
You can use Facebook to identify people by their email or phone number - slashdotaccount
https://www.facebook.com/recover/initiate
======
collingreene
I work at facebook on the security team.

This is an account recovery endpoint used if your account was hacked for
example.

Your name, profile picture and a few other things are considered public
information so there is no security issue displaying them. See:
[https://www.facebook.com/help/167709519956542](https://www.facebook.com/help/167709519956542)

~~~
supersystem
No, personally identifiable information isn't public information. What's
exposed here is still personal information that you decided to make public,
but presumably with the users consent.

~~~
mrverde
On Facebook, there are granular privacy settings to control who can search for
you by email/phone number if you choose to use them. They're accessed by going
to facebook.com/settings (dropdown arrow @ top right), then "Privacy", then
"Who can look me up?" ...the analogy would be opting to have an unlisted phone
number in the white pages back when they were printed on paper and arrived on
your front doorstep.

------
RKearney
It appears this only works if you're using an account that you've already
logged into from that IP address.

If you try someone else's phone number, it has a placeholder profile picture,
says "Facebook User", and has censored out email addresses to send a recovery
email too.

I'm guessing everyone here is using their own phone number to test with which
yields a lot more information than if you were to try it with a phone number
of a friend whose never logged into Facebook from your network.

~~~
talentless
This is not accurate. I was able to see the picture, name, and a partially
censored email address for several contacts. I have no facebook account and I
am certain none of those contacts have ever accessed the internet from this
IP.

------
mikeyouse
Pair this with the Snapchat leak, so you can go from:

Snapchat Username --> Snapchat Phone Number --> Facebook Account

I hope people are behaving.

~~~
cdcarter
I am intrigued about situations in which you would have someone's Snapchat
username, but so little of an idea of their name/network that you couldn't
find them on Facebook with graph search.

~~~
mikeyouse
A few months ago, I was trying to figure out what this Snapchat was all about,
so I signed up with a fairly common username.

Sure enough, in a few days, I received several topless pictures from a random
account. The girl typed in a name which she thought belonged to her friend,
but instead entered my new profile name.

I thought this was hilarious, my girlfriend however, didn't. Just one random
situation.

------
anmalhot
I had reported this to FB security last year when I found it was trivial to
find partially masked email ids & phone numbers of anyone behind my Uni's
gateway.

I was informed that this was a design decision since previously used IPs are
more trustworthy than any new IP. I considered this a design flaw and reported
since large institutions are typically behind a NAT and they become
susceptible to targeted attacks.

------
eridius
This URL now redirects to the root of facebook.com, so I guess they've already
disabled it.

~~~
welder
First logout from Facebook, then re-visit the url.

~~~
cheeseprocedure
Or use an Incognito window.

------
obblekk
Is this legal? Did I give consent to Facebook publicly associating this
information in ToS?

~~~
dreamdu5t
What part of the Facebook ToS do you think this violates?

What law do you think this violates?

~~~
gtufano
EU privacy laws explicitly forbids exposing photos (linked to personally
identifiable information) without explicit consent, especially for people of
minor age (the specific country laws may change a little, but the general
sense is clear).

~~~
corobo
Surely agreeing to their ToS and proceeding past the point of agreeing to it
explicit consents to anything that they put in there?

------
jamdavswim
It definitely gives you much more information than you had when you started...
It really shouldn't display name/photo.

An example of a poor trade for experience vs security.

~~~
dubfan
It depends on the privacy settings of the user. I just tried this on myself
and it did not show my name or photo. The most conspicuous thing it showed was
a starred-out version of my old university email address, but that's my own
fault for leaving it there.

~~~
gergles
I have my settings as restrictively-set as possible, and it showed my name,
photo, and 'primary network'.

------
pyvpx
privacy is dead.

if you're going to do something that might raise the ire of someone
sophisticated, don't do it online with your true and/or trusted persona.

now if you're complaining the waterline for "sophisticated" is getting
lower...well...welcome to technology :)

------
Lobita
This discussion overlooks proxies, macchangers, firewalls, browsers, and
pseudo identity...

------
amaks
I'll probably end up deleting my facebook account. Wait, is it even possible
to do?

~~~
vidyesh
Somewhat. Disable it for really long time and then delete I guess.

[https://www.facebook.com/help/delete_account](https://www.facebook.com/help/delete_account)

