Facebook photos with access controls on them will not keep a photo truly private, IT PRO has learned.
By simply right clicking and selecting copy image location' on a photo, anyone can then paste the URL to share it with unauthorised users, even those not on Facebook.
"If Tom decides to share a photo with Betty and only Betty, Betty can in fact share that photo wherever she pleases without Tom knowing by simply right clicking on the photo and copying the address or image location," an anonymous source explained to IT PRO.
We tested the theory on Facebook and found the source's claims to be true.
The source suggested the findings indicated Facebook image serversare not encrypted.
The source also hypothesised a hacker with untoward intent could upload a variety of photos to their own account, examine the URLs and work out the server and file naming systems.
A hacker could then develop a script to generate various combinations, search for files, download and spreadthem, the source suggested.
"On Facebook we have numerous protections to prevent guessing of attacks on photos. For example, each photo includes a random secret key that has millions of permutations," a Facebook spokesperson told IT PRO.
"We of course do not disclose all of our protections to protect their integrity."
The spokesperson noted users can copy and paste any photos they have access to from any website and send it to whomever they want.
"This is exactly the same action as copying and pasting the content delivery network URL, which functions the same way on many major websites including Flickr, TwitPic and Picassa," the spokesperson added.
"While this practice is standard across many sites, we are always working on ways to improve the user experience and actively working on building additional protections."
Graham Cluley, senior technology consultant at Sophos and regular commentator on Facebook, said it was "pretty bad form" from the social network to have photos viewable by people without permission.
"The fact that you can see private' photos when you're not even logged in to Facebook suggests that they simply haven't grasped what privacy is all about," Cluley told IT PRO.
"Only Facebook users who are logged in and authorised to view specific photos should be able to see the photos."
The issue is a potentially serious problem for Facebook, which has come under fire for its handling of privacy in the past.
Just this week, Facebook seemingly carried out a u-turn on a feature that would let app developers access users' mobile phone numbers and addresses.
The social networking giant said it was going to update the feature to ensure users only share their data when they intend to do so.
Last year, Facebook updated its privacy settings after it was heavily criticised by various groups.
During the summer of 2010, Privacy International went so far as to send an open letter to Facebook calling for the social network to make significant changes.
One call the group made was for Facebook to provide users with control over every piece of information they can share, including photos.
It seems users do not have total control over how their images can be used just yet.
-
Enterprises face delicate balancing act with data center sustainability goalsNews High energy consumption, raw material requirements, and physical space constraints are holding back data center sustainability efforts, according to new research from Seagate.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
How to use LinkedIn to market yourself as an IT professionalwhitepaper Whether you’re updating your LinkedIn profile or creating one for the first time, it’s critical to remain consistent and credible if you hope to raise your profile within the IT industry
-
Meta to pay $725 million in Cambridge Analytica lawsuit settlementNews The settlement closes the long-running lawsuit into how Facebook's owner, Meta, handled the Cambridge Analytica scandal
-
Businesses to receive unique Twitter verification badge in platform overhaulNews There will be new verification systems for businesses, governments, and individuals - each receiving differently coloured checkmarks
-
Twitter could charge $20 a month for 'blue tick' verification, following Musk takeoverNews Developers have allegedly been given just seven days to implement the changes or face being fired
-
Meta's earnings are 'cause for concern' and 2023 looks even bleakerAnalysis Calls for investor faith in metaverse tech only emphasise the worries that its investment strategy won't pay off
-
Sophos Intercept X Advanced review: A huge range of endpoint protection measures for the priceReviews A superb range of security measures and a well-designed cloud portal make endpoint protection a breeze
-
Microsoft and Meta announce integration deal between Teams and WorkplaceNews Features from both business collaboration platforms will be available to users without having to switch apps
-
Facebook is shutting down its controversial facial recognition systemNews The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technology
