How Facebook lies about their privacy settings

Who can look me up privacy settings
Who can look me up privacy settings
Facebook reply
Facebook reply
Why I see my full name
Why I see my full name
Facebook’s feedback form
Facebook’s feedback form

Attack scenario

You are the owner of a public Facebook page that posts about local activities and news. You prefer to keep your identity private. On your page you have an email address like “info@page-name.com” this same email address is used to login to your private profile. An attacker visits a few local hotspots and finds one you have connected to before. The attacker uses the forgot password function and is now able to see your full name and profile picture.

Summary

  • The who can look me up functionality does only work for people that have no access to a network you have or had access to.
  • Facebook does not make this information public and thus is violating the GDPR law in Europe.
  • Even if you set your privacy settings right, their might be some unmentioned exceptions that overwrite your settings.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
GrumpinouT

GrumpinouT

Professional My Little Pony addict