Facebook profile face dump
New to topics? Read the documentation here!
In 2016 Ciro made a script downloaded Facebook profile pictures.
This was possible at the time without any login by using a 2010 profile ID dump from originally announced at: blog.skullsecurity.org/2010/return-of-the-facebook-snatchers since profile picture access was not authenticated.
The profile ID dump was downloadable through a BitTorrent named on Ubuntu 20.04 gives:This dump widely reported e.g. on Hacker News at: news.ycombinator.com/item?id=1554558.
fbdata.torrent
of about 2.8GB, mostly compressed. Doing:find . -type f | xargs sha256sum | sha256sum
2c9a739c9c5495e38ebab81fc67411b7c6562f139dcb8619901a3f01230efdd5
At some point however, Facebook finally started to require tokens to view public profile pictures, thus making such further collection impossible, e.g. as of 2021: developers.facebook.com/docs/graph-api/reference/v9.0/user/picture mentions:This is also mentioned e.g. at: stackoverflow.com/questions/11442442/get-user-profile-picture-by-id. This major privacy flaw was therefore finally addressed at some point, making it impossible to reproduce this project.
Querying a User ID (UID) now requires an access token.
Ciro downloaded 10 thousand of those pictures, and did facial extraction with: stackoverflow.com/questions/13211745/detect-face-then-autocrop-pictures/37501314#37501314
He then created single a video by joining 10 thousand of those cropped faces which can be uploaded e.g. to YouTube. Ciro later decided it was better to make those videos private however, as sooner later he'd lose his account for it.
Companies like YouTube blocking this kind of content is the type of thing that makes companies take longer to fix such gaping privacy issues, and is a bit like security through obscurity. A video makes it clear to everyone that there is a privacy issue very effectively. But people prefer to hide and look away, and then 99% of people who know nothing about tech get their privacy busted by actual criminals/government spies and never learn about it.
But now that Facebook finally fixed it, it's fine, no need for the video anymore.