Let's look at the following URL:
https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc6/262207_
10150250379330782_639435781_7283246_1748549_n.jpg
This URL corresponds to the direct link of my profile picture, even if it has a security setting such that only my friends can see my profile picture, anyone with that URL could see it; so through an authorized intermediary, one could have access to the photos of a person who normally could not.Ahh, but nothing happens, because there always has to be a friend who passes the link. ERROR.
Then I will show an example, but theoretically it is possible to create an algorithm that by varying the numerical sequences of the URL, captures the uploaded images. Number sequences are not random numbers, but identify the profile, album and photo (crude example). A particular example, the 639435781 highlighted in the URL corresponds to my 'profile id'.
There is a kind of "application" within facebook, which given a profile number, returns certain information. For example, http://graph.facebook.com/639435781 returned to us:
It's not entirely private information, it mentions only my first name, last name, gender and what language I use Facebook in; also if my privacy settings were such that my email is public, it would appear in the data. Again, this allows us through an algorithm (not at all complicated) to obtain data, for example I used an algorithm that from my ID, I was going to obtain the results of the next 100 IDs.{"id": "639435781", "name": "Alejandro Pernin", "first_name": "Alejandro", "last_name": "Pernin", "link": "https://www.facebook.com/ale.pernin", "username": "ale.pernin", "gender": "male", "locale": "en_GB" }
Source: Aleperno Blog
Leave your comment