More Facebook Privacy Issues: Exposed IP Addresses

In Facebook when you write on someone’s wall, send someone a message, or comment on a post, that Facebook member can get your IP address. Some of you may be asking “What is an IP address?”

An IP address is a unique number that every computer connected to the Internet is assigned. It’s kind of like a phone number. Now some of you may be asking “How can someone get my IP address from Facebook, and what could they do with it?”

Here is how someone can obtain your IP address.

facebook

When you write on someone’s wall, send someone a message, or comment on a post, they get an email from Facebook notifying them that you have performed that action. In every email, there is hidden information you don’t see called the message header. Depending on what email client they are using, they can get the header information.

After obtaining the header information, all they need to do is copy all of it and go to this site:

http://www.myiptest.com/staticpages/index.php/trace-email-sender Then they can paste that header information into the box on the page. Once they do that, they will get your IP address. Also on this site it will tell them your location, even provide a map with longitude and latitude coordinates. It will also display the Internet service provider you were using when making the post to their page. Usually though the location is to the Internet service provider’s server that your Internet connection is coming from. This is usually within a few miles radius.

What else can someone do with your IP address? Well, if someone has your IP address, they could potentially slip some malicious programs onto your computer (if you are not behind a firewall and have open ports), giving you a worm or virus that could wipe out your computer completely. They could also put a Trojan horse on your computer that could turn your computer into a mass-mailer or a node for sending out more Trojan horses.

Some people are probably freaking out now….I do want to remind you though, when you email someone, they can obtain the same information. Facebook though, when sending messages notifying you that someone has written on your wall, commented on a post, or has sent you a personal message should be able to remove your IP address from the message header.

Facebook has been in the news lately with privacy issues. Just a few days ago, users live chats and pending friend requests were accessible by others on your friends list. Please read my article on that for more information. Facebook has also changed their privacy policies lately by allowing more profile data public by default, and by sharing more profile and user information with third-party partners.

I have included an image of what my IP address pulls up from using the message header of 1 of my emails from Facebook on the site in this story. Of course I blocked out my latitude and longitude as well as my IP address, but apparently it won’t be too hard to get if you really want it.

ip

How much more information will Facebook have to release about people before they start losing users? Just always remember: Nothing is private on the internet, nothing…

Facebook Responds

Here is a statement from Facebook on this:

We originally included IP address information in these email headers as part of industry best practices designed to improve spam filters.

This is similar to what many webmail providers do. However, we agree this practice no longer makes sense for Facebook and we’ve discontinued it.

Thank you for bringing this to our attention.

– Barry Schnitt

Director, Policy Communications Facebook