Comments on: Easily View Hidden Facebook Friend Lists

By: :(

:( — Sat, 13 Mar 2010 13:52:15 +0000

IT doesnt work

By: Social Media Security » Facebook’s Fluid Definition of Publicly Available Information

Thu, 11 Feb 2010 14:27:57 +0000

[...] course, it wasn’t long before someone discovered a “means to do so.” In December, I posted a simple trick that would reveal the names and profile pages of any user’s friends, regardless of whether they [...]

By: Facebook’s Fluid Definition of Publicly Available Information | Social Hacking

Wed, 10 Feb 2010 00:26:55 +0000

[...] wasn’t long before someone discovered a “means to do so.” In December, I posted a simple trick that would reveal the names and profile pages of any user’s friends, regardless of whether [...]

By: Vas

Vas — Thu, 14 Jan 2010 09:36:36 +0000

how do you find a Facebook user;s ID number?

By: theharmonyguy

theharmonyguy — Mon, 28 Dec 2009 21:07:06 +0000

@Pascal: Thanks for the further testing. I operated off the assumption that all users will eventually migrate, so I didn’t take migration into account.

Also, I mentioned in my post that the trick works even when not logged in. From what I’ve found in further testing, it appears that whether the trick works for an unauthenticated session depends on whether the user has a public profile, not the privacy of their friend list. For instance, http://www.facebook.com/ajax/typeahead_friends.php?u=4&__a=1 brings up Mark Zuckerberg’s friend list regardless of whether you’re logged in, but http://www.facebook.com/ajax/typeahead_friends.php?u=4617&__a=1 only brings up Randi Zuckerberg’s friend list if you’re logged in. Both have their friend lists hidden on their profile, but Randi has her public profile disabled.

By: Pascal Van Hecke

Pascal Van Hecke — Sun, 27 Dec 2009 01:37:38 +0000

Hi,

Here’s what my little tests showed when I try http://www.facebook.com/ajax/typeahead_friends.php?u=USERID&__a=0

unauthenticated session: the resultset is empty for users that have hidden their friend list and users that have not migrated yet, but is accessible for users that haven’t done so.

authenticated session: resultset is empty for users that have not migrated yet, but is accessible for all users that have done so, regardless whether they have hidden their friend list or not.

So even after you have migrated, hiding your friend list does give you some protection against unauthenticated scraping.
You would have protection against authenticated scraping on the condition that Facebook monitors for an excessive number of requests coming from one userID.

By: OzzyGreene

OzzyGreene — Fri, 25 Dec 2009 14:01:27 +0000

dude u’ve inspired me and guess what?
i’m in this…and i just knew this “there’s NO privacy With Netlog.com”
i knew this u harmony guy will drag us to the jail
adios amigo
ozzy Greene

By: uberVU - social comments

uberVU - social comments — Fri, 25 Dec 2009 07:00:47 +0000

Social comments and analytics for this post…

This post was mentioned on Twitter by theharmonyguy: New Post: Easily View Hidden Facebook Friend Lists http://bit.ly/5hHO7V...

By: Tweets that mention Easily View Hidden Facebook Friend Lists | Social Hacking -- Topsy.com

Fri, 25 Dec 2009 04:39:35 +0000

[...] This post was mentioned on Twitter by Melissa and theharmonyguy, topsy_top20k. topsy_top20k said: New Post: Easily View Hidden Facebook Friend Lists http://bit.ly/5hHO7V [...]