Last month the cybersecurity group CyberInt revealed a longstanding loophole in Facebook‘s friends security settings that shows how easy it is to get info from supposedly “secure” accounts on the social platform. Although accounts are locked, anyone can see another Facebook user’s “mutual” friends, even if the other Facebook user has a locked account.
Mashable employees decided to test CyberInt’s theory that anyone—with a little legwork, the right connections, and a new program from CyberInt—could reconstruct another user’s friends list. To do it, they chose the most prominent, and supposedly private, user on Facebook: Mark Zuckerberg himself.
Most Facebook users probably think that setting their profile to be visible to “Only Me” is equivalent to putting everything in it, including your social connections, under lock and key. But it’s not that simple. If you have mutual connections with another Facebook user, you can see who those connections are, regardless of the other user’s privacy settings.
Though Zuck’s friends list is locked, the loophole revealed that each of the 248 friends he shares with Facebook product head Chris Cox were public, since Cox’s Facebook profile is public. From there, it just took a little digging to come up with another 150 or so of Zuckerberg’s other friends.
Predictably, Mashable discovered that Zuckerberg is friends with numerous high-powered Silicon Valley CEOs and other movers and shakers of the tech world, including the CEOs, founders, or cofounders of Mozilla Firefox, Twitter, Yelp, Airbnb, Napster, Dropbox, Foursquare, Ebay, Scribd, and massive Chinese search engine Baidu.
Mashable hoped to make the point that while they were only able to reconstruct a partial list of Zuckerberg’s friends based on the number of people in his network with public-facing profiles, the list they extracted was long. It’s arguably revealing enough that even the Facebook founder himself might have issues with the privacy double standard.
An unintended side effect of the experiment, however, was to show how intrinsically the higher echelons of Silicon Valley are linked. It’s easy to think of Zuck at the center of a spidery social web, each strand leading to a different high-powered CEO. As Mashable’s Kurt Wagner put it, “Zuckerberg’s full friends list likely features even more intriguing tech connections.”
Facebook didn’t indicate that it saw an issue with the privacy feature in its response to Mashable, noting instead, “we explain prominently” that your Facebook friends “might select a different group of people” to form connections with.
So if you’re not comfortable with having some of those third-party connections be more public than you, it might be time to consider deleting Facebook.
Photo by Kris Krug/Flickr (CC By SA 2.0) and stuartpilbrow/Flickr (CC By SA 2.0)| Remix by fern