Join 3,366 readers in helping fund MetaFilter (Hide)


How did a non-friend access my friends-only Facebook page?
January 22, 2011 8:47 PM   Subscribe

Facebook privacy question: how did someone not on my friends list access my friends-only profile through a website?

I have very strict privacy settings on Facebook due to my job. Everything is set to friends-only. What I post to Facebook is fairly innocuous, but I like to keep to to just my circle all the same :)

Today, I got a panicked phone call from my mom saying that a friend of hers (who is NOT on my friends list) was browsing a popular recipe website, saw my name on the page, clicked on it and immediately saw my entire Facebook profile, and was able to tell my mother all sorts of things that were posted there. The only contact I have had with this website was to 'like' their page---I never commented to anything, never posted anything there, never had any dealings with them beyond clicking the 'like' button so I could see site updates in my news feed.

Obviously, I have now 'un-liked' the page in question. But I am concerned as to how this might have happened. I have re-checked every privacy setting I could think of and it all says 'friends-only' so I am not sure how this website was able to broadcast my name/info, and how a non-friend clicking on it could access my friends-only stuff. I want to prevent this from happening in the future. What did I miss here?
posted by JoannaC to Media & Arts (15 answers total) 8 users marked this as a favorite
 
Try running this guy: http://www.reclaimprivacy.org/
Not perfect, but it might find something you don't know about.
posted by phunniemee at 8:52 PM on January 22, 2011


Just to make sure--are you certain that this friend really did see something they weren't supposed to? Facebook usually at least shows a picture and network, and I could see someone getting alarmed about that.
posted by nasreddin at 8:55 PM on January 22, 2011


1) Tried the 'reclaim privacy' link and it had a red button on 'friends can accidentally share.' I clicked the fix button and it said it fixed it, but still showed up red. The note on the site said it is not fully compatible with the latest settings, so I am not sure what this means.

2) The friend was able to tell my mother about things I had posted on my wall. She really did see my actual profile. I do have two of her kids on my friends page, but I do not have her on my page. I wonder if she could access it through her kids, but I thought setting it to friends only would block such access since she herself is not my my list?

Bah. I wish there was a setting that said 'don't share anything with anybody unless I say so' but it seems you really need to be on top of things. I have a few out of town friends who communicate solely by Facebook, otherwise I would leave. I am very careful about what I post there since I don't have a common name, so I am a little alarmed that people can see my stuff without being on my friends list :)
posted by JoannaC at 9:02 PM on January 22, 2011


When you 'like' a page, that's public information and available many places on the web and not on Facebook. You can't lock that down as far as I know.

How this woman saw your profile--I can't quite imagine that, except that perhaps something was awry in your privacy settings. Or, perhaps the woman saw postings you made to the page you 'liked,' and not your actual profile.
posted by bluedaisy at 9:14 PM on January 22, 2011 [1 favorite]


Just saw your response. I think the most likely situation is that one of her kids didn't log out, so when the mom clicked through to your profile, they saw your whole profile, open to your friend. There's nothing you can do about that except tell your friends to log out.
posted by bluedaisy at 9:17 PM on January 22, 2011 [23 favorites]


I do have two of her kids on my friends page

Perhaps one of her children had been using their mother's computer to check Facebook and they didn't log out when they were done? Or perhaps she was using one of their computers?
posted by crankylex at 9:20 PM on January 22, 2011


Yeah, I think one of her kids hadn't logged out. You could do a little experiment - 'like' the recipe site again, log out of fb, click on your name on the recipe site, and see what you can see on fb.
posted by iconomy at 9:28 PM on January 22, 2011 [4 favorites]


"NOTE this scanner is not fully compatible with the latest Facebook privacy settings, so please be sure you check your privacy settings manually yourself. "

I don't think reclaimprivacy.org works 100% of the time. I just ran it, and despite my very locked down profile I got a red flag for 'your friends can accidentally share your personal information.' I ran the fixer, it still shows up red. It's most likely kid didn't log out.
posted by fixedgear at 3:12 AM on January 23, 2011 [1 favorite]


Don't know that this is the answer, but I have little trouble seeing the full friends list of strangers on Facebook. It always seemed to me the idea was that I might be looking for an old acquaintance and not be sure if one of the hits was them; by looking at the friends, I might see someone else I knew and be able to confirm this is the person I was looking for.
posted by troywestfield at 5:19 AM on January 23, 2011


I think odds are she was logged in as one of the kids. I have friends that share a computer with a spouse and they are always posting on Facebook from the other's account. If you aren't paying attention it would be very easy to do.
posted by COD at 6:20 AM on January 23, 2011


Any time you "like" something it adds them as a friend, basically. If you have a limited profile list with restricted permissions, you have to manually add the thing you "liked" to the limited profile list. For example, I "liked" a pizza restaurant so I could get coupons off facebook, but they were listed as a normal friend with normal privileges. I then realized I had to manually bump them over to my limited profile.
posted by Maarika at 9:26 AM on January 23, 2011 [1 favorite]


Any time you "like" something it adds them as a friend, basically. If you have a limited profile list with restricted permissions, you have to manually add the thing you "liked" to the limited profile list. For example, I "liked" a pizza restaurant so I could get coupons off facebook, but they were listed as a normal friend with normal privileges. I then realized I had to manually bump them over to my limited profile.

This was only briefly true, and doesn't appear to be true any more (at least for me, although with FB incremental roll-outs, who knows). But it's worthwhile to go through your friends list and make sure there aren't any accidental pages or people there.

Otherwise, as everyone has said, she was accidentally logged in with someone else's account. A good reminder that your privacy is only as good as your least vigilant friend.
posted by anaelith at 2:39 PM on January 23, 2011


I was just noticing recently that sites like the New York Times showed up on my Facebook Apps list. If you notice, when you click on each of the apps in your list, you can see what permissions they have. For example, the NYTimes app can:
Access my basic information
Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.

Send me email
The New York Times may email me directly at xxxx@xxxx·

Access my profile information
Likes, Music, TV, Movies, Books, Quotes, About Me, Interests..., Groups, Birthday, Hometown, Current City, Website, Education History and Work History
It used to also be able to:
Access my data any time
The New York Times may access my data when I'm not using the application
But I removed that. Maybe see if you have any similar things lurking in your apps list.
posted by acridrabbit at 6:28 PM on January 23, 2011 [1 favorite]


What acridrabbit just said, and thanks. I removed all the permissions that were not 'required.' The NYT has no need or permission to "access my data when I'm not using the application."
posted by fixedgear at 5:50 AM on January 24, 2011


One caveat about the things you "like" -- I did some testing now, and while they do not appear on your regular friends list any more, if you type their name to add them to your limited/restricted profile they can still be added to that list. Creepy, no? It makes me think that they were secretly/invisibly on my regular list the whole time.
posted by Maarika at 7:46 PM on January 24, 2011


« Older Is iOS 4.2 stable or mostly st...   |  I'm trying to find an ambient/... Newer »
This thread is closed to new comments.