Skip to main content
  1. Home
  2. Social Media
  3. Web
  4. Legacy Archives

Stalkbook: View any Facebook profile information even if they’re not your friend

Add as a preferred source on Google
Image used with permission by copyright holder

Whether you’re a job seeking college graduate or working professional, if you want to keep your career and personal life separate, chances are you have meticulously managed your Facebook’s privacy settings so that strangers are unable to view your photos, check-ins, and other private information. However, even if you think you have it all under control, one web developer found a way around the entire Facebook privacy system that will allow anyone to see your profile if you have mutual friends.

Appropriately named Stalkbook, MIT graduate Oliver Yeh has created a Facebook app that collects user data as a third party developer via the Facebook API. This information can show Yeh personal information of a stranger, which he can essentially exploit and share on Stalkbook. Yeh shares an example.

Recommended Videos

“With this API, I can have access to my friend Trevor’s information. And what Stalkbook does is it goes through all of a user’s information and all of the friends of the user’s information and stores a cache copy on the website, so that when somebody else visits Stalkbook, they now have access to a cache version of Facebook’s data, even though they don’t have permission to access Trevor’s information,” he explains to IEEE.

Simply speaking, the app works by putting you, the user, under the guise of your Facebook friend so you can see personal information of another profile you aren’t friends with. 

“So, the photo version works by whenever a person signs on to the application; not only does he reveal his or her own information but he also compromises all of his or her friends’ information too,” Yeh said. “If I sign on to the site, then my friend Trevor would also be signed on to the site because I’m friends with Trevor. And because with my credentials, I can see Trevor’s information. Now, everyone on the Internet can also see Trevor’s information by using my credentials.

“And as more people sign up to Stalkbook, you get this network effect, in which you only need perhaps 10 percent of Facebook to join to compromise 80 to 90 percent of Facebook.”

If this is still confusing, consult the pictograph to the right. Pretty much, whenever someone logs into their Facebook account, all their friends’ information are compromised. Yeh did note that only Likes, photo tags, comments, and status updates would be viewable but not private messages.

Now that you understand how wild the concept is and are sufficiently freaked out, take a seat. There are a few factors that would prevent not-yet-released Stalkbook from ever making it to the general audience.

While it is normal for developers to receive some user data to run their apps, it is against Facebook’s terms of service to solicit information and login access belong to someone else. Under the rules for developer apps, one guideline also states that the developer “will not use, display, share, or transfer a user’s data in a manner inconsistent with your privacy policy” while another restricts developers from such action by requiring them to “comply with all other restrictions contained in our Facebook Platform Policies.”

So there. In case you were planning to stalk your ex-lovers via your mutual friends using Stalkbook, you might need to stick to the old fashion route of actually friending them, or get your mutual friends to dish the dirty deets. What Stalkbook does show, however, is that getting around Facebook’s privacy settings isn’t as difficult as you’d think so whatever you end up sharing on Facebook will never truly be private.

Image by Sandy Woodruff

Natt Garun
An avid gadgets and Internet culture enthusiast, Natt Garun spends her days bringing you the funniest, coolest, and strangest…
Reddit is ending anonymous browsing on old Reddit, and longtime users are not happy
Reddit's old interface is getting a login requirement, and its long term future looks uncertain.
Reddit

If you have been quietly browsing old.reddit.com without logging in, that option is going away. Reddit just announced it will require everyone to log in to use old.reddit.com, with the change landing sometime over the next month. A Reddit admin broke the news on the platform, calling it part of a push to tighten how automated systems get into the site.

Why is Reddit locking down the old interface?

Read more
TikTok, Instagram, Snapchat, and YouTube are failing kids with broken safety features, research finds
Over half of social media child safety features don't work as advertised.
a boy using iPhone

Social media platforms have spent years telling parents their children are safe online. New research suggests those assurances don't hold up. A report from the Cybersafety Research Center tested 86 child safety features across TikTok, Instagram, Snapchat, and YouTube. Only 35 worked as promised, and the rest were broken, buried in settings, or missing entirely.

Which social media platforms performed the worst on child safety?

Read more
Yet another research proves TikTok injury advice is just downright bad
Your knee should not be taking rehab instructions from viral TikToks
TikTok

We've already heard a lot about the negative impact of social media, like how it keeps kids hooked to screens. But one of its emerging problems is the terrible medical advice being shared on the platform. The platform is often used for new learning dance routines or a new recipe, but it's also being used to share health-related advice from non-professionals.

A new study led by researchers at Université de Montréal has assessed TikTok videos about anterior cruciate ligament rehabilitation exercises, and the result is not exactly reassuring. The team looked at 106 videos found through the search term “ACL rehab exercises,” including 55 posted by ordinary users and 51 posted by health care professionals.

Read more