Facebook, Facebook , Facebook.... 2018 was not quite a Happy Year for Facebook.. Though I'm not here talk about those.
Today I'll talk about a facebook features which is totally killing another feature. So without further talking let's jump into the main content..
I'll keep it short and simple...
Back in 2017 , Facebook introduced Profile Picture Guard for indian users to secure their photos from misuse.
[Source]
When Profile Picture Guard Turned on a Profile , other users will not be able to download images from that profile and blue border appears on the profile picture :
And on the bottom you'll not see any View Full Size Option
Wait...!! I forgot One Thing, According The Claim , Facebook should be preventing users from taking screenshot, But where is the feature?π
Now , Leave that for now, there's already a Facebook Feature which we can use to download anybody's profile picture bypassing the so-called Profile Picture Guard
So , Let's take a Look at How We Can Download a Profile Picture with Profile Picture Guard turned on.
First Thing We'll need is Victim's , I mean target's Numerical Profile ID (or whatever it's called)
We can extract target's Numerical Profile ID with https://findmyfbid.in/ if profile id isn't visible and has username such as bauripalash , abcd etc..
Now visit
https://graph.facebook.com/USERNAME/picture?width=800
and replace USERNAME with target's Numerical Profile ID
Now You'll See The Profile Picture of The Target User Will Be Shown and Also available for Download
Now! My Question is, Is Facebook Fooling Us , Indians? π‘
They Day when I found this, I reported that to Facebook Whitehat Program. At first I thought, There must be some authentication or api key system and maybe it's broken somehow!
After few days , I got reply from a staff , In Summary , he said
Thanks for your report, but we do not consider capturing a public image from the web to be eligible for a bounty under our program.
...
Itβs important to remember the profile picture is always public. The feature you mentioned is a pilot test to see how these tools can help people have better control over how other people engage with their profile picture on Facebook.
...
I mean π anybody can download a so-called Guarded Profile Picture. Then what's the use of Profile Picture Guard? Just A Fancy Blue Border! π
Disclaimer : I , Palash Bauri or Dev.to is not Responsible for any damage done with the methods mentioned here. This article is only for educational and awareness purposes
If You Like My Work (My Articles, Stories, Softwares, Researches and many more) Consider Buying Me A Coffee β π€
Top comments (15)
I wouldn't say Facebook is "fooling" you per se. I think it's just a matter of perspective: the user and the developer.
I feel like the "Profile Picture Guard" is really only there to "guard" against the not-so-tech-savvy people. I mean I could easily open up the DevTools to pull in the link for somebody's Facebook (or any other social media) profile picture. For the common user, they wouldn't even know that the DevTools existed. Since most of the world are not as familiar of web technologies as weβthe developersβare, then yes, you could say that Facebook is fooling the developers. Otherwise, for the normal user, they are not exactly being "fooled" because most of the world is not even aware of the fact that you can pull in profile pictures yourself. The "Profile Picture Guard" acts as a pseudo-guard against the normal users.
In conclusion, the "Profile Picture Guard" is indeed protecting you from the normal users, which constitute most of the world. With that said, Facebook is not exactly fooling anyone but the developers.
Yes, one can argue that the users are also being fooled by extension if the developers are also fooled. On that note, then sure, Facebook is in fact fooling everyone with the feature. However, I wouldn't see it as a big deal. The user did upload their picture to the Web. It has to be expected that anything that comes into the Web can never be taken back. There is no magic undo button. It just comes with the fact that the user "agreed" to the Terms and Conditions and the Privacy Policy of Facebook upon the creation of their account. At that moment, the user surrendered their rights to have a say on what can be done with their profile pictures.
I agree, but now about 100 people know how to get somebody's Guarded Profile Picture so easily
I would imagine the number of people who could get someone's profile picture within a minute numbers in the millions.
This comes on the same day it's revealed that Facebook sold Netflix and Spotify info about private DM conversations.
Very hard to give them the benefit of doubt on any of this.
I don't understand how a person can sleep at night selling another person's privacy! π
If you care that much about privacy why are you using FB in the first place? They are not really known for being user privacy oriented corp... If someone cares that much about their pics being used in a malicious way, they wouldn't share them publicly, right? I'm not that familiar why is this specific to India but once you put something on the internet there is not much you can do about it, and skillful (or enough motivated) people will always find a way to get this kind of data that is at the end publicly available on the client side of the application.
I agree! I think, Parents should stop their kids from using these, explaining what's the scene in facebook..
In my locality (And Most Of India) Facebook, Instagram and now the-Tiktok-thing has become kind of fashion item π
Reminds me of an article about Quora and their attitude towards The Internet Archive. quora.com/robots.txt
Because adding a line to your robots.txt is totally going to make mirroring the site impossible.
As Some Dood said, there are a bunch of ways of getting around this, from pulling the image off the webpage source to screen capture to photographing your monitor. One wonders why they even tried.
On the other hand, Iβm shocked to learn Facebook lied! No, wait, the other thing.
I wouldnβt be surprised if theyβre just playing stupid to avoid paying a bounty.
It is highly likely that everybody on the team that built this feature knew full well that there was no way to truly protect the photo before even a single line of code was written for it. The fact the photo was downloaded to the browser means it could be retrieved by a determined user.
I'm curious to know why this feature was even created. Is profile photo stealing a thing? What would somebody do with it? I've got to believe anybody that is stealing photos for nefarious reasons (whatever that might be) would figure out how to get around whatever limitations FB implemented.
They could serve low-res and protect hi-res version.
There should be some local problem. Different strange things happen around the globe.
That's my point, when they know profile pictures can't be protected, then why fool people with a fancy blue border?π‘
Their Arrogance will drown them!π
Solid and beautiful article, I was translating DDHH report on Basecamp's outage for a friend and I remember her surprise on the fact that a CEO was "taking the fall" for the whole company. We need more of that, and we need it now!