Rants on business, science, technology, society, politics, police, and justice, plus life hacks and tricks, since 2003. header image 2

Hacking Facebook Redux

April 2nd, 2008 · 8 Comments

It would be impossible to argue that there isn’t a lot of hype around Facebook. Microsoft’s recent purchase of a mere 1.6% stake of Facebook for a total of $250 million means that Microsoft believes Facebook to be worth a whopping $15 billion. To put things in perspective, that means that Facebook has a higher valuation than the Ford Motor Company (whose market cap is about $13 billion).  And here, we’ll discuss ways to get information you’re looking for despite the best efforts of their programmers.

So clearly, there’s something to Facebook that makes them so appealing to consumers and apparently valuable. Facebook is an e-marketing wet dream. Few other sites can boast that their users volunteer so much demographic data, ranging from their age to their relationship status to their political views to their favorite James Blunt song. Privacy advocates be damned — this generation can’t help but share with the world every little detail about themselves.

Social networking sites like Facebook contain some features that help users control their privacy, but let’s be real: if you’re posting something on the Internet, there’s a good chance that someone will eventually see it. Herein lies the problem: it becomes very difficult to control data once it hits the Internet, since digital files can be infinitely reproduced at no cost with no loss. Anyone that ever downloaded an MP3 illegally understands how this can work to their benefit. With that said, this article will explain how to ensure you are accessing the most content you are permitted to view. So first, a disclaimer: depending on how you define “hacks”, this may not be a “hack”. Feel free to refer to it as a “trick” instead if you’re a pedantic grammar-police volunteer.

Facebook at least attempts to pretend it cares about user security since it first launched. However, numerous exploits soon surfaced (covered elsewhere on this blog). I was once even approached by (presumably) Russian spammers that learned I had a technique to harvest email addresses from Facebook. It may not be so easy to harvest emails anymore, but one thing is for sure: most people don’t understand how to set privacy permissions on their photo albums. When you create a photo album on Facebook, the default “Album Privacy” setting is to allow your album to be shared with, well, everyone! But, while “everyone” may be able to access the photo album, not everyone is able to access your profile. To further confuse things, photo album privacy settings are set from the album itself, not from the usual privacy console. So without further ado, here is a technique to browse photo albums that you normally would never be able to browse. The only requirement is that you must already have access to one photo in the album.

So, for example, you load up your friend’s profile, and click “View Photos of Me”. Now, under “Added by others” you should see a whole set of photos that were added by that person’s friends. Click any photo added by someone else. This will load the photo page. If you click “Next”, you will be taken to the next photo of your friend – not the next photo in the original gallery. Here is the hack: to view the photos in the original gallery, you just need to edit the URL you’re at. Let’s say the photo’s URL is: (and note this is NOT a valid URL)

Clicking “Next” might bring you to photo:

Note that the “pid” and “id” values have changed, but the “subj” value did not. The “subj” value is the user ID of the person you’re friends with. The “op” and “view” values tell Facebook what type of navigation to give you (i.e. where the “next” and “previous” links point to). Let’s reload that first photo again without all the clutter. Delete everything from the URL besides the “pid” and “id” values. The new URL will look like this:

Now, click “next”. Notice that it’s probably not the same photo that you saw when you clicked “next” last time. That’s because now, you are loading the photo as if you are browsing the gallery. Instead of browsing by “subj” (photos of the person you know), you’re now just loading the photo. And remember, you have permissions to load that photo because the default gallery permission is that “Everyone” can.

I find this very useful for finding photos of someone that may have been untagged. For example, if your friend was at a party, and their friends uploaded 10 photos of them, maybe they started to get a little tipsy at the end of the night and didn’t want people so see those last 9 photos, so they untagged all but one. Load that one still-tagged photo, hack the URL as described above, and you can see the remaining photos.

I’d love to hear feedback on this — whether you consider it a hack, a bug, an annoyance, or even just a feature!

Tags: Computers · pwn3d! (Hacks and Tricks) · Technology

8 responses so far ↓

  • 1 Thomas // Apr 2, 2008 at 8:37 pm

    Facebook isn’t publicly traded, so that’s an unfair comparison. There’s no doubt at all that the Ford company is far more valuable than Facebook, and there’s no chance that it could be bought for just $13B. A hostile takeover (this is hypothetical — I don’t think UAW would allow it) would probably double the price of Ford shares.

  • 2 Lizzy // Apr 3, 2008 at 12:33 pm

    Pete you never cease to amaze me with your knowledge of things ill never understand.

  • 3 boyatronic // Apr 9, 2008 at 10:05 am

    Well I agree with u. Its a hack but who cares.. I do it all the time, same on myspace or photobucket.. Is just too bad for ppl that don’t do their privacy setting the right way. Other thing is… Don’t take it so serious.. What’s the worst that can happen….?

  • 4 AfRoThUnD312 // Apr 10, 2008 at 10:51 am

    Yeah i can dig it!… good find it seems like it could turn out to be a useful tool if the right situation arose.

  • 5 Chedorlaomer // Apr 22, 2008 at 1:32 am

    Great trick, I dig it! But do you know of any way to view pictures of someone who is not your friend, if you don’t have access to any of their pictures? Is there a way? Now, that would be nice!

  • 6 skrull // Apr 25, 2008 at 11:46 am

    and what if i have a facebook account but not friends however the profile im looking right now is public. the friend of this person has a restricted profile im interested to look

  • 7 ram ram // May 3, 2008 at 8:55 am

    it works like a charm!

  • 8 darian // Oct 27, 2011 at 11:20 pm

    how do yhu unblock facebook on a school computeer?

    [Editor’s reply: You wouldn’t understand.]

Leave a Comment