Ron Bowes of Skull Security has created a crawler which has siphoned off all users found on Facebook’s open access directory, located at https://www.facebook.com/directory, which lists users who haven’t changed their privacy settings to make their profiles unavailable for search engines.
Bowes’ crawler creeped through the directory and created around 171 million entries, of which 100 million were unique names.
Bowes went on to create a torrent file with the full 171 million entries – after all, the information is public. The 2.8GB large torrent contains the URL of each searchable user profile, the unique and count user name, a processed list and the programs he scripted.
Any user profile and personal information can be accessed via the URL linking to his or her profile. At the least, you get a picture and the name, and in the worst case scenario, all sorts of personal information, which can include telephone numbers, address, date of birth, place of work, and so on.
What is not included in the torrent are the friends of the searchable, public users. Don’t fret though, all Ron Bowes needs is some bandwidth, “an ssh account and Nmap installed”.
Perhaps now even the most unsophisticated and technologically challenged user might feel inclined to use a tool such as the ReclaimPrivacy.org privacy scanner.
Not that it’d help too much – once a user is in a database, he or she can’t opt out by simply changing their Facebook settings. They can however appease their friends who actually use privacy settings, as their profiles can be accessed through those of searchable users by simply clicking and mining their friends.