
Why you shouldn’t share private links on Facebook - spdionis
https://medium.com/@intideceukelaire/why-you-shouldnt-share-links-on-facebook-f317ba4aa58b#.9prlbyj7i
======
nirix
Previous discussions:
[https://news.ycombinator.com/item?id=11875419](https://news.ycombinator.com/item?id=11875419)
and
[https://news.ycombinator.com/item?id=11868077](https://news.ycombinator.com/item?id=11868077)

------
corobo
Minor correction if we go by my own anecdotal evidence:

> When is a link scraped and stored in Facebook’s database?

> From my testing I assume that a link is stored in Facebook’s database from
> the moment someone actually clicks it on Facebook. This does not apply to
> links shared through Facebook which no one clicks on.

Watching server logs at the time I paste the link, the link is scraped
immediately. Before you even hit send immediately. I imagine they do this so
that they can populate the little preview window if you've pasted something
that has an og:image or other rich media. If you paste it, it's instant,
otherwise if you're manually typing the link it seems to wait for you to type
a space character.

~~~
stygiansonic
Pure speculation, but it's possible you are both correct. They definitely
scrape the link for a preview when you paste (or if someone's already shared
it, maybe just re-use the info from a previous scrape) but probably it's not
stored in their database (and thus available through the Graph API) until
after it's been shared. (Or clicked on?)

------
Aardwolf
Better, don't put private information behind a publicly accessible link. E.g.
that google doc has its own access control, don't set it to "share with anyone
who has the link".

Links are leaky, think about Referer, JS to access history, DNS request, ...

~~~
mooreds
Right. Don't put anything on an email, or on Facebook, that you wouldn't want
the world to know. After all, it's all stored somewhere and is readable there
(except if it is end to end encrypted and encrypted while at rest).

------
codingdave
Just as a general rule, I tell my kids that anything posted anywhere on the
internet should be considered public. If you aren't comfortable with that,
don't post it.

~~~
ronnier
At some point, FaceBook, gmail, or some other instant messaging platform will
be hacked and its data leaked, probably ruining lives of thousands of people.

I like iMessage for that reason -- Apple doesn't see my messages. I don't know
what's happening with my email on Google's servers, or my instant messages
with friends on chat apps for example, but I assume the data is stored for a
long time, even if you delete it.

Just today there's news about a dating website being hacked and private
messages leaked -
[https://news.ycombinator.com/item?id=12008234](https://news.ycombinator.com/item?id=12008234)
That's with a smaller site, it's only time before one of the big boys are
leaked.

------
mooreds
More accurate title: why you shouldn't share any private links on Facebook.

~~~
ManlyBread
Even more accurate title: Facebook doesn't care about privacy

~~~
softawre
No, this is less helpful. Everybody knows this, yet still a lot of us use
facebook. It's nice to know what the specific problems are.

------
matt_morgan
Don't click on them either; they might be altered.

------
mxuribe
Very informative!

