Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection | post

Does Facebook’s new ‘Graph Search’ pose ID theft danger?

by Steve Schwartz on

Facebook continues to roll out and expand its new 'Graph Search' feature. Many privacy experts believe this new feature has the potential for id theft.

The basic idea is using Graph Search you can search for specific data that your "friends" have posted to Facebook. For example, say you have a wide range of friends and you are going to a new city. You could Graph Search for "restaurants in San Francisco visited by my friends," and you would come up with any postings your friends might have made about restaurants in San Francisco or when they have "checked-in" from a San Francisco restaurant.

OK, safe enough and probably valuable you are thinking. But now expand your universe by searching "friends of friends."  Or go even further search "friends of friends of my friends." You might be absolutely stunned at the result.

Or search in a kind of reverse universe - search for certain characteristics along with "people who are not my friends." You are likely to have a potential universe of huge size. So the Graph Search actually asks you to "refine" your search by using various specific characteristics.

An innocent way this might be used is by a teenage girl who is looking in her city for girls her age who she does not currently know, who also do not go to her school, but whose hobby is chess.

A 'people who are not my friends' search using those characteristics of city, gender, age range, school (or not school) and chess as a hobby might well provide the young lady with a list of potential new local friends about her age she might contact looking for chess opponents.

That's the way ideally this new search method on Facebook is designed to work. But the potential for ID theft, or worse, is clearly present.

Here are some examples of Graph Search gone bad:

  • With a Graph Search using the right characteristics an id thief could learn a person's name, date of birth, and where they live. From there id theft is just a step away.
  • A burglar working in a certain city could determine if someone is away by using the "checked-in" search function and finding out who is not in town and a potential target.
  • A predator could learn where a potential target lives using Graph Search or could develop a list of potential victims.
  • A Graph Search using characteristics might uncover everything you have liked or disliked and now they could be used identify you and classify you in ways you do not want.

In announcing Graph Search’s expansion, Facebook referred to the new privacy controls that have been introduced. Facebook strongly recommends they be used to manage who can see the content or messages posted. "As always, when sharing anything on Facebook, remember to use good judgment and share responsibly," the company says.

So how do you view and change your privacy settings in Facebook? To start, when you log onto your Facebook page, you'll see in the top toolbar a lock symbol. Click on and it brings you to the "Privacy Shortcuts Menu." Immediately you'll see a number of areas that you can quickly manage including who can see your posts, who will in the future be able to see your posts, who now can view your "timeline" and who is able to contact you. If you still have the default settings, you need to make changes.

This is only a start. At the bottom there is a See More Settings link. Click on it and you have the ability to access your Activity Log, where you can and should review your list of past activities to remove all that you do not want to share. There is also a Request and Removal tool you can use to ask "friends" to take down pictures of you.

Very important – under Privacy, you are given the now all-important question: “Who can look me up?” The default setting is "Everyone." At the very least this should be changed to "Friends" or limited to specific persons.

There is now an apps section to privacy. This needs close attention as these days so many apps are, or can be, linked to Facebook. Go to the "Apps You Use" section and make necessary changes by un-checking boxes to limit access by apps to your personal information.

You should review your Profile. Do you really want all this information out there for people to see and to find its way into a Graph Search? You might want to remove location information, religious and political information, and other bits of information that you really don't want to, or shouldn't, share

You have to be responsible to protect your identity. With Graph Search here to stay, users must be even more vigilant about what they post, and whether the correct level of privacy guards are in place.