How To View Private Facebook Profiles & Pictures
Facebook is one of the central social media hubs around which our online lives revolve. There are more than 2.38 billion active monthly users of the site (as of March 2019) and probably the majority of those accounts are real people. (There are also a lot of spam agents and information-collection bots.) Among those billions of users are a lot of profiles where we’d like to get a closer look at the person behind the profile – whether that means reading their posts, viewing their profile info, or checking out their pictures.
Because of the way Facebook sets up its privacy protection, there are limits on what you can see in someone’s profile if you aren’t a friend of theirs. Facebook has adapted an essentially four-tier system where users can set their profiles to be public or private. If you are friends with someone, you can generally see everything they have online other than things where they have specifically excluded you. If you aren’t friends with someone but their profile is public, you can see most of what they have online. If you aren’t friends with someone and their profile is private, you won’t be able to see anything other than their existence on Facebook and their main profile photo. Finally, if they have you blocked personally, you won’t be able to see anything at all (even that they exist) regardless of their other privacy settings.
There are a lot of reasons you might want to get access to a profile that you aren’t currently allowed to view. Maybe you want to see what became of your old crush from college, or you’re curious about whatever happened to the high school bully. Maybe you want to check out a coworker and see what kind of things they’re into in their free time. Your motives may be pure or you may be a stalker; either way, there are three basic possibilities. Either your person of interest has their profile locked down and set to a private status, in which case you won’t be able to see much, if anything, or they have a semi-open profile that anyone can look at. Or they have blocked you specifically and so regardless of their privacy settings, you don’t see them on Facebook at all.
So if the person you’re interested in does have a private profile, what can you do? Well, there used to be technological weaknesses in the Facebook site that would allow you to get at least some of the information you’re interested in despite the privacy settings. Previously, you could actually manipulate a Facebook profile URL with the person’s name to see some of their timeline and images, though this exploit has long been fixed. Other similar exploits and cracks in Facebook’s armor, like the ability to use a Facebook graph URL to access private Facebook images or the option to use third-party tools to circumvent Facebook’s own privacy locks, have all been patched and sealed.
Facebook has come under incredible amounts of fire in recent years for their privacy missteps. They let third parties gain access to content they weren’t supposed to view, among other egregious faults. With the company in full damage-control mode on issues of privacy, it’s unlikely that they’re going to let any new kinds of software glitches grant access to stuff that people don’t want others to see. This means that sites and tools claiming to get you secret access to Facebook profile information are likely to break, if they aren’t already broken.
So is it hopeless?
Actually, no. Where software engineering has succeeded in raising privacy walls, social engineering can succeed in getting past them. There are a few different approaches that you can take and in this article I will show you how to work each one of them.
The simplest and quickest way to gain access to someone’s profile information is probably to pay a data broker for it. This can be a private eye, an online investigative service, or an outright hacker utilizing data bought on the Dark Web. Not every single profile is available from this route, but many are. The downside? There are several. One is that you’re working with someone who may be breaking the law, and depending on where you’re located, you may be breaking the law as well. Another is that nobody does that kind of work for fun; you’re going to pay for the information you want, and you’re going to get a snapshot, not an ongoing access to the person’s feed. Finally, even if you pay, you aren’t guaranteed to get the kind of results you want – the subject of your interest may not have a profile that anyone has archived, or what’s there may be long out of date.
The Charm Offensive
If the person you are interested in doesn’t know you, or does know you but doesn’t dislike you, then the easiest way to get access to their profile information is the obvious way: become their friend. This can be as simple as sending a friend request and hoping for the best, but if you suspect that won’t work (either because they don’t know you or because they just don’t consider you a friend), what can you do?
Getting to know someone on Facebook can be very complex and difficult, or it can be very simple. However, there are some techniques you can use to slide into someone’s Facebook life subtly (or not so subtly).
The first step is to identify Facebook groups that the subject person is a member of, as well as people that are close friends with the subject person. By close friends, I don’t necessarily mean that the two people are super significant in one another’s lives, but rather, that they interact time on Facebook together frequently. For example, if your subject person “likes” every picture that another person posts to their feed, then that second person is a close friend for our purposes. Note that you really do need to know some things about the subject person for this to work; if they are just a random name to you, you have no insight into what groups and people to seek out.
You want to get involved with the subject person’s groups and close friends, because that way you can find yourself in interactions with the subject person. It is in those interactions that you can familiarize the subject person with your online persona, present yourself as an attractive Facebook friend, and eventually wind up on their Friends list. Here are some dos and don’ts.
- “Like”, “Ha-Ha” or “Love” their posts/pictures/comments, as appropriate.
- Make meaningful responses to their comments.
- Respond to other people in the group, or other comments and posts by the third party person, so as to present the image of someone who just happens to be there.
- Make friends with their friends.
- Post about your own issues and ideas regardless of the subject person’s interests.
- Start reacting to or commenting on everything they say or do. Let a good 2/3 or 3/4 of it go by without comment.
- Go back into the past and like old stuff – that makes you look like a deliberate stalker.
- Comment constantly so that they feel like you’re suddenly an interloper on their feed.
- Spam their friends list trying to friend everyone.
- Get into conflicts with the subject person.
With care and patience, you can turn yourself from a stranger into a new friend of the subject person – and they’ll be the one to send YOU the friend request.
The Long Game
If you can’t hire a broker and you’ve been blocked deliberately so that a charm offensive isn’t going to work, what’s left? Trickery and deception, of course.
Security experts are unanimous: the weakest link in any security system is the human element. It’s true with theft-prevention systems, it’s true with password cracking, and it’s true with Facebook profile security. The manipulation of this human element is the basis for the technique known as social engineering. A 2011 research paper by social scientists at the University of British Columbia reported on an experiment in sending friend requests to complete strangers. As one might expect, sending a friend request to someone with whom the sender had no mutual friends had only a 20% success rate. However, if the friend request came from someone with mutual friends to the recipient – even just one – the odds of a friend request jumped dramatically. Requests with one friend had an almost 50% success rate, and each additional friend increased the odds of success. At 11 mutual friends, the chance of success was about 80%. We have a tendency to assume that anyone with whom we have mutual friends must be in our social network somehow – we’re just misplacing them mentally. And so we hit “Accept”.
This research points the way to helping you get access to someone’s profile. We should note at this point that this is not an honest, forthright, or virtuous approach to connecting to someone on Facebook. If a person isn’t willing to accept your direct friend request, then it is probably unethical for you to use deceptive means to trick them into accepting a friend request from a “different” person. That said, in this article I will show you the basic method for using social engineering to get someone to accept your friend request.
The basic idea is simple: you want your fake or cover profile to have multiple mutual friends with your target person. Here’s how you do it.
Become a fake friend to view private Facebook profiles
For this to work, you have to have two things. One, you need at least some basic information about your target – their name, or where they went to school, or where they live, or where they work – something. Just “John Smith” isn’t going to cut it. Two, you need to know who at least some of their Facebook friends are. Ideally, if the target’s Facebook profile isn’t completely locked, their friends list is public. If it isn’t public, then you’ll have to back into the friends list through other means – finding out their relatives, coworkers, and real-life friends and looking for those Facebook profiles, and so forth.
You may need to utilize LinkedIn and Google to find additional information on the person. Privacy is tough to manage, and unless they are seriously paranoid about their online privacy, you should be able to find out who at least some of their friends are.
The next step is to create a fake profile for a person who actually does exist and who is, however tangentially, within your target’s social circle. Ideally, this person shouldn’t have a Facebook profile at all, but if they have one that isn’t frequently or heavily used, we might be able to get away with creating a parallel account. For example, let’s say that our target is named John Smith, and we know that John was a computer science major at Hypothetical University in 2016. Using John’s college roommate or ex-girlfriend would be a bad choice for this fake profile; John knows those people too well, and the odds are very high that he is already friends with that person (or hates them, in the case of the ex). However, visiting the Hypothetical University website, we find out that one of the adjunct professors in the computer science department, Melissa Jones, doesn’t have much of an online persona. It’s likely that John would recognize Melissa’s name in the context of Hypothetical University. So, we create a Facebook profile for Professor Jones, complete with her photo from the HU faculty website.
So now we send John a friend request? No. We could, and it MIGHT work, but right now Melissa’s fake profile is brand new and has no friends. If John is even a little bit suspicious, he’s going to shoot down the friend request automatically. So we build up that profile. We add some images of the school, the city it’s in, and some photos of old computer parts to complete the look of the profile. We make some posts about our current research, and so on.
Now, we start sending out friend requests to everyone from Hypothetical University we can find. We send out literally hundreds of requests. We’re not specifically after John’s friends at this point. although there will be some overlap probably. We send out requests to other IT specialists, industry leaders, and the kinds of people a computer science teacher would be friends with on Facebook.
There is a risk here. The person whose life you are essentially imitating could be in contact with people you friend online. We recommend protecting your own personal information as much as possible by using a VPN to mask your IP address.
Find the subject
A lot of our initial requests will be ignored or blocked, but a lot of people just semi-automatically approve any friend requests; who doesn’t want more friends? Once we have a few dozen friends in our orbit, we go through THEIR friends lists and send out requests to THOSE people. Remember, now we’re a friend-of-a-friend, so our odds of success should be about 50-50 for each request. Once more, we avoid sending a request to the actual target. Patience! At the same time, we continue to create more false posts and fill out the persona to make it a little more believable.
Now, if we have access to John’s friends list directly, we want to send friend requests to that whole list. We might want to avoid, at this point, other people from Hypothetical University, as they are the most likely to say “wait a minute, that’s not Melissa Jones!” and also the most likely to be in direct contact with John to tell him that someone is pretending to be Melissa online. Hopefully after this third round of friend requests, we should have at least several mutual friends with the target. It’s a good idea to make positive and appropriate small contributions on the posts of our mutual friends with John – that way he sees “Melissa” posting in his feed. He may even strike up a conversation.
Closing the trap
Finally, it is time to go for the actual goal of all this work. We have a good collection of friends, some of which are mutual connections on Facebook with the target. the target I had in mind. With a hundred or more friends on the account, enough timeline entries to satisfy a superficial look at our own fake profile, and some posts that are consistent with what our fake profile “should” be posting given her career and standing, we send a friend request to the target and cross our fingers. If we’ve done things right, the odds are very good that he or she will accept the request and just like that (after weeks of work) we’re in.
Now that we are friends, do we want to continue the deception and have permanent access to John’s profile, at least until someone finds out our chicanery and shuts down our account? Or do we record the information we wanted, delete the account, and head for the hills? That’s up to you. Be aware that the longer you keep the fake account going, the more likely it is that someone is going to become suspicious and alert the real Professor Jones that there are shenanigans afoot.
To be very clear: neither myself nor TechJunkie suggest using social engineering to manipulate and trick someone into adding you and approving your friend request on Facebook, Instagram, or any other social network online. This is not just dangerous and time-consuming, but also possibly illegal, depending on where you reside and what laws protect your internet and identity use in your area. Even so, using the guide above essentially counts as “catfishing,” which brings up its fair share of legal and ethical quandaries anytime it’s mentioned.
Pretending to be someone you’re not, even if you don’t break a law, can cause irreparable harm to the feelings, emotions, and mental health of your target, and you should keep the social risk in mind when participating in an act like this. Still, if you’re looking to find information on someone who won’t allow you to view their profile, social engineering is your one way in. I’d recommend getting in and out, deleting the account when finished finding the piece of information you need. The longer you keep up a false account, the more likely someone will realize you aren’t really who you say you are.
(Want to defend yourself against these techniques? Check out our articles on how to check if someone is using your Facebook account and how to tell if someone is stalking your Facebook page.)
We’ve got more tips and tricks for getting the most out of your Facebook experience.
Trying to get info about a picture? Here’s how to reverse-search an image on Facebook.
Want to be stealthy on Facebook? We’ve got a guide to logging onto Facebook without alerting your friends.
Need to put something on blast? Here’s how to send a message to all your Facebook friends.
Concerned about your privacy? Here’s how to remove location information from a Facebook post.
Want to make a chance? You can change your email account associated with your Facebook account.