Intro to Facebook Stalking - Pictures- Gaurav RagtahWhen someone sends you a facebook image URL (ie. just the image opens ...
Upcoming SlideShare
Loading in …5
×

Facebook Geek Tricks - Pictures

31,760 views

Published on

How Facebook pictures are organized internally.

**EDIT: The image used for test deletion is finally off the actual image hosting servers. Apparently, it takes around 5 days for a picture deleted from Facebook to be deleted from the servers. Thanks, Brian Kinney, for the tip.

Published in: Technology, Art & Photos
  • Hello,
    I have a problem that weirdly conducted me to this page.
    Since yesterday, while I am normally using chrome some tabs open randomly out of no where.

    The tabs remain white but the curious thing is that the url is this : 'fbcdn-photos-a-a.akamaihd.net'.

    Now it is clear that my computer has some form of virus. I would like to know if there is any connection with you.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Facebook Geek Tricks - Pictures

  1. 1. Intro to Facebook Stalking - Pictures- Gaurav RagtahWhen someone sends you a facebook image URL (ie. just the image opens in the browser, and nothing else), it looks somethinglike this:https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc6/216083_10150177890751234_515006233_6971227_4935405_n.jpg(you can get an image URL by right clicking on an image in facebook and selecting copy image URL)Now, notice the part of the URL after the last / :216083_10150177890751234_515006233_6971227_4935405_n.jpgThere are five numbers here.The first, fourth and fifth are timestamp generated by facebook when one uploads an image.The second and third numbers, however, are the picture id and the user profile id (person who uploaded the image)respectively.So to see the actual image in the album context, plug in the 2nd number intohttps://www.facebook.com/photo.php?fbid=which in our case will behttps://www.facebook.com/photo.php?fbid=10150177890751234ANDto see the user profile of the person who uploaded the picture, plug in the 3rd number from the image URL intohttps://www.facebook.com/profile.php?id=which in our case will behttps://www.facebook.com/profile.php?id=515006233VOILA!! ;)Happy facebook-ing.Read on:Now, a bruteforce script can be easily written to generate timestamps to plug-in for the Image URLs so that you can possibly viewand download private images from someones profile that you cannot view directly through facebook. (There is literature on theweb about that, about how to do it and how its easier to bruteforce for timestamps than for truly randomly generated numberswhich facebook did not implement)Some facebook pictures that you upload and later delete/ set to private still exist on facebooks 3rd party servers and can still beviewed by the image URL links; further, they can be traced down to who uploaded them.As a test, I uploaded an image, took note of its image URL and then deleted it from facebook. The image is still outthere in the image hosting servers as you can see here:https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash4/321248_10150325810871234_515006233_8188580_1724070261_n.jpgSo, as a general rule, dont upload stuff you wouldnt be very uncomfortable with if made public.- GauravNote: This doesnt work for images uploaded prior to late 2009 or so, I think, since Facebook slightly changed the way the imageswere organized on their storage servers.

×