A member of link sharing and discussion site Reddit.com has spotted a way to potentially access private notes on Facebook via a basic Google search query.
Searching for “site:http://18.104.22.168/notes.php” on Google reveals thousands of peoples profile notes on Facebook. Clicking on each will reveal the individuals notes page as you would see if you were friends the individual on the site and visiting that particular section of their profile.
Your immediate reaction, as was mine, is that the individual had probably made their profile public, but after checking about a dozen different profiles, that is definitely not the case. You then might consider that the individual has chosen to just reveal their notes to the public, something that is possible, but again these were not accessible via any of the profiles found on Google – even when logged into the site.
Notes on Facebook generally don’t contain the most private of thoughts, nor is it an area where most people tend to keep private information. However, it does once again bring to our attention online security and privacy, something that Facebook has always prided itself on. If they can’t get notes secure, what other loopholes are out there? Their latest move towards a Twitter like service has made the site increasingly public, whereas once upon a time it once positioned itself as an extremely private community of friends – the ultimate address book of sorts.
Sadly, it’s not the first security issue to hit the hugely popular social networking site.
In May, a security loophole was found that could have allowed identity thieves and spammers to gather users’ personal email addresses. In March, a critical security flaw has been discovered that made it possible for users to look through other people’ personal photo albums, even with privacy settings set accordingly.
That said, I repeat, it is still unclear whether this is a server issue, a profile privacy issue or a note application issue. We will definitely keep digging, and have contacted Facebook for comment. This post will be updated when we have further information.
Facebook has responded saying that all of the individuals notes found via Google have chosen to make their notes public. Something that we considered immediately when when shown the search results. That said, none of these notes are accessible via the individual’s profiles on Facebook.com. It may very well be that the only way to access “public notes” is via search engines rather than any links on someone’s public profile page. We’ve again asked Facebook whether that is the case and will report back with more information once we have it.