How To View Private Facebook Profiles & Pictures
Lots of people would like to look at certain Facebook profiles and pictures even if they aren’t friends with that person. Maybe you want to see what became of your old crush from college, or you’re curious about whatever happened to the high school bully. Maybe you want to check out a coworker and see what kind of things they’re into in their free time. Your motives may be pure or you may be a stalker; either way, there are two basic possibilities. Either your person of interest has their profile locked down and set to a private status, in which case you won’t be able to see much, if anything, or they have a semi-open profile that anyone can look at. (Or possibly, they have blocked you specifically and so regardless of their privacy settings, you don’t see them on Facebook at all.)
So if the person you’re interested in does have a private profile, what can you do? Well, there used to be technological weaknesses in the Facebook site that would allow you to get at least some of the information you’re interested in despite the privacy settings. Previously, you could actually manipulate a Facebook profile URL with the person’s name to see some of their timeline and images, though this exploit has long been fixed. Other similar exploits and cracks in Facebook’s armor, like the ability to use a Facebook graph URL to access private Facebook images or the option to use third-party tools to circumvent Facebook’s own privacy locks, have all been patched and sealed.
Facebook has come under incredible amounts of fire in recent years for their privacy missteps. They let third parties gain access to content they weren’t supposed to view, among other egregious faults. With the company in full damage-control mode on issues of privacy, it’s unlikely that they’re going to let any new kinds of software glitches grant access to stuff that people don’t want others to see. This means that sites and tools claiming to get you secret access to Facebook profile information are likely to break, if they aren’t already broken.
So is it hopeless?
Actually, no. Where software engineering has succeeded in raising privacy walls, social engineering can succeed in getting past them.
The Long Game
Security experts are unanimous: the weakest link in any security system is the human element. It’s true with theft-prevention systems, it’s true with password cracking, and it’s true with Facebook profile security. The manipulation of this human element is the basis for the technique known as social engineering. A 2011 research paper by social scientists at the University of British Columbia reported on an experiment in sending friend requests to complete strangers. As one might expect, sending a friend request to someone with whom the sender had no mutual friends had only a 20% success rate. However, if the friend request came from someone with mutual friends to the recipient – even just one – the odds of a friend request jumped dramatically. Requests with one friend had an almost 50% success rate, and each additional friend increased the odds of success. At 11 mutual friends, the chance of success was about 80%.
This research points the way to helping you get access to someone’s profile. We should note at this point that this is not an honest, forthright, or virtuous approach to connecting to someone on Facebook. If a person isn’t willing to accept your direct friend request, then it is probably unethical for you to use deceptive means to trick them into accepting a friend request from a “different” person. That said, in this article I will show you the basic method for using social engineering to get someone to accept your friend request.
The basic idea is simple: you want your fake or cover profile to have multiple mutual friends with your target person. Here’s how you do it.
Become a fake friend to view private Facebook profiles
For this to work, you have to have two things. One, you need at least some basic information about your target – their name, or where they went to school, or where they live, or where they work – something. Just “John Smith” isn’t going to cut it. Two, you need to know who at least some of their Facebook friends are. Ideally, if the target’s Facebook profile isn’t completely locked, their friends list is public. If it isn’t public, then you’ll have to back into the friends list through other means – finding out their relatives, coworkers, and real-life friends and looking for those Facebook profiles, and so forth.
You may need to utilize LinkedIn and Google to find additional information on the person. Privacy is tough to manage, and unless they are seriously paranoid about their online privacy, you should be able to find out who at least some of their friends are.
The next step is to create a fake profile for a person who actually does exist and who is, however tangentially, within your target’s social circle. Ideally, this person shouldn’t have a Facebook profile at all, but if they have one that isn’t frequently or heavily used, we might be able to get away with creating a parallel account. For example, let’s say that our target is named John Smith, and we know that John was a computer science major at Hypothetical University in 2016. Using John’s college roommate or ex-girlfriend would be a bad choice for this fake profile; John knows those people too well, and the odds are very high that he is already friends with that person (or hates them, in the case of the ex). However, visiting the Hypothetical University website, we find out that one of the adjunct professors in the computer science department, Melissa Jones, doesn’t have much of an online persona. It’s likely that John would recognize Melissa’s name in the context of Hypothetical University. So, we create a Facebook profile for Professor Jones, complete with her photo from the HU faculty website.
So now we send John a friend request? No. We could, and it MIGHT work, but right now Melissa’s fake profile is brand new and has no friends. If John is even a little bit suspicious, he’s going to shoot down the friend request automatically. So we build up that profile. We add some images of the school, the city it’s in, and some photos of old computer parts to complete the look of the profile. We make some posts about our current research, and so on.
Now, we start sending out friend requests to everyone from Hypothetical University we can find. We send out literally hundreds of requests. We’re not specifically after John’s friends at this point. although there will be some overlap probably. We send out requests to other IT specialists, industry leaders, and the kinds of people a computer science teacher would be friends with on Facebook.
There is a risk here. The person whose life you are essentially imitating could be in contact with people you friend online. We recommend protecting your own personal information as much as possible by using a VPN to mask your IP address.
Find the subject
A lot of our initial requests will be ignored or blocked, but a lot of people just semi-automatically approve any friend requests; who doesn’t want more friends? Once we have a few dozen friends in our orbit, we go through THEIR friends lists and send out requests to THOSE people. Remember, now we’re a friend-of-a-friend, so our odds of success should be about 50-50 for each request. Once more, we avoid sending a request to the actual target. Patience! At the same time, we continue to create more false posts and fill out the persona to make it a little more believable.
Now, if we have access to John’s friends list directly, we want to send friend requests to that whole list. We might want to avoid, at this point, other people from Hypothetical University, as they are the most likely to say “wait a minute, that’s not Melissa Jones!” and also the most likely to be in direct contact with John to tell him that someone is pretending to be Melissa online. Hopefully after this third round of friend requests, we should have at least several mutual friends with the target. It’s a good idea to make positive and appropriate small contributions on the posts of our mutual friends with John – that way he sees “Melissa” posting in his feed. He may even strike up a conversation.
Closing the trap
Finally, it is time to go for the actual goal of all this work. We have a good collection of friends, some of which are mutual connections on Facebook with the target. the target I had in mind. With a hundred or more friends on the account, enough timeline entries to satisfy a superficial look at our own fake profile, and some posts that are consistent with what our fake profile “should” be posting given her career and standing, we send a friend request to the target and cross our fingers. If we’ve done things right, the odds are very good that he or she will accept the request and just like that (after weeks of work) we’re in.
Now that we are friends, do we want to continue the deception and have permanent access to John’s profile, at least until someone finds out our chicanery and shuts down our account? Or do we record the information we wanted, delete the account, and head for the hills? That’s up to you. Be aware that the longer you keep the fake account going, the more likely it is that someone is going to become suspicious and alert the real Professor Jones that there are shenanigans afoot.
To be very clear: neither myself nor TechJunkie as a whole suggest using social engineering to manipulate and trick someone into adding you and approving your friend request on Facebook, Instagram, or any other social network online. This is not just dangerous and time-consuming, but also possibly illegal, depending on where you reside and what laws protect your internet and identity use in your area. Even so, using the guide above essentially counts as “catfishing,” which brings up its fair share of legal and ethical quandaries anytime it’s mentioned.
Pretending to be someone you’re not, even if you don’t break a law, can cause irreparable harm to the feelings, emotions, and mental health of your target, and you should keep the social risk in mind when participating in an act like this. Still, if you’re looking to find information on someone who won’t allow you to view their profile, social engineering is your one way in. I’d recommend getting in and out, deleting the account when finished finding the piece of information you need. The longer you keep up a false account, the more likely someone will realize you aren’t really who you say you are.
(Want to defend yourself against these techniques? Check out our articles on how to check if someone is using your Facebook account and how to tell if someone is stalking your Facebook page.)