Over the last several months, Facebook has been making significant design and UI changes. Besides the newsfeed changes announced several weeks ago, Facebook has recently begun rolling out a large change in the way you search for information through the platform. While this feature is still in “beta” status, you can tell if you have the new Graph Search by looking at the top left side of your Facebook profile (Figure 1). You will see a search area called “Search for people, places and things”.
Figure 1 – Location of the Facebook Graph Search on Your Profile Page
The Facebook Graph Search is a new implementation of search which retrieves information that comes from Facebook’s Graph. This new feature brings powerful capabilities for finding out more about your friends’ “likes” and activities. It also provides attackers with a more efficient way to glean information for social engineering attacks and other intelligence gathering activities.
What’s the Facebook Graph?
Think of the Facebook Graph as a very large database of personal information from (literally) a billion Facebook users. This information is categorized by what you and your friends like as well as what you’ve posted, what’s in your profile, locations you’ve visited, and tagged pictures. The Facebook Graph has evolved over the years in order to correlate as much information as possible, making it very easy to search.
What’s the Privacy Concern?
The issue is that anything you’ve ever posted publically, “Liked,” or were ever tagged in can be quickly searched. Additionally, other information that you’ve posted in your profile, such as your hometown, relationship status, and employer now become searchable. For example, those party pictures you were tagged in four years ago doing things you would never do anymore can be searched by your friends and possibly the friends of your friends; or worse, anyone with a Facebook account.
The Graph Search opens up lots of new and interesting search possibilities that we’ve yet to see on a social network. Here’s one example: Suppose you are a single male looking for single females. You can simply search for “photos of friends of my friends who are single and female” and find pictures of all the single females that are friends of your friends. Interesting, huh? How about the intelligence gathering aspects of these types of searches? For example, search for “<Insert Company> employees located in <Insert City> and you will have a list of targets for social engineering or more. For some other eye opening searches, I recommend you read this blog which shows some interesting privacy ramifications of creative searches.
How to Protect Your Privacy
First, check out Facebook’s “Activity Log” (Figure 2) which can be found under Privacy Settings and Tools in your Privacy Settings.
Figure 2 – Location of Facebook’s Activity Log
Next, if you want to change the privacy settings for all posts you’ve shared with Friends of Friends or with the Public, you can select “Limit Past Posts,” which will automatically change the privacy settings on all past posts (Figure 3).
Figure 3 – Selecting “Limit Past Posts” changes privacy settings for all posts set to Friends of Friends or Public
You will also want to make sure you review the following items in your Activity Log (Figure 4): Your Posts (especially those set to Public or Friends of Friends), Posts You’re Tagged In, Posts by Others, and Your Photos. It doesn’t hurt to also review your Likes to make sure there is nothing you liked that you don’t want coming up in a search.
Figure 4 – Items to Review in Your Activity Log
Lastly, carefully review your Facebook Privacy settings especially if you haven’t looked at them in a while. The Facebook Graph Search makes these settings more important than ever. Be sure to download SecureState’s recently revised Facebook Privacy & Security Guide which walks you through the recommended privacy settings while still allowing you to be social. The updated guide includes details on Facebook Graph Search and other important privacy settings. I encourage you to share this guide with friends and family.
Looking For More Information on Social Media Privacy?
SecureState has just released a comprehensive whitepaper by Ken Smith of SecureState’s Profiling & Penetration Team entitled “The Problem with Privacy”. I highly recommend you download and read this whitepaper to find out what the latest threats to your privacy are when using Social Media.
Cross-Posted from the SecureState Blog