Privacy Settings Facebook VS OSINT

5 min

Already quite a few articles I have analyzed OSINT and search in social networks using Maltego. Today, let’s talk about the privacy settings in their accounts.

Once I have already shown my indignation about the situation with privacy settings in Odnoklassniki. By the way, since that time the situation has changed a little for the better, however, you are still required to pay money for full control over the privacy of your profile …

Well, it would be fine with Odnoklassniki. It is much more interesting to check how things are with the privacy settings in the largest social network in the world. On Facebook.

The following categories are available to us in the menu:

These categories contain basic privacy settings. Others are not so obvious and can be adjusted separately for each item: place of work, study, marital status …

For example, you have indicated several jobs and can set visibility for each of them for a separate category of social network users. However, if another user intervenes, then everything is not so simple.

Let’s say Oleg and Alena are married, but Oleg forbade Facebook to show this fact (such a bad Oleg). At the same time, Alena did not hide this item in the privacy settings, which means through her profile we can find out that Alena and Oleg are married.

We can upload all publicly available information from the user’s page to the Maltego graph using a transform from the package Social Links: [Facebook] Get User Details
For all photos, posts and videos in the publication timeline, you can set up separate visibility for all or only for a specific category of users.

You can also separately configure the visibility of the list of friends and subscriptions. And here we have some interesting options: Settings – Privacy. Let’s go through those that can significantly spoil our life when conducting OSINT.

Who will be able to see your future publications – determines what value will be set by default for each new post. Allows you to avoid accidentally publishing a post with incorrect privacy settings. By default it is set to “Available to all”.

Who can see your friends list – but this is already an important setting. As Cervantes wrote, and before him Euripides: “Tell me who your friend is – and I will tell who you are.” By default, this setting is set to “Available to all”.

However, even if a different value is set, we can still learn something. How? – you ask. Well, here, as usual, other people are involved, more precisely, people who are friends with you, but at the same time neglect this privacy setting.

Using Entitie: Facebook Mutual Friends, we can get a list of mutual friends between 2 accounts. To get a more complete list of friends, we repeat the procedure with the results obtained from the first request. This is certainly not as good as it would be with an open list, but better than nothing.

Another interesting section for us is the settings: Settings – Chronicle and tags.

Who can post to your Timeline? – here we have only 2 options “Friends” and “Only me”. It does not affect the visibility of posts, we go further.

Who can see what others are posting on your timeline – but this is a more interesting setting, since it directly affects the visibility of other people’s posts in your chronicle. The default is Friends. If you change it to “Everyone”, then the posts of your friends in your chronicle, for example, birthday greetings, will be visible to third parties, which at least compromises your friend list and gives us room to maneuver with the method described above.

Allow other people to share your posts in their stories – enables other people to repost your posts in their stories.

The option, by the way, is apparently broken tightly, because during the check by me, at the time of this writing, the ability to repost the record was still preserved even with the setting turned off. Perhaps, at the time of your reading this article, this option was finally fixed.

Hide comments with specific words from your timeline – Allows you to customize the built-in spam filter to your liking. You can even upload a CSV file with all the words you don’t understand. For the test, I took the word “coronavirus”, because he hesitated already!

We leave 2 comments under the post. One simple, the other with a “stop word”.

The page owner himself does not see the text of comment # 2, but he sees that there is a comment as a whole.

But if we look from a third third-party account, then we will not see comment # 2 with a “stop word” at all.

As a result, Maltego is unable to upload comments that fall under the spam filter.

Who can see the posts you are tagged in in your Timeline – if someone marks you in a photo, then a post with a photo automatically appears in your chronicle. This parameter allows you to control who will see these posts by default (these are Friends of Friends). To search for similar posts in the public domain, use Transform: [Facebook] Posts Tagged.

Who can see posts you are tagged in – the default value is “Friends”. Allows your friends to see posts on which you have been tagged, even if they are not initially included in the audience that can view this post. This setting does not affect the visibility of posts.

Check the tags people add to your posts before posting them to Facebook – an interesting setting for some reason is set by default as “Off”. This means that other users can tag other people in your photos without confirmation from you. However, this only applies to friends. Third-party accounts will still wait for your approval when they tag.


Despite the fact that Facebook has a lot of privacy settings, it turned out that information cannot always be 100% hidden. Most of the default settings are set to “Available to all”, which also does not increase your security.

Regardless of which social network you like to use, take the time to check out how its privacy settings work. In the modern world, unfortunately, it is better not to leave too much in the public domain.

Everyone has something to hide. And remember: there is information that you personally do not know how to use, but UNIMPORTANT information does not exist, especially when it comes to your personality.

By the way, on Tom Hunter’s Telegram channel We are just telling you how not even social networks, but quite this household items and technologies can collect information about you and use it without your knowledge.

Until next time!


Leave a Reply