Whether you’re a job seeking college graduate or working professional, if you want to keep your career and personal life separate, chances are you have meticulously managed your Facebook’s privacy settings so that strangers are unable to view your photos, check-ins, and other private information. However, even if you think you have it all under control, one web developer found a way around the entire Facebook privacy system that will allow anyone to see your profile if you have mutual friends.
Appropriately named Stalkbook, MIT graduate Oliver Yeh has created a Facebook app that collects user data as a third party developer via the Facebook API. This information can show Yeh personal information of a stranger, which he can essentially exploit and share on Stalkbook. Yeh shares an example.
“With this API, I can have access to my friend Trevor’s information. And what Stalkbook does is it goes through all of a user’s information and all of the friends of the user’s information and stores a cache copy on the website, so that when somebody else visits Stalkbook, they now have access to a cache version of Facebook’s data, even though they don’t have permission to access Trevor’s information,” he explains to IEEE.
Simply speaking, the app works by putting you, the user, under the guise of your Facebook friend so you can see personal information of another profile you aren’t friends with.
“So, the photo version works by whenever a person signs on to the application; not only does he reveal his or her own information but he also compromises all of his or her friends’ information too,” Yeh said. “If I sign on to the site, then my friend Trevor would also be signed on to the site because I’m friends with Trevor. And because with my credentials, I can see Trevor’s information. Now, everyone on the Internet can also see Trevor’s information by using my credentials.
“And as more people sign up to Stalkbook, you get this network effect, in which you only need perhaps 10 percent of Facebook to join to compromise 80 to 90 percent of Facebook.”
If this is still confusing, consult the pictograph to the right. Pretty much, whenever someone logs into their Facebook account, all their friends’ information are compromised. Yeh did note that only Likes, photo tags, comments, and status updates would be viewable but not private messages.
Now that you understand how wild the concept is and are sufficiently freaked out, take a seat. There are a few factors that would prevent not-yet-released Stalkbook from ever making it to the general audience.
While it is normal for developers to receive some user data to run their apps, it is against Facebook’s terms of service to solicit information and login access belong to someone else. Under the rules for developer apps, one guideline also states that the developer “will not use, display, share, or transfer a user’s data in a manner inconsistent with your privacy policy” while another restricts developers from such action by requiring them to “comply with all other restrictions contained in our Facebook Platform Policies.”
So there. In case you were planning to stalk your ex-lovers via your mutual friends using Stalkbook, you might need to stick to the old fashion route of actually friending them, or get your mutual friends to dish the dirty deets. What Stalkbook does show, however, is that getting around Facebook’s privacy settings isn’t as difficult as you’d think so whatever you end up sharing on Facebook will never truly be private.
Image by Sandy Woodruff
