It’s not hacking if users’ privacy settings are searchable, right? It depends on who you ask. Current Facebook privacy settings come with a recommendation that urges users to leave their pages searchable to everyone.
The logic behind this is as follows: “If you’re visible to fewer people, it may prevent you from connecting with your real world friends.”
But staying searchable has led to the harvesting and publication of information that includes names and profile URLs for over 100 million Facebook users.
Skull Security and Information Distribution
Ron Bowes of Skull Security did some simple reconnaissance on Facebook for some hard data to use in his research on how people choose passwords. Ron is working to figure out how many usernames are based on people’s given names (jsmith is a popular choice). By proving that usernames and passwords can be easily extracted from basic information, Ron hopes to teach people how to make their accounts more secure.
In the Facebook incident, he collected only names (which could be actual names or usernames) and URLs of all searchable profiles (about 1/5 of Facebook users), then posted the information as a 3GB file that could be downloaded by anyone with Internet access.
Facebook spokesman Andrew Noyes has said that this information could be collected from any phone book, but the URLs collected couldn’t be extracted from the White Pages. Finding these URLs could be a frustrating trial-and-error process based only on names from a phone book, but thanks to Ron, they’re now accessible to anyone who’d like a neatly packaged list of searchable Facebook users.
The Problem with Being Searchable
Contrary to Facebook’s recommendations, users might consider changing their privacy settings to “unsearchable.” Here’s the minimum amount of information that can be gathered from a profile: name, profile picture, gender, and networks.
Facebook reserves the right to keep this information visible on every account, and accessibility can only be limited through the “searchable/unsearchable” setting. So with a URL provided by Skull Security, anyone can now view this information unless these accounts’ users make them unsearchable.
The problem with this is that advertisers are extremely interested in what seems like basic information because they can make surprising inferences based on the simplest data.
The best-case scenario, then, is more targeted advertising. The degree of potential damage depends on searchable accounts’ other privacy settings.
For example, if you can be searched and you’ve made your list of friends accessible to anyone, your friends’ information is now accessible even if they’ve made their accounts unsearchable.
Deciding on Your Privacy Settings
If you’re on Facebook, go to “Account” and “Privacy Settings” to edit your preferences. If you click on “View settings” under “Basic Directory Information,” you can preview your profile to see how it looks to someone who isn’t on your friends list. You might be surprised at the amount of information that’s accessible.
Change your “Basic Directory Information” to control how searchable you are, who can send you friend requests and messages, and who can see your friend list, education, work, current city, hometown, interests, and other pages (choices are Everyone, Friends and Networks, Friends of Friends, or Friends Only).
Under “Sharing on Facebook,” you can customize the rest of your settings, which are organized under the topics “Things I share,” “Things others share,” and “Contact information.”
Even if you’re not concerned about your own information, it’s courteous to protect friends and family by selecting “Friends Only” for accessibility to your friends list, family, relationships, and everything under “Things others share.” At the very least, accept Facebook’s loose minimum recommendation for privacy settings. You can select “Recommended” under “Sharing on Facebook” to do this.
This is a guest post by Alexis Bonari. She is a freelance writer and blog junkie. She is a passionate blogger on the topic of education and free college scholarships. In her spare time, she enjoys square-foot gardening, swimming, and avoiding her laptop.
Talkback and comments are most welcome
Keeping unneeded sensitive data off your computer
Personal data - Publish only what you can afford to get leaked
Privacy Ignorance - Was Eric Schmidt thinking?