Your Facebook Photos Aren’t Exactly Private
Add this to the list of Facebook privacy issues. I assumed most Facebook users have noticed this gaping privacy loophole, but I’ve learned from conversations with a few other Facebook users that some people are not aware of the following problem. You can view photos of other users even when these users are not your friends, if one of your friends comments on the photo.
For example, I’m friends with Andrew on Facebook, so I can view his mini feed updates:
I am not friends with Rasmus on Facebook, so I cannot see his profile, but I see Andrew has commented on a photo from Rasmus and I’m able to click and view that photo from a link in Andrew’s mini feed.
Again, I’m not friends with Rasmus on Facebook, but because one of my Facebook friends commented on his photo, I can click and view every photo from Rasmus in this photo gallery. These photos are not public photos. Nice apartment Rasmus.
As you can see, I don’t have access to Rasmus’s profile, but I can still view his photos.
Clearly this is a major privacy loophole that is not accounted for in the current Facebook privacy settings.
UPDATE: As dot dot dot points out in the comments, the default privacy setting for photo albums is “Everyone” so this is not a loophole in the privacy settings or a site bug.
But I do think the way the privacy settings are setup is misleading. The default setting for everything but photo albums is “Only Friends” and the photo album privacy setting is not displayed on the profile privacy page, but on a separate page.
I would argue that most users assume that if their profile is private, their profile photos are private, even though Facebook makes a distinction there in the way the privacy settings are broken down.
I think the default privacy setting for photo albums should match your profile privacy setting and that it should be displayed on the main level profile privacy page:
http://www.facebook.com/privacy/?view=profile
This reminds me a lot of the misleading mini-feed behavior. When you delete an item from your mini-feed it doesn’t actually stop displaying that info to your friends, it just hides it from you.
i’ve been telling people about this for months now!! facebook sucks.
~ 10:42 am on 06/03/08@zodak: yes, seriously. i’ve seen this bug for a long time too and i figured the only way it was going to get resolved was by trying to bring attention to it.
~ 10:45 am on 06/03/08http://www.facebook.com/editalbum.php?new
- The default privacy setting for a photo album is everyone… So not really a bug
~ 4:07 pm on 06/03/08@dot dot dot: That’s a good point. You’re right that the default privacy setting for a photo album is everyone. But I think the way the privacy settings are setup is misleading.
The default setting for everything but photo albums is “Only Friends” and the photo album privacy setting is not displayed on the profile privacy page, but on a separate page.
I would argue that most users assume that if their profile is private, their profile photos are private, even though Facebook makes a distinction there in the way the privacy settings are broken down.
I think the default privacy setting for photo albums should match your profile privacy setting and that it should be displayed on the main level profile privacy page:
~ 4:19 pm on 06/03/08http://www.facebook.com/privacy/?view=profile
I’m glad you like the apartment Mark. I hope you guys kick ass at C&T
~ 11:56 am on 06/06/08@rasmus, hey! glad you found this post. i’m no longer at c&t. i hope all is well with you.
~ 10:31 pm on 06/09/08everythins is superb. im back in new york with that o1 visa
~ 6:47 pm on 06/10/08where u now?