Does Facebook open up your profile without you knowing?
Hi there,
It’s been a while since I last posted but that is to be expected at times. First, because I don’t want to force myself to post just for the sake of it. Second, because I keep all my private stuff away from this blog. Last, because I’ve been working on things that aren’t public and can’t talk about it here, and when I had something I felt talking about I just didn’t have the time.
This being said, I recently stumbled over a piece of information about Facebook that has left me baffled enough that I want to post about it here.
Most people I know have some access restrictions on their FB profile. It is typically open to just friends, friends of friends, or maybe networks, but it is rarely completely public. Did you know though, that on sending a message to someone through FB you effectively give that person access to your profile for 30 days? I’m not kidding.
When this was pointed out to me I just didn’t believe it. It just made no sense to me at all. How could they possibly silently override your privacy settings? For sure, a posting on Yahoo! Answers seem to confirm that claim.
I searched FB’s documentation and didn’t find anything. Then I found a bunch of information, mostly from other confused users desperately trying to figure out what the real story is.
I eventually found what appeared to be the “official” answer in FB’s help center Q&A which I’ll reproduce here:
When you contact someone through a poke, message, or friend request, Facebook temporarily allows that person to see certain parts of your profile, even if your privacy and network settings would usually prevent him or her from seeing your full profile. The only parts of your profile that are made visible are your Basic Info, Work Info, Education Info, your profile pictures album, and your Friends List. A poke allows the user to see this information for one week, a message enables visibility for one month, and a friend request allows the user to see this information until the request is either confirmed or denied.
However, judging from the various experiments reported by users it’s actually not certain whether only parts of your profile is given access, and what exactly this includes. Reports are actually contradicting each other, some reporting this has been fixed and others saying it hasn’t.
So, I decided to test it myself . I created a bogus FB account to which I sent a message from my own account. I then logged in with the bogus account and when I tried to access my profile I got access to almost nothing. What I got access to was basically my almost empty profile that people get to see when they are not my friends, in accordance with my privacy settings.
This is somewhat reassuring but it makes you wonder about the “official answer” quoted above.
If you want to be safe, someone published an interesting workaround:
There is one effective workaround to this problem. You can reply to the person’s message, then immediately after doing so, BLOCK them, then immediately after that, UNBLOCK them again. This will revert their status to being able to message you back, but not see any aspect of your profile. Just like before you ever messaged them in the first place.
It’s unfortunate that FB doesn’t seem to care enough to fully document the actual and current behavior though. If anyone has additional information on this please let me know. Thanks.
5 Comments »
Leave a comment
About
I am responsible for overseeing the coordination of IBM global open standards program and leading IBM open source and standards program in the emerging markets.
I have been working on open standards for over 10 years, both as a staff member of standards development organizations (SDO) such as W3C and as a representative for IBM. I have been involved in every aspect of the standards development process. This includes the technical, strategic, political, and legal aspects, both internal and external to an SDO and to a company like IBM. I was involved in the development of standards such as HTML and XML.
I have also been involved in open source projects, such as Xerces, the XML parser developed by the Apache Software Foundation for which I was one of the lead architects.
-
Archives
- November 2009 (1)
- October 2009 (2)
- August 2009 (1)
- May 2009 (1)
- March 2009 (4)
- February 2009 (1)
- January 2009 (4)
- October 2008 (1)
- September 2008 (4)
- August 2008 (1)
- July 2008 (1)
- June 2008 (1)
-
Categories
-
RSS
Entries RSS
Comments RSS
> How could they possibly silently override your privacy settings?
It’s not silent, when sending a mail to someone not part of your friends network, a message is displayed in that effect telling you that this will open your profile to him for a month. I don’t find this particularly problematic, on the contrary, it prevents completely anonymous mails and may deter some moron from harassing other people.
No, it is silent. No message is displayed telling you anything.
The problem is that you may not be the one sending a message in the first place. It also happens when you answer one. So, imagine you get a message from someone, you’re not sure who that is, what do you do? The natural thing to do is to reply and ask for additional information. Too bad, you just opened your profile to that person…
And in fact, this is documented to be a way to gain access to somebody’s profile: How To View Private Facebook Profiles Pages.
I have seen such a message when sending a mail through fb to someone who wasn’t part of my “friends network”. However I don’t recall seeing it when replying to someone.
On 2nd thought I’m probably confusing with sending a friends request.
I’m afraid you’re confused indeed.
Based on my own test I can assure you that sending a message doesn’t trigger any warning. If it did I wouldn’t have so much of a problem with the opening of your profile for the reason you gave.
It’s the silent aspect that I really object to.