If you are a facebook user, you might have seen posts that go something like this
If you take the url to a photo in a facebook gallery, like this for example http://www.facebook.com/photo.php?fbid=10151265478032446&set=a.10151214746012446.480779.679047445&type=3&theater, only my friends will be able to see it. But if you take the direct URL of the picture (right click on picture -> show image or something like that) you get a URL like this http://sphotos-b.ak.fbcdn.net/hphotos-ak-ash4/311217_10151265478032446_2030697084_n.jpg, you can give it to anyone and they can see the photo. As you can see, the name of the picture is made out of three numbers separated by an underscore, with the middle number representing the picture id. Here's a few more examples:
http://sphotos-d.ak.fbcdn.net/hphotos-ak-ash3/60675_10151201144402446_161978646_n.jpg
http://sphotos-f.ak.fbcdn.net/hphotos-ak-snc6/223340_10151217072382446_1638752273_n.jpg
http://sphotos-e.ak.fbcdn.net/hphotos-ak-ash3/58367_10151201145747446_1713269601_n.jpg
http://sphotos-b.ak.fbcdn.net/hphotos-ak-snc7/314234_10151219854077446_1301291355_n.jpg
http://sphotos-d.ak.fbcdn.net/hphotos-ak-snc6/269560_10150260576312446_7947755_n.jpg
http://sphotos-a.ak.fbcdn.net/hphotos-ak-prn1/25160_383525892445_8208924_n.jpg
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash3/644233_407306429357603_1603733801_n.jpg
(The last one is actually not mine, but I needed it to make a point)
As you can see, the photos are saved at two other locations, fbcdn.net and akamaihd.net. From the given examples it shouldn't be too hard to write a small program that checks all the combinations and downloads the photo, if it finds it. Now, you can't target a specific user, as the user id isn't present in the URL, but it's still scary that getting ALL the photos on facebook is just a few minutes of coding away (not sure how legal it is though).
In conclusion, treat your data on facebook like a blog: everyone can see it, but only a few people actually will.
"I enjoy my privacy so please make a few clicks so if you like my status/pictures/whatever, they won't show on your friends' walls."This works well with status updates (though it's pretty stupid that we need to do that and how can you be sure that all of your friends will do that or that facebook won't just change the privacy settings again?), but there's a problem with the photos you upload. While this method will hide them from your friends' friends, they are not 100% safe from strangers. Let me elaborate on that.
If you take the url to a photo in a facebook gallery, like this for example http://www.facebook.com/photo.php?fbid=10151265478032446&set=a.10151214746012446.480779.679047445&type=3&theater, only my friends will be able to see it. But if you take the direct URL of the picture (right click on picture -> show image or something like that) you get a URL like this http://sphotos-b.ak.fbcdn.net/hphotos-ak-ash4/311217_10151265478032446_2030697084_n.jpg, you can give it to anyone and they can see the photo. As you can see, the name of the picture is made out of three numbers separated by an underscore, with the middle number representing the picture id. Here's a few more examples:
http://sphotos-d.ak.fbcdn.net/hphotos-ak-ash3/60675_10151201144402446_161978646_n.jpg
http://sphotos-f.ak.fbcdn.net/hphotos-ak-snc6/223340_10151217072382446_1638752273_n.jpg
http://sphotos-e.ak.fbcdn.net/hphotos-ak-ash3/58367_10151201145747446_1713269601_n.jpg
http://sphotos-b.ak.fbcdn.net/hphotos-ak-snc7/314234_10151219854077446_1301291355_n.jpg
http://sphotos-d.ak.fbcdn.net/hphotos-ak-snc6/269560_10150260576312446_7947755_n.jpg
http://sphotos-a.ak.fbcdn.net/hphotos-ak-prn1/25160_383525892445_8208924_n.jpg
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash3/644233_407306429357603_1603733801_n.jpg
(The last one is actually not mine, but I needed it to make a point)
As you can see, the photos are saved at two other locations, fbcdn.net and akamaihd.net. From the given examples it shouldn't be too hard to write a small program that checks all the combinations and downloads the photo, if it finds it. Now, you can't target a specific user, as the user id isn't present in the URL, but it's still scary that getting ALL the photos on facebook is just a few minutes of coding away (not sure how legal it is though).
In conclusion, treat your data on facebook like a blog: everyone can see it, but only a few people actually will.
No comments:
Post a Comment