Arnaud’s Open blog

Opinions on open source and standards

Does Facebook open up your profile without you knowing?

Hi there,

It’s been a while since I last posted but that is to be expected at times. First, because I don’t want to force myself to post just for the sake of  it. Second, because I keep all my private stuff away from this blog. Last, because I’ve been working on things that aren’t public and can’t talk about it here, and when I had something  I felt talking about I just didn’t have the time.

This being said, I recently stumbled over a piece of information about Facebook that has left me baffled enough that I want to post about it here.

Most people I know have some access restrictions on their FB profile. It is typically open to just friends, friends of friends, or maybe networks, but it is rarely completely public. Did you know though, that on sending a message to someone through FB you effectively give that person access to your profile for 30 days? I’m not kidding.

When this was pointed out to me I just didn’t believe it. It just made no sense to me at all. How could they possibly silently override your privacy settings? For sure, a posting on Yahoo! Answers seem to confirm that claim.

I searched FB’s documentation and didn’t find anything. Then I found a bunch of information, mostly from other confused users desperately trying to figure out what the real story is.

I eventually found what appeared to be the “official” answer in FB’s help center Q&A which I’ll reproduce here:

When you contact someone through a poke, message, or friend request, Facebook temporarily allows that person to see certain parts of your profile, even if your privacy and network settings would usually prevent him or her from seeing your full profile. The only parts of your profile that are made visible are your Basic Info, Work Info, Education Info, your profile pictures album, and your Friends List. A poke allows the user to see this information for one week, a message enables visibility for one month, and a friend request allows the user to see this information until the request is either confirmed or denied.

However, judging from the various experiments reported by users it’s actually not certain whether only parts of your profile is given access, and what exactly this includes. Reports are actually contradicting each other, some reporting this has been fixed and others saying it hasn’t.

So, I decided to test it myself . I created a bogus FB account to which I sent a message from my own account. I then logged in with the bogus account and when I tried to access my profile I got access to almost nothing. What I got access to was basically my almost empty profile that people get to see when they are not my friends, in accordance with my privacy settings.

This is somewhat reassuring but it makes you wonder about the “official answer” quoted above.

If you want to be safe, someone published an interesting workaround:

There is one effective workaround to this problem. You can reply to the person’s message, then immediately after doing so, BLOCK them, then immediately after that, UNBLOCK them again. This will revert their status to being able to message you back, but not see any aspect of your profile. Just like before you ever messaged them in the first place.

It’s unfortunate that FB doesn’t seem to care enough to fully document the actual and current behavior though.  If anyone has additional information on this please let me know. Thanks.

Advertisements

August 24, 2009 Posted by | Uncategorized | , | 7 Comments