Skip to main content

Stalkbook: View any Facebook profile information even if they’re not your friend

Image used with permission by copyright holder

Whether you’re a job seeking college graduate or working professional, if you want to keep your career and personal life separate, chances are you have meticulously managed your Facebook’s privacy settings so that strangers are unable to view your photos, check-ins, and other private information. However, even if you think you have it all under control, one web developer found a way around the entire Facebook privacy system that will allow anyone to see your profile if you have mutual friends.

Appropriately named Stalkbook, MIT graduate Oliver Yeh has created a Facebook app that collects user data as a third party developer via the Facebook API. This information can show Yeh personal information of a stranger, which he can essentially exploit and share on Stalkbook. Yeh shares an example.

“With this API, I can have access to my friend Trevor’s information. And what Stalkbook does is it goes through all of a user’s information and all of the friends of the user’s information and stores a cache copy on the website, so that when somebody else visits Stalkbook, they now have access to a cache version of Facebook’s data, even though they don’t have permission to access Trevor’s information,” he explains to IEEE.

Simply speaking, the app works by putting you, the user, under the guise of your Facebook friend so you can see personal information of another profile you aren’t friends with. 

“So, the photo version works by whenever a person signs on to the application; not only does he reveal his or her own information but he also compromises all of his or her friends’ information too,” Yeh said. “If I sign on to the site, then my friend Trevor would also be signed on to the site because I’m friends with Trevor. And because with my credentials, I can see Trevor’s information. Now, everyone on the Internet can also see Trevor’s information by using my credentials.

“And as more people sign up to Stalkbook, you get this network effect, in which you only need perhaps 10 percent of Facebook to join to compromise 80 to 90 percent of Facebook.”

If this is still confusing, consult the pictograph to the right. Pretty much, whenever someone logs into their Facebook account, all their friends’ information are compromised. Yeh did note that only Likes, photo tags, comments, and status updates would be viewable but not private messages.

Now that you understand how wild the concept is and are sufficiently freaked out, take a seat. There are a few factors that would prevent not-yet-released Stalkbook from ever making it to the general audience.

While it is normal for developers to receive some user data to run their apps, it is against Facebook’s terms of service to solicit information and login access belong to someone else. Under the rules for developer apps, one guideline also states that the developer “will not use, display, share, or transfer a user’s data in a manner inconsistent with your privacy policy” while another restricts developers from such action by requiring them to “comply with all other restrictions contained in our Facebook Platform Policies.”

So there. In case you were planning to stalk your ex-lovers via your mutual friends using Stalkbook, you might need to stick to the old fashion route of actually friending them, or get your mutual friends to dish the dirty deets. What Stalkbook does show, however, is that getting around Facebook’s privacy settings isn’t as difficult as you’d think so whatever you end up sharing on Facebook will never truly be private.

Image by Sandy Woodruff

Editors' Recommendations

Natt Garun
Former Digital Trends Contributor
An avid gadgets and Internet culture enthusiast, Natt Garun spends her days bringing you the funniest, coolest, and strangest…
Facebook admits it was listening to your private conversations, too
Facebook Pages

Facebook outsourced contractors to listen in on your audio messenger chats and transcribe them, a new report reveals. 

Bloomberg reports that the contractors were not told why they were listening in or why they were transcribing them. Facebook confirmed the reports but said they are no longer transcribing audio. 

Read more
Facebook no longer lets you save your friends’ birthdays to your own calendar
facebook removes friends birthday export gettyimages 1153735026

Facebook quietly removed a feature that allowed users to export and sync their friends’ birthdays to an external calendar like iCal, Outlook, or Google Calendar.

While you can still export upcoming events -- parties, get-togethers, and the like -- the ability to save birthdays disappeared recently, a Facebook spokesperson confirmed to Digital Trends. The social network removed the ability to export birthdays in June, in the hopes of better protecting users' personal information. The spokesperson added that under the previous system, a person's birthday would remain on an external calendar if it had been downloaded, even if that user changed their privacy settings to mark their birthday as private.

Read more
WhatsApp now lets you send self-destructing voice messages
WhatsApp logo on a phone.

If you’re on WhatsApp and regularly make use of the view once feature for photo and video messages, then you might be interested to learn that the feature has now been expanded to voice messages.

WhatsApp’s view once feature does what it says, deleting a message after it’s been viewed a single time. It’s been available for photos and videos since 2021, but now you can also send voice messages that can only be played once before they, too, disappear from the app.

Read more