The New Facebook Graph Search: How You’re Helping Hackers Gather Information

Monday, July 15, 2013

Tom Eston


Over the next several weeks, Facebook will begin rolling out a large change in the way you search for information through their platform, starting with users that have their language set to U.S. English. When this feature is enabled on your profile, Facebook will notify you on your profile page and you will see the new Graph Search by looking at the top left side of your Facebook profile (Figure 1). You will see a search area called “Search for people, places and things”.

Figure 1 – Location of the Facebook Graph Search on Your Profile Page

The Facebook Graph Search is a new implementation of search which retrieves information that comes from Facebook’s Graph. This new feature brings powerful capabilities for finding out more about your friends “likes” and activities. It also provides attackers with a more efficient way to glean information for social engineering attacks and other intelligence gathering activities.

What’s the Facebook Graph?

Think of the Facebook Graph as a very large database of personal information from (literally) a billion Facebook users. This information is categorized by what you and your friends like as well as what you’ve posted, what’s in your profile, locations you’ve visited and tagged pictures. The Facebook Graph has evolved over the years in order to correlate as much information as possible, making it very easy to search.

What’s the Privacy Concern?

The issue is that anything you’ve ever posted publically, “liked,” or were ever tagged in can be quickly searched. Additionally, other information that you’ve posted in your profile, such as your hometown, relationship status, and employer now become searchable. For example, those party pictures you were tagged in four years ago doing things you would never do anymore can be searched by your friends and possibly the friends of your friends; or worse anyone with a Facebook account.

The Graph Search opens up lots of new and interesting search possibilities that we’ve yet to see on a social network. Here’s one example: Suppose you are a single male looking for single females. You can simply search for “photos of friends of my friends who are single and female” and find pictures of all the single females that are friends of your friends. Interesting, huh? How about the intelligence gathering aspects of these types of searches? For example, search for “ employees located in and you will have a list of targets for social engineering or more. For some other eye opening searches I recommend you read this blog which shows some interesting privacy ramifications of creative searches.

How to Protect Your Privacy

First, check out Facebook’s “Activity Log” (Figure 2) which can be found under Privacy Settings and Tools in your Privacy Settings.

Figure 2 – Location of Facebook’s Activity Log

Next, if you want to change the privacy settings for all posts you’ve shared with Friends of Friends or with the Public, you can select “Limit Past Posts” which will automatically change the privacy settings on all past posts (Figure 3).

Figure 3 – Selecting “Limit Past Posts” changes privacy settings for all posts set to Friends of Friends or Public

You will also want to make sure you review the following items in your Activity Log (Figure 4): Your Posts (especially those set to Public or Friends of Friends), Posts You’re Tagged In, Posts by Others, and Your Photos. It doesn’t hurt to also review your likes to make sure there is nothing you liked that you don’t want coming up in a search.

Figure 4 – Items to Review in Your Activity Log

Lastly, carefully review your Facebook Privacy settings, especially if you haven’t looked at them in a while. The Facebook Graph Search makes these settings more important than ever. Be sure to download SecureState’s recently revised Facebook Privacy & Security Guide which walks you through the recommended privacy settings while still allowing you to be social. The updated guide includes details on Facebook Graph Search and other important privacy settings. I encourage you to share this guide with friends and family.

Looking For More Information on Social Media Privacy?

SecureState has released a comprehensive whitepaper by Ken Smith of SecureState’s Profiling & Penetration Team entitled “The Problem with Privacy.”  Download and read this whitepaper to find out what the latest threats to your privacy are when using Social Media.

Cross-posted from the SecureState blog

Possibly Related Articles:
Infosec Island Security Awareness
Privacy Facebook Graph Search
Post Rating I Like this!
Mike Adams Facebook Graph Search does more to harm individual privacy every day than the all of the three letter government agencies combined.

Graph Search derives directly from the link analysis and relational database searches that those agencies have used to track terrorists and criminals world wide since at least the 1980s. Same operational theory now allows others to actively track you. Law enforcement can use FaceBook unhindered whereas they need warrants or must follow strict guidelines for most dedicated databases.

Welcome to the world you created.
leijon 19 The author of the Language of Desire system, Felicity Keith, advertises her program as easy, inspirational, and transformational. I can get behind the latter two adjectives very quickly – you are going to learn a lot of great things here. rebelmouse
leijon 19 The author of the Language of Desire system, Felicity Keith, advertises her program as easy, inspirational, and transformational. I can get behind the latter two adjectives very quickly – you are going to learn a lot of great things here.
Raushan Kumar Shifting residence 1 position for a a different might be exciting. After we contemplate in regards to brand-new natural environment in our product new residence, product new locations
Movers Mumbai or
Packers and Movers Hyderabad or
Raushan Kumar Therefore, it's rather a extremely overwhelming procedure to advance your residence just one holiday position definitely to another.
Packers and Movers Bangalore or
Raushan Kumar Moving residence entails a lot of operates such as near family members associates overall look, operating, unloading, unpacking, buying, for example which usually produce unwanted pressure.
Packers and Movers Delhi or
Packers and Movers Chennai @
Packers and Movers Gurgaon or
williama willis This also has the additional advantage of assisting you make articles that provide content that is likely to get a huge variety of queries.
williama willis While there are countless writing and article promotion websites today, finding many of them can be quite a challenge.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.