Blog

Rahul Thadani
Facebook Graph Search: Useful search engine or phishers dream come true?
January 29, 2013

Introducing Graph Search

Facebook recently launched a notable new feature known as Graph Search. Mark Zuckerberg highlighted this feature as one of the 3 pillars of Facebook (after Newsfeed and Timeline) that make the social network relevant and personalized. But how safe is Graph Search? We feel that there are several security and privacy concerns that accompany this feature and it is essential for users to be aware of the related privacy settings.

What exactly is Facebook Graph Search?
Facebook Graph Search is a service that lets people use natural phrases as search queries when they are logged onto their Facebook profile. They then receive personalized results (related to themselves or their friends) for these queries. Such search results will make Facebook searches similar to Google web searches. However, the major difference is that the search results will be specifically based on a user’s friend network.

Facebook Graph Search

To illustrate, one can search for “Chinese restaurants my friends like” or something like “Pictures of my friends in Goa”. One can also post queries like “Photos I have liked” or “Friends of friends who work or study in ________”. Graph Search intrinsically allows a Facebook user to find things based on relationships and context. The feature utilizes the endless collection of Likes, tags and check-ins that have been posted by more than a billion Facebook users all around the world. This means that Graph Search also works as a recommendation engine for people to see what their friends like.

How is Facebook Graph Search a threat?
While it is easy to see the benefits of Graph Search, the reality is that scammers and phishers will also use this feature to carry out social engineering attacks more advanced than those we know of. Many Facebook users could also end up facing potentially embarrassing situations thanks to the accumulation of the data they have posted.

It is also plausible that some users will carry out unethical searches. Some groups of people may also look for something accusatory and then vilify Facebook members for what they find. Governments could also use Graph Search to find people who are affiliated to something that they feel is inappropriate. This will increase censorship and moral policing and will threaten the freedom of the Internet.

Graph Search example

On the upside, the information that can be seen through Graph Search is already present on Facebook and the feature simply collects and presents it (read about the 5 things you should never reveal on Facebook). But it is also safe to assume that Facebook will eventually use this information to better target advertising efforts and will thus end up invading user privacy as a result.

The major threat though, is that phishers can gain a lot of information about their potential victims. This information can be used to tailor phishing attacks to specifically target a victim. Corporate employees can also end up revealing too much information which can be easily viewed via Graph Search. So companies need to include Facebook or social media training as a part of their security awareness initiatives. The fact is that all micro-targeting tricks that have been used by online advertisers for so long will now be available to cyber criminals as well.

It seems that Facebook users cannot opt out of this feature anymore, which is a shame. But what users can do is adjust their privacy settings to prevent their Likes and other information from being visible to everyone. Graph Search does take into account the preferred security settings of users. However, many users do not actively adjust their privacy settings and many others are simply unaware of them. These people will be affected the most as their information will be visible to anyone. In addition to adjusting their privacy settings, Facebook users are also advised to install the latest version of system protection software like Quick Heal Total Security to stay protected from phishing attacks and other social engineering tricks.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

2 Comments

Your email address will not be published.

CAPTCHA Image

  1. Kanishk SinghJanuary 31, 2013 at 2:23 PM

    Your posts does make a point. But we all should also never forget that Facebook also allows users on the other hand side about what kind of information they would like to hide from search results carried out by other people.
    Also, Facebook users can also use a newly launched application Facewash (which is also in early beta testing)using which they can delete all the embarrassing and vulgar information which was uploaded in the past giving them a chance to delete all the information that might worry their future employers.

    Reply
  2. Vikke DubeyFebruary 7, 2013 at 2:08 PM

    Facebook is a bully. It is concerned about itself rather than users privacy. Besides there are so many options that one has to look after in facebook. its better to quit facebook actually. LinkedIn, twitter are safer. Its only a matter of time before users actually log off the facebook. only muppets will continue

    Reply