Deactivated Facebook Accounts Can Be Used to Spy From The Shadows
Facebook is notorious for wanting to keep its hooks in you. You’d be hard pressed to get Facebook to delete the media and information it already has about you, and likewise, while you can “deactivate” your account, you can’t “delete” it. In fact, you can deactivate and reactivate you account on a whim as many times and as often as you please. That may sound useful, or even convenient, to those of you out there who are both impulsive and indecisive. This ability can be dangerous however; account deactivation can be used to spy on other Facebook accounts from the shadows by using accounts that don’t appear to actually exist.
The method was discovered by Shah Mahmood and Yvo Desmedt at University College London who have shown that this special kind of deactivated-account stalking is near impossible to detect and near impossible to stop due to loopholes in Facebook’s privacy settings. If Facebook knows what’s good for itself, it’ll patch these up right away. The process goes a little bit like this.
First you make a new account. You can do this with your own account if you really, really need to spy on someone you’re already friends with and can part with your account to do so. Generally a new account is the way to go. Next, you friend your mark. There are a variety of ways to go about this, but when it comes to people who play fast and loose with friending, it’s pretty easy. Lastly you deactivate your account. After that, you’re all set up for stealth creepin’.
But you deactivated your account; how does this work? Simple, you just reactivate your account every time you want to peek at the people you’re spying on and then re-deactivate it as soon as you’re done. When you deactivate your account, you’ll no longer show up on your friends’ friends lists, making it impossible for them to adjust your privacy settings or unfriend. When you reactivate, you’ll be back on the lists briefly, but your targets will get no notification that you “exist” again. The only way they could notice is dumb luck or staring slack-jawed at their friends list all day and if you only activate for a few minutes to spy, you’re barely a blip on the radar. Deactivating your account is essentially entering stealth mode.
Fortunately, Facebook could issue any number of fixes for this pretty easily, either by alerting people when their friends leave or rejoin Facebook (possible), putting some kind of limitation on newly reactivated accounts (yeah, right), or including deactivated accounts that still have “friends” status on the friends list where they can be unfriended or have their privacy settings changed (most likely). For the moment however, any stalkers using this method — which may well have been none before the news came out — are practically impossible to spot or deal with. That is, of course, unless you closely watch who you friend in the first place, which is the best way to deal with Facebook stalking of all varieties, present and future.