INeedAttention.com

It would be impossible to argue that there isn’t a lot of hype around Facebook. Microsoft’s recent purchase of a mere 1.6% stake of Facebook for a total of $250 million means that Microsoft believes Facebook to be worth a whopping $15 billion. To put things in perspective, that means that Facebook has a higher valuation than the Ford Motor Company (whose market cap is about $13 billion).  And here, we’ll discuss ways to get information you’re looking for despite the best efforts of their programmers.

So clearly, there’s something to Facebook that makes them so appealing to consumers and apparently valuable. Facebook is an e-marketing wet dream. Few other sites can boast that their users volunteer so much demographic data, ranging from their age to their relationship status to their political views to their favorite James Blunt song. Privacy advocates be damned — this generation can’t help but share with the world every little detail about themselves.

Social networking sites like Facebook contain some features that help users control their privacy, but let’s be real: if you’re posting something on the Internet, there’s a good chance that someone will eventually see it. Herein lies the problem: it becomes very difficult to control data once it hits the Internet, since digital files can be infinitely reproduced at no cost with no loss. Anyone that ever downloaded an MP3 illegally understands how this can work to their benefit. With that said, this article will explain how to ensure you are accessing the most content you are permitted to view. So first, a disclaimer: depending on how you define “hacks”, this may not be a “hack”. Feel free to refer to it as a “trick” instead if you’re a pedantic grammar-police volunteer.

Facebook at least attempts to pretend it cares about user security since it first launched. However, numerous exploits soon surfaced (covered elsewhere on this blog). I was once even approached by (presumably) Russian spammers that learned I had a technique to harvest email addresses from Facebook. It may not be so easy to harvest emails anymore, but one thing is for sure: most people don’t understand how to set privacy permissions on their photo albums. When you create a photo album on Facebook, the default “Album Privacy” setting is to allow your album to be shared with, well, everyone! But, while “everyone” may be able to access the photo album, not everyone is able to access your profile. To further confuse things, photo album privacy settings are set from the album itself, not from the usual privacy console. So without further ado, here is a technique to browse photo albums that you normally would never be able to browse. The only requirement is that you must already have access to one photo in the album.

So, for example, you load up your friend’s profile, and click “View Photos of Me”. Now, under “Added by others” you should see a whole set of photos that were added by that person’s friends. Click any photo added by someone else. This will load the photo page. If you click “Next”, you will be taken to the next photo of your friend – not the next photo in the original gallery. Here is the hack: to view the photos in the original gallery, you just need to edit the URL you’re at. Let’s say the photo’s URL is: (and note this is NOT a valid URL)

http://www.facebook.com/photo.php?pid=34567890&op=1&view=all
&subj=1234567890&id=1234567809

Clicking “Next” might bring you to photo:

http://www.facebook.com/photo.php?pid=35678901&id=1345678901
&op=1&view=all&subj=1234567890

Note that the “pid” and “id” values have changed, but the “subj” value did not. The “subj” value is the user ID of the person you’re friends with. The “op” and “view” values tell Facebook what type of navigation to give you (i.e. where the “next” and “previous” links point to). Let’s reload that first photo again without all the clutter. Delete everything from the URL besides the “pid” and “id” values. The new URL will look like this:

http://www.facebook.com/photo.php?pid=34567890&id=1234567809

Now, click “next”. Notice that it’s probably not the same photo that you saw when you clicked “next” last time. That’s because now, you are loading the photo as if you are browsing the gallery. Instead of browsing by “subj” (photos of the person you know), you’re now just loading the photo. And remember, you have permissions to load that photo because the default gallery permission is that “Everyone” can.

I find this very useful for finding photos of someone that may have been untagged. For example, if your friend was at a party, and their friends uploaded 10 photos of them, maybe they started to get a little tipsy at the end of the night and didn’t want people so see those last 9 photos, so they untagged all but one. Load that one still-tagged photo, hack the URL as described above, and you can see the remaining photos.

I’d love to hear feedback on this — whether you consider it a hack, a bug, an annoyance, or even just a feature!