The Register® — Biting the hand that feeds IT

Feeds

How to sniff out private information on Facebook

Social network makes it a snap

By Dan Goodin, 26th June 2007
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Facebook users who like to control who gets to see your account details, take note: political views, religious back ground and other sensitive details may be wide open to prying eyes even though you've configured your profile so its viewable only to designated friends.

That's because the user setting that allows only designated friends to view a user's profile has no effect on whether the contents of that profile can be searched by the Facebook community at large. Users who want to block their profiles from being searched must go through an additional step.

It's hard to imagine why someone would want to block strangers from reading their profile and at the same time opt to have their profile contents searchable by any Facebook user. And it's even harder to understand why Facebook search by default indexes profile contents, rather than the other way around.

But that's the way Facebook has been doing things since at least September, according to Chris Soghoian, a graduate student at Indiana University who blogs about the quirk here.

"Users cannot be expected to know that the contents of their private profiles can be mined via searches, and thus, very few do set the search permissions associated with their profile," Soghoian writes.

Soghoian's observation is one more example how digital information presumed innocuous can come back to bite us in the ass. As employers, co-workers and others get wise to the trove of personal details volunteered on MySpace, LiveJournal and elsewhere, it pays to think before posting. Or in the case of Facebook, to pay close attention to privacy settings.

To demonstrate, Soghoian created an account for an individual named "Chris Privacy Soghoian" whose politics are socially conservative, lists his religious background as Catholic and claims to live in London. While the account is set so only friends can view the profile, anyone who puts "Chris Privacy Soghoian" and "Christian - Catholic" into the advanced search engine (and evidently, who belongs to one of Soghoian's networks) will get a result showing a match.

For more than 24 hours Facebook representatives maintained radio silence in response to a call and email from us asking about the design of their privacy settings. That left us wondering aloud in a previous version of this story if we'd have been better off searching through their profiles.

On late Wednesday, a spokeswoman finally emailed to say the company has updated its advanced search function so that profile information designated private will no longer be included in search results. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (16)
Latest Comments
Andrewkfromaz

Search - rarely used in Facebook

I find that search is most often used for names, rather than profile contents. Personally, whether someone holds an interest (e.g. Norwegian death metal) with me or not, I prefer to think of my profile as most interesting to those who know me IRL already.

Facebook (or any other social networking site for that matter) have yet to evolve to the point where a (even temporarily) static page that asks people to describe themselves can convince me that I want to associate with other people without another frame of reference.

0
0
Anonymous Coward
Anonymous Coward

Why search?

By default anybody can see your profile as long as they are on the same network as you.

Admittedly you can change this in the privacy settings but from looking at the amount of profiles that are openly available on the networks, and from the fact I'd not looked at the privacy page until today, I'm assuming a lot of people haven't realised this.

Surely this is not something that should be allowed by default. If it is, why bother asking whether friends should be allowed to see your profile when unknown to you everyone else on your network can.

0
0
BobApril

A matter of choice

Jim, the way it should work is that your search for "flower arranging" is supposed to turn up people who have that interest AND have agreed to let world+dog find out about it. Right now, you can find them whether they wanted you to or not.

And yes, Test Man, there is a fix for it - but when you've already selected an option to make your profile private, are you really likely to go looking for a second option to do the same thing? I know it isn't really the same thing, but I'd rate this as a high chance for confusion, at least.

And for that last anonymous one...in Soviet Russia, profile searches you! (Sorry...somebody had to say it.)

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
133
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15