Arnaud's Blog

Opinions on open source, standards, and other things

Does Facebook open up your profile without you knowing?

Hi there,

It’s been a while since I last posted but that is to be expected at times. First, because I don’t want to force myself to post just for the sake of  it. Second, because I keep all my private stuff away from this blog. Last, because I’ve been working on things that aren’t public and can’t talk about it here, and when I had something  I felt talking about I just didn’t have the time.

This being said, I recently stumbled over a piece of information about Facebook that has left me baffled enough that I want to post about it here.

Most people I know have some access restrictions on their FB profile. It is typically open to just friends, friends of friends, or maybe networks, but it is rarely completely public. Did you know though, that on sending a message to someone through FB you effectively give that person access to your profile for 30 days? I’m not kidding.

When this was pointed out to me I just didn’t believe it. It just made no sense to me at all. How could they possibly silently override your privacy settings? For sure, a posting on Yahoo! Answers seem to confirm that claim.

I searched FB’s documentation and didn’t find anything. Then I found a bunch of information, mostly from other confused users desperately trying to figure out what the real story is.

I eventually found what appeared to be the “official” answer in FB’s help center Q&A which I’ll reproduce here:

When you contact someone through a poke, message, or friend request, Facebook temporarily allows that person to see certain parts of your profile, even if your privacy and network settings would usually prevent him or her from seeing your full profile. The only parts of your profile that are made visible are your Basic Info, Work Info, Education Info, your profile pictures album, and your Friends List. A poke allows the user to see this information for one week, a message enables visibility for one month, and a friend request allows the user to see this information until the request is either confirmed or denied.

However, judging from the various experiments reported by users it’s actually not certain whether only parts of your profile is given access, and what exactly this includes. Reports are actually contradicting each other, some reporting this has been fixed and others saying it hasn’t.

So, I decided to test it myself . I created a bogus FB account to which I sent a message from my own account. I then logged in with the bogus account and when I tried to access my profile I got access to almost nothing. What I got access to was basically my almost empty profile that people get to see when they are not my friends, in accordance with my privacy settings.

This is somewhat reassuring but it makes you wonder about the “official answer” quoted above.

If you want to be safe, someone published an interesting workaround:

There is one effective workaround to this problem. You can reply to the person’s message, then immediately after doing so, BLOCK them, then immediately after that, UNBLOCK them again. This will revert their status to being able to message you back, but not see any aspect of your profile. Just like before you ever messaged them in the first place.

It’s unfortunate that FB doesn’t seem to care enough to fully document the actual and current behavior though.  If anyone has additional information on this please let me know. Thanks.


August 24, 2009 - Posted by | Uncategorized | ,


  1. > How could they possibly silently override your privacy settings?

    It’s not silent, when sending a mail to someone not part of your friends network, a message is displayed in that effect telling you that this will open your profile to him for a month. I don’t find this particularly problematic, on the contrary, it prevents completely anonymous mails and may deter some moron from harassing other people.

    Comment by Guillaume Laurent | August 24, 2009 | Reply

  2. No, it is silent. No message is displayed telling you anything.

    The problem is that you may not be the one sending a message in the first place. It also happens when you answer one. So, imagine you get a message from someone, you’re not sure who that is, what do you do? The natural thing to do is to reply and ask for additional information. Too bad, you just opened your profile to that person…

    And in fact, this is documented to be a way to gain access to somebody’s profile: How To View Private Facebook Profiles Pages.

    Comment by Arnaud Le Hors | August 25, 2009 | Reply

  3. I have seen such a message when sending a mail through fb to someone who wasn’t part of my “friends network”. However I don’t recall seeing it when replying to someone.

    Comment by Guillaume Laurent | August 25, 2009 | Reply

  4. On 2nd thought I’m probably confusing with sending a friends request. 🙂

    Comment by Guillaume Laurent | August 25, 2009 | Reply

  5. I’m afraid you’re confused indeed. 🙂

    Based on my own test I can assure you that sending a message doesn’t trigger any warning. If it did I wouldn’t have so much of a problem with the opening of your profile for the reason you gave.

    It’s the silent aspect that I really object to.

    Comment by Arnaud Le Hors | August 25, 2009 | Reply

  6. Hi,

    Have they removed this feature/glitch now?

    I was aware of it, but looks like it doesn’t work anymore…

    Comment by Renaldo | January 20, 2010 | Reply

  7. This blog is really helpful.. Found myself in this predicament today, i remembered sometime in the past fb saying if you respond to a message of someone not on your friends list your profile would be visible to them for a period of time.. so i myself was not sure if this is still the case.. to be on the same side i just block the person. thanks for the post

    Comment by Anonymous | August 1, 2012 | Reply

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: