Your Facebook Friends List: Not As Private As You Think

Facebook appeals to so many of us, especially those who like to keep some info private. The social platform provides a way for us to participate on social media while choosing the degree of disclosure with which we feel comfortable. Customizable privacy settings allow users to feel in control of what they share and with whom. But this sense of security may be a false one—some of the information we think is hidden actually isn’t.

0530 stl facebook.jpg

Irene Abezgauz, a vice president of product management at the security software company Quotium, has discovered a way to see users’ private friends lists. That includes any of a user’s friends who’ve also set their lists to be private.

To check out a person’s friends list, all you have to do is to create a Facebook account and send a friend request to the user of your choice. And thanks to Facebook’s “People You May Know” feature, even if he or she doesn’t respond to the friend request, you’ll still have access to the list of their friends.


You’re also able to see a sampling of that user’s connections even if they’ve changed the privacy setting to “Only Me.” If you have mutual friends with another user—even if that user’s friends list is set to private—you can still view some of their friends list.

Facebook warns users of this loophole on the friends list privacy settings, but you may not have seen it unless you’re paying close attention. The notification reads:

“Remember: Your friends control who can see their friendships on their own timelines. If people can see your friendship on another timeline, they’ll be able to see it in news feed, search and other places on Facebook. They’ll also be able to see mutual friends on your timeline.”

Abezgauz explains that an attacker exploiting this vulnerability has access to most of the friends list—which often includes hundreds of friends, according to recent research. “Even a partial friends list is a violation of user-chosen privacy controls,” the researcher says.

So the question remains: does Facebook plan to take action?

“Our policies explain that changing the visibility of people on your friend list controls how they appear on your Timeline, and that your friends may be visible on other parts of the site, such as in News Feed, Search and on other people’s Timelines. This behavior is something we’ll continue to evaluate to make sure we’re providing clarity,” says a Facebook spokesperson.

Essentially, your friends list is only as private as the privacy settings used by your friends—so keep this in mind the next time you’re controlling your profile visibility.