Facebook is often at the heart of scandals because of personal data leaks. This is why Meta has replaced Facebook identifiers in URLs with pseudonyms in order to offer better protection to its users.
Facebook is a veritable gold mine for hackers and companies, the social network full of personal data and often very private information about its users. Telephone numbers, e-mail addresses, sometimes compromising images and comments, political tendencies… So much information that attracts covetousness. The problem is that the social network is regularly plagued by theft – whether through phishing or theft of access tokens – or sharing data with partners – who then take advantage of it to manipulate the user. . The Cambridge Analytica affair – a company that had siphoned off data from 87 million users to steer US citizens’ votes for the presidential elections in favor of Donald Trump – demonstrated the immense power that Facebook wields with its data bank. data. Similarly, in April 2021, the personal information of 533 million users was leaked. In short, the security and protection of this loot is a major issue.
To strengthen the protection of the privacy of its users, Meta – the company that owns Facebook, but also Instagram and WhatsApp – will replace Facebook identifiers in URLs with pseudonyms made up of the original identifier and a timestamp. A decision to limit scraping – grattage in French – a technique in which hackers use software tools to extract data from a website, and thus build a database – which can be resold and used for other types of piracy.
Facebook identifiers: a royal road for hacking
Facebook identifiers are unique for each user or page on the social network, and allow access to the accounts to which they are attached – accounts which therefore include valuable information. However, it is possible to guess them from the content of the URLs – the unique address of each Facebook page, whether it is a video, a post or a profile. By cross-referencing it with other information – such as phone numbers – hackers can build strong personal databases, which can be resold.
This is why Meta fight against scraping. The company announced in a ticket that it was going to replace the Facebook identifiers (FBID) present in the URLs with pseudonymous identifiers (PFBID). They will be generated from the original identifier and time data, which will therefore change regularly, as time passes. Meta explains that “as we remove the ability to access original credentials, it helps deter unauthorized data scraping by making it harder for attackers to guess, log in, and repeatedly access to data.” However, if this measure contributes to strengthening the protection of user privacy, it does not protect against advertising cookies – which serve to draw up a profile of the user in order to bombard him with advertising content likely to interest him.