Loophole lets anyone see part of your Facebook friend list, even if it’s set to private

study says facebook can tell youre psychopath fb eye

If you chose the Facebook setting that hides your friend list from people who aren’t you friends, Irene Abezguaz has some bad news. Abezguaz, a vice president of product management at Quotidium, outlined a loophole she discovered at AppSecUSA 2013, a New York security conference — that friend list isn’t totally hidden. 

If someone wants to see the friends of a Facebook user who hides their complete friend list from strangers, they can create a new dummy account and send a friend request to that Facebook user. Once the request is sent, even if it is rejected, Facebook will start sending friend suggestions to the dummy account — for users who are already Facebook friends or who have received a friend request from the person in question. In this way, even though there’s no complete friend list, someone looking for more information about a Facebook user will be able to compile at least a robust partial list of their Facebook friends. And while most people aren’t going to bother going out of their way to circumvent settings, the people who will  — malware peddlers, spammers, and stalkers — are exactly the kind of users that people want to avoid when they select tighter privacy settings. 

“Research of this issue has shown that most of the friends list, often hundreds of friends, is available to the attacker. In any case, even a partial friends list is a violation of user-chosen privacy controls,” Abezguaz writes in a blog post explaining the security loophole. 

Facebook doesn’t see this loophole as any big deal. A spokesperson (vaguely) explains: “Our policies explain that changing the visibility of people on your friend list controls how they appear on your Timeline, and that your friends may be visible on other parts of the site, such as in News Feed, Search and on other people’s Timelines. This behavior is something we’ll continue to evaluate to make sure we’re providing clarity.” In other words, yes, the company acknowledges that part of your friend list becomes visible when a non-friend peeks at the “People You May Know” function, but because it’s not a direct part of the Timeline controls and because it’s an incomplete list, Facebook isn’t going to focus on this as a problem (besides perhaps clarifying their language to make it more apparent that the company does not believe this is a problem). 

Facebook has been changing its privacy settings to encourage users to publicly display more information; it’s part of the company’s ongoing quest to transform into a “personalized newspaper” and discovery engine with Graph Search. The company isn’t going to stray from that strategy to backpeddle and provide greater privacy controls again, even if someone brings the flimsiness of the current settings to our attention.

This probably isn’t the only example of a roundabout way to access Facebook user information. But it is a very good example of Facebook’s attitude towards user privacy: the company is ushering users towards transparency and away from privacy, and it’s not going to bother accommodating people pointing out relatively minor privacy failings like this. Let this be another reminder that Facebook, while still useful/painfully addictive, is actively eroding your old privacy settings to prime users for a more public social network.  

Wearables

Look Ma, no hands! The Horizon watch discards tradition for daring simplicity

Think a watch always has to have hands, or at least a way to tell the precise time? Think again. The Optik Instruments Horizon watch doesn't have any hands, but still manages to provide an at-a-glance time that's precise enough for most of…
Home Theater

What is MHL, exactly, and how does it work with your TV?

There are more ways to mirror your smartphone or tablet to your TV than you might think. Check out our rundown of MHL for everything you need to know about the wired protocol and its myriad uses.
Product Review

Ring’s Video Doorbell Pro goes on a diet, but doubles the resolution

Porch pirates will think twice when faced with Ring’s Video Doorbell Pro. Packing top tier features into a slim design, the Doorbell Pro is at home beside any front door.
Emerging Tech

Here’s all the best gear and gadgetry you can snag for $100 or less

A $100 bill can get you further than you might think -- so long as you know where to look. Check out our picks for the best tech under $100, whether you're in the market for headphones or a virtual-reality headset.
Home Theater

What is Netflix Roulette, and how exactly does it work?

For years, educated viewers have been using Netflix Roulette to broaden their horizons. The web app can help you find movies and shows you'd never think to watch! What exactly is it, though, and how do you use it? We explain.
Computing

If you've spilled water on your laptop, act fast and you might be able to fix it

How do you fix spilled water on laptop? It's not as difficult as you might think, but you'll need to act fast. Turn it off, disconnect the battery and then follow these steps to dry out your system.
Cars

Lamborghini’s Aventador successor goes semi-electric with a new V12 hybrid

It seems like it was only last year when Lamborghini didn’t think new models featuring electrified powertrains would be in their pipeline in the “short term.” Now, the company’s position on electrification seems to have changed.
Social Media

Instagram now shows when you’re online (don’t worry, it has an off button)

Instagram's newest feature may present a problem for those of us who are trying to fly under the radar. On Thursday, the photo sharing network debuted its latest update -- a way for folks to see when their Instagram friends are online.
Mobile

With a public API, Venmo’s default privacy settings expose private user data

Fans of Venmo may want to consider changing their privacy settings. A security researcher was able to analyze over 200 million Venmo transactions through its public API, which exposed many private details about its users.
Mobile

How to improve your Android privacy

If you have an Android device and you’re concerned about your privacy, then we have a few tips for you. Learn about the settings you can change to improve your Android privacy and safeguard your personal data.
Mobile

BlackBerry dusts off oldest trick in the book to push new keyboard phone

BlackBerry has already teased it will release two new keyboard phones this year, and we may be just about to get the second. Leaks are hinting the phone will be called the BlackBerry Key2 Lite, which may cost less than the Key2 due to…
Gaming

Want to play games in peace? Here's how to appear offline on the Xbox One

Sometimes, you just don't want to be bothered while you're playing video games. If you're having one of those reclusive days, we have instructions on how to appear offline on Xbox One.
Social Media

Don’t want your ex on your Instagram? You can now remove followers on Android

You've always been able to unfollow those pesky over-posters or ex-significant others on Instagram, but never before have you had the option to exercise such control over your own photo stream. Until now.
Mobile

These are the best video chat apps to help you stay in touch

Though still relatively new, video chat apps can help you connect with people from around the world. Here are our personal favorites to help you keep in touch regardless of smartphone OS.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Facebook suspends data firm claiming access to 1 trillion conversations

Facebook and Instagram are suspending Crimson Hexagon's access to its data pending a full investigation. Facebook found no wrongdoing, but wants to know if the firm used social network data to help with government surveillance programs.
Social Media

What is Reddit? A beginner’s guide to the front page of the internet

So, what is Reddit exactly? Here, we breakdown the terminology, perks, and various inner workings of everyone's favorite social platform. Understanding the self-proclaimed "front page of the internet" has never been so easy.
Computing

Relive 1998 as live chat rooms roll out across Reddit in a limited beta

Reddit is slowly rolling out real-time chat rooms across a limited number of subreddits. Currently in beta, Reddit Chat went live in 2017 for a small group of around 7,000 users. Reddit is now expanding this service.
Business

Tinder begins testing Bitmoji feature in Mexico and Canada using Snap Kit

Using Snapchat's latest developer platform known as Snap Kit, Tinder has begun testing the Bitmoji feature in Mexico and Canada. By connecting their Snapchat and Tinder accounts, users are able to send Bitmojis through the dating app.
Photography

3 simple things you can do to step up your selfie game

Taking a selfie might seem simple enough, but there's more to it than meets the eye. Here are three elements to keep in mind the next time you take a selfie to share on social media.
Photography

What is portrait mode? How tech helps smartphones capture a better you

Several years ago, portrait modes started showing up on phones and quickly became one of the most popular ways to capture selfies, profile pics, and more. But how does portrait mode work, and how much difference does it make?