't use them at all!

    Reminds me of a great quote I heard recently: “If you are not paying for it, you’re not the customer; you’re the product being sold.”

    1. Dan 10
      Thumb Up

      Nice quote

      <msg ends>

  7. Winkypop Silver badge

    Ya gets what ya pays fa'

    Is anyone really shocked by this?

  8. Charles Manning

    "As tight as possible"

    Wrong: the tightest is to not join.

    But surely tight settings are of no interest to Facebookers. What's the point of being a narcissist if you don't flaunt it?

  9. Ned Ludd

    I'd like to be the first smug bastard to go on about how superior I am for not using Facebook...

    ...but I bet I won't be.

  10. Eddie Edwards

    How is this a bug?

    You can see photos and names of your FOFs. Yeah, that's a feature of Facebook; it's a primary method of finding people you know, especially when you've just joined. Does anyone who thinks this is a problem actually *use* Facebook?

    Come on people, signing up to Facebook does require at least a minimal desire to actually want to connect with your friends on there.

  11. BTCustomer
    Thumb Down

    transparency is the word

    @ Noodle

    I agree with you except for the fact that Facebook themselves are far from honest about that.

    If they could just be up front and admit that they are a commercial operation, that they do NOT respect privacy, and that nothing you put on Facebook is private, and that they will be selling it to the highest bidder, then we would all know where we are.

    Perhaps also a statement at the top of the privacy settings and profile pages, that says, "whatever settings you put here, it doesn't make a scrap of difference. All this information is public and we will be making it available to the harvesting bots. We don't care. There are more privacy holes in Facebook than in a Gruyere cheese, and that's the way we like it - we make more money that way."

    Then they could claim to have their users informed consent.


  12. Jellied Eel Silver badge
    Big Brother

    Add me!

    Or add yourself under your favorite nom de gruyere if you want a slight illusion of privacy. Most bizzare facepalm related issues I've seen lately are it's requests for your email password so that it can add your contacts to your friends. But then LinkedIn is asking the same. How secure. Then we have our government deciding it'd be fun to log FB related info, like friends and messages. Announcing I've just grown a field of diseased tomatoes and now need help raising a barn is obviously code for something nefarious and logging it is no doubt good news for disk manufacturers. FB's not even that useful for SNA, if people play any of the '501' games like Zygna's that encourage you to add random strangers to progress.

  13. Syntax Error
    Thumb Down

    I'm Suprised they have not been Sued

    I am suprised no one has sued the company yet for data protection. If your privscy controls do not stop your data being publicly available then it must be time to sue this social netwoking idea out of existence. I can dream.

  14. Pet Peeve

    Who writes code like this?

    So let me get this straight, facebook private pages are protected from on-site searches, but if you know the URL you can view a "private" page always?

    Here's a radical idea - if a page is protected, require a login before showing it, and if the person isn't permitted to see it by the owner, don't show it even if they are logged on? There, job done.

  15. Michael C

    simple solutions

    a) delete your facebook profile and never go there again

    b) delete the actual content, ensuring nothing on your face book page is available at all.

    Look, your real friends know where you work and live. They know your personal information. Other people trying to reach you can do so through facebook whether or not you publish any of this data can simply REQUEST it, and you can give it only to those who should have it. Keep facebook for associations, and news feeds, and games, if you want, but don't put anything there you do not expect everyone in the world to be able to see regardless of your settings.

    My facebook page is a blank slate. Only the absolute mandatory settings are filled in (and some of that with false information where possible). There are no pictures of me there, or my family (just an avatar image). I post no personal details there. It exists so I can have accounts in games my wife plays, so i can post links I want friends to see, and so I can see and respond to things friends want me to see, and so my reunion class can find in a few years.

    Too many people not only have no clue of the security limitations here, but they go and post stuff like "WoHOO, cruise finally leaving the dock!" and "Looking forward to a weekend in the mountains." and many others share accounts, and sometimes even passwords, in open news feeds or "private" boards (which are still accessible by friends).

    If you would not post the same notice on the front door of your home, do not paste it on face book. 3 of my neighbors have been robbed in the last year alone for such stupidity.

  16. Colin Millar

    Technically incorrect (aka lying)

    They may not be searchable within the facebook search but that search restricts itself by facebook "privacy" parameters.

    It doesn't mean they are not searchable uisng a proper earch tool which simply ignores any such parameters.

    Seems like facebook has redefined "private" as "not running down Oxford Street on xmas eve, naked with your genitals painted blue"

    Even the "security through obscurity" fans would be ashamed of this effort.

  17. Anonymous Coward

    Facebook is a wank anyway - from several perspectives.

    a) The sites security is bullshit.

    b) The corporate mind games about your security - and the selling / mining of your data, are also bullshit.

    c) And when you delete your account - they retain all the information, just in case you should get all lonely and fucked up about not having postage stamp friends to talk type at - so it makes it easy to stick your facebook profile back up, without having to do any work.

    d) Face book is run by arseholes anyway - the thin line of giving you some webspace for your bullshit vs. the trade off of using that as an inducement to buy stuff through their advertising etc.. - well that thin line was crossed over long ago - and the subversive use of your content without your knowledge or consent has been going on for a long time.

This topic is closed for new posts.

Other stories you might like