Background

Over the last few months Facebook has made quite a few major updates to amend and increase the security of a FaceBook accounts.

It’s now possible to make all aspects of your profile to be secret, including the fact that you don’t appear on the search results.

That was the theory.

The Problem

I accidentally found a way around the security system by using Facebook’s iPhone application. The worrying thing is that it’s actually so simple, it’s alarming how it has been missed.

Step 1: Create a list of contacts of people you suspect are on Facebook with their known email addresses (or at the very least, good guesses)
Step 2: In the Facebook application press the “Friends” button on the main menu.
Step 3: At the top right of that screen you’ll notice a “Sync” button. Press it.

The result is the screen above. Facebook searches for ANY matching profiles based upon that email address and brings back what information it can, including the profile picture. It then drops all this information into your Contacts. Along with the name, a link to the face book app (complete with profile ID) it also copied the PRIVATE profile image.

Armed with my new discovery I had a work colleague make his Facebook profile entirely private. I then guessed his private email address and sure enough, I got the following details (greyed out).

So, how do I protect myself?

Well, the answer is pretty obvious. It’s obvious and also something else that I came upon by accident.

Because I use an abstract email address for my Facebook profile, people who guess or know my personal email address still cannot find me using the iPhone application. So my suggestion to you would be to create a Yahoo / Hotmail / GMail account specifically for Facebook and don’t share it with anybody.

Tags: facebook, security