Facebook users who set their profiles to private aren't quite as hidden as they might think they are, according to security researcher Christopher Soghoian, who discovered that Facebook's advanced search features reveals people's names, pictures, religion and sexual orientation to people who don't have permission to see their profile.Like many social networks, Facebook allows its users to mark their profile page as private, semi-private or very open. However, even if you mark your profile to only be visible by friends, that doesn't change how you turn up in Facebook searches or whether your profile is open to indexing by search engines.
UPDATE: Weds. 6 p.m. PST: Facebook has changed this feature. See bottom of post. /UPDATE
So for instance, if you are a Facebook member of your college or local area, you could run a search to see all the people who are Christian women who are lesbians, all the women interested in women or all the Muslim men into other men. Your search results will likely include people who thought they marked their information as private, but didn't also change their search settings.
It's not as if Facebook doesn't give you the right to limit who can see your page, but common sense dictates that the vast majority of people who mark their pages as private don't want their information showing up in a public search. Some might, but here Facebook could automatically remove "friends-only" users from search results, and let those who don't mind be found via searches yet want a private profile choose that option.
The long-and-short? If you are a Facebook user but want it just to be a place for you and your friends to talk, get thee to to the search settings page today and turn that dial down. Otherwise, lesbian Jewish high school sophomores who have "private profiles" will have their names and pictures displayed to any schmoo who signs up for a Facebook account and stumbles across the advanced search page.
More technical details on Soghoian's blog, where he also wonders if this 'feature' violates European data protection rules.
UPDATE: Threat Level just noticed that the advanced search lets one search for women who like men and who are looking for "random play." Two of the private profiles displayed included the names and photos of a high school junior and a ninth grader.
This from Wired's Blog:
Comments