Don’t Trust Facebook’s Photo Privacy At All

You constantly hear about things happening to people because of things on facebook.  Mostly pictures and how certain people who probably shouldn’t be able to see them somehow managed to see them.

And it goes sort of like this.  I have a photo album called ‘Pets‘ and this album on Facebook.  This album has the privacy setting “Friends Only” and as you will see if you click the link to the album a few things will happen depending on who you are and whether or not you are logged in to Facebook…

  1. If you are logged in and not my friend it should deny you.
  2. If you are logged in and my friend it should allow you.
  3. If you are not logged in, it should ask you and then decide on #1 or #2.

That’s all good and well.  That’s how I expect things to work. Here’s the problem though:

this is supposedly viewable only by friends.
this is supposedly viewable only by friends.

If you can see that image above, Facebook’s privacy settings for my images are not working.

The issue comes as a result of Facebook using a different domain name for their content distribution network (CDN) to serve up their massive amounts of images.  They use – and as a user of facebook you are logged into the ‘’ domain.   The CDN is never aware of who is actually viewing the pictures and thus cannot block/allow based on Facebook’s privacy settings.

All it takes is one rogue friend or application on Facebook to expose the direct links to your images and voila, no more privacy.

By Darryl Clarke

random text goes here, i guess