Facebook Source Code Friends



Facebook source code meaning

Facebook gives its users the possibility to restrict the visibility of their friend list. It is known that by exploiting the “mutual friends” function, is possible to bypass the visibility restrictions under certain conditions. We will present a way and a tool to automate the procedure in order to maximize the number of hidden friends that can be found.

Flickr/Nat Welch A bunch of tech commentators on Hacker News are talking about how easy it is to read Facebook source code and some say it could pose a risk to the social media site. Dec 04, 2020 However, if the friend request came from someone with mutual friends to the recipient – even just one – the odds of a friend request jumped dramatically. Requests with one friend had an almost 50% success rate, and each additional friend increased the odds of success. At 11 mutual friends, the chance of success was about 80%. Anytime you see something that says viewing your own source code and looking for some numbers is a way to see who views your profile, you can be sure that it's just another hoax. December 1, 2012: The previous hoax for this is where people tell you to 'view source' of your timeline and then search for 'orderedfriends' - this is not a list of.

Furthermore, using the same tool we will see how to build a network graph of the relationships among the friends found, in order to represent the friendships between them.

We will also see how it is possible to plot the graph using the tool Gephi and propose a way to identify sub-communities within the graph.

Finally, we will apply the procedure to a practical example scenario: we’ll retrieve some of Mark Zuckerberg’s hidden friends, plot them on a graph, identify sub-communities and export the final graph in a format that can be explored with a browser: here is the final result.

Disclaimer

Please beware that Facebook Terms of Services prohibit scraping without permission: therefore you should not use any scraping tool without proper written authorization. All the information provided in this and related articles are for educational purposes only. The authors or @Mediaservice.net are in no way responsible for any misuse of the information or the code provided.

Reconstructing a hidden friend list

Facebook lets its users decide whether to display their own friends on their profile page, as well as to whom. In the settings page it also displays the following warning:

Remember, your friends control who can see their friendships on their own Timelines. If people can see your friendship on another timeline, they’ll be able to see it in News Feed, search and other places on Facebook. If you set this to Only me, only you will be able to see your full friends list on your timeline. Other people will see only mutual friends.

This is because Facebook also offers the “Mutual Friends” function, which shows friends that two accounts have in common, provided that at least one of them has their friend list visible to the current user.

This issue has been known for years and, despite the recently increased attention on users’ privacy declared by Facebook, it is not considered a concern by the company.

The functionality is available at the URL https://www.facebook.com/browse/mutual_friends/?uid=ID1&node=ID2, where ID1and ID2are the numerical ids of the two Facebook accounts. Later we will learn how to find any user’s Facebook ID.

Please beware that results returned by Facebook are neither complete nor consistent. Calling the same function from different locations or accounts might yield different results.

Thanks to the mutual friends functionality it is possible to reconstruct a good portion of a target user’s friend list: given an account that is known to have their friend list visible to the current user and at least one mutual friend with the target user (called pivot), starting from their common friends, it is possible to iteratively apply the mutual friends functionality, using all new friends found at each step as an input to another iteration, until the function’s fixed point is reached (i.e.: all friends have been pivoted on and no new friends are found).

In order to show the potential of this method, I have written a simple Python tool that executes the above described procedure automatically. Please beware that Facebook Terms of Services prohibit scraping without permission: therefore you should not use the tool without proper authorization.

The tool is called ffff and can be downloaded from Github. It is written in Python 3 and uses the selenium library and Mozilla geckodriver in order to open up a browser and recursively visit the mutual friends pages. While it does so, it keeps track of the relationships found in order to build a network graph (more on this later). In order to not be detected as scraping by Facebook, it pauses for a random number of seconds between each request; this interval can be reduced, at the risk of being blocked by the platform. At the end of the procedure, it yields a csv file with the list of friends found and a gexf file with the related graph.

Build a network graph of friends

While iteratively applying the mutual friends functions to all target’s friends, we can also keep track of the relationships existing among the target friends themselves: if we find that target user T and pivot user P have a common friend C, we know not only that C is friends with our target, but also that P and C are friends.

Iterating this procedure, we are able to build a network graph of the Facebook friendships found along the way, where nodes are users and edges are existing friendship relationships.

One could think of assigning a weight to an edge proportionally to how many times the relationship has been observed. The tool ffff allows you to do so (option -w), but in our scenario it is not meaningful information, also considering that it is strongly influenced by the privacy settings of each user (the more users in a community have a public friend list, the more often relationships in that community will be observed).

Once we have a graph, we can run different algorithms on it in order to try to identify existing communities within the network. In a practical scenario, for example, this might help to identify the community of work colleagues, family, closest friends, etc.

Pratical Example: Zuck’s friends communities

As an example, we will try to fetch some of Mark Zuckerberg’s Facebook friends, who is certainly aware of this possibility.

Please note that you can obviously build a relationship graph of a user with a public friend list: in that case, you wouldn’t need a pivot user; just use his/her Facebook ID both as the target and the pivot.

Find the target’s Facebook ID

We need to know Mark Zuckerberg’s Facebook ID. In order to find the numerical ID of a Facebook account there are several ways: a simple Google search returns many online services that offer to do it for you. Our favorite way, though, is to do it autonomously: open the target’s Facebook profile page (in our example, Mark Zuckerberg’s) in a browser and inspect the HTML source code (Ctrl+U). In the code, search (Ctrl+F) for the pattern fb://profile/; there should be two matches, both followed by the same integer value: this number is the Facebook account id. In our example, since Mark Zuckerberg is one of the first users of the platform, the number is very small (4); expect to have much bigger numbers for regular users.

A quicker alternative to the above method is shown in the next paragraph.

Finding pivot users

We also need to find at least one account that has a public friend list (or a friend list visible to our account) and at least one mutual friend with our target.

Generally, a good way to do this would be to look at users who have interacted with the target, for example by commenting or reacting to his content. Also notice that in order to maximize the number of friends found, it is better to have many pivot users belonging to different communities (e.g.: work colleagues, family members, sport friends, etc.). The more, the better.

I have written an auxiliary script that automatically finds users who have interacted with a given target profile; it’s called fint.py and is included in the ffff’s project’s repository. It works in the same way ffff does, therefore I will just give a quick example usage (use the switch -h to show all available options). Refer to the section “Find hidden friends with ffff.py” or the project’s page on Github for more general information.

python ffff.py-fu fbuser@mediaservice.net-fp fbpassword-dgeckodriver.exe-t4-p558259929-q

To see all availableoptions please run python ffff.py -h

It is quite possible that the program will encounter problems after some time, such as reaching timeouts. You can interrupt the program with Ctrl+C. All results will be saved, together with a session file that can be resumed: