2010/Practical Facebook stalking with Open Source tools
Facebook are full of juicy information about your friends and strangers alike! Learn how to use some simple open source tools and techniques to learn more about them.
Speaker: Paul Fenwick
Return to this session's details
Paul has no life. How can he get a social life? Join us for this gripping story.
Facebook::API - code myself a social life.
1. find people 2. ask them to be friends 3. mine their personal information 4. evaluate their friendship potential
Much more efficient than going to a conference or hanging out on IRC.
Strategically befriending people. To help with global overlord in training.
Not a stalker. Stalker = "unwanted" attention. Not a stalker. "Just a very nice man, who knows an awful lot about you."
Trick 1. Turn email address into a profile. Just search for their email address...
"Graph API: stalker's dream come true"
http://graph.facebook.com/549169610 = public information about that user
http://facebook.com/profile.php?id=549169610 = public profile of person
How to get a graph api auth token (aka access_token) ... *horrifying*
Go to http://graph.facebook.com/ which resolves to http://developers.facebook.com/docs/api. Go to the bulleted list beneath All objects in Facebook can be accessed in the same way: By mousing over, or copying link location, you can grab the access_token they use in the examples ... which will work for you.
Trick 2. Turn a photo into a profile.
Take photo of person, upload it to an event, they'll tag themselves, or someone else will tag you. When someone gets tagged, the photographer gets told of the tag before the tagged person gets alerted.
Trick 3. Turn a first name and an event and turn that into a profile.
Get someone's first name. If the event is large, then what? Facebook Query Language (FQL).
select uid, name, profile_url from user where uid in (select uid from event_member where eid =? and rsvp_status = "attending' and name='rachel')
So now you have a new "friend". "stalk.pl" snoops on your friends. Provides event information even though you can't access the data via the website.
How do you defend against this? Privacy settings. Change so regularly in how they're laid out. New layout is pretty good, but there's a section "Info accessible through your friends" - turn everything off. Not "events" are not available here.
If you want to change your events or groups privacy, go to the applications page.
Remove yourself from events that you don't want to be associated with.
Use friends lists when publishing.
Ultimate defense: "turn off all platform applications". There's no way to have a white list... and you have to have this on if your account is a facebook application developer account.
Friends Lists article: