This year’s Facebook F8 was all about Mark Zuckerberg talking about integrating better privacy measures in Facebook’s every single social-media component including Instagram. But probably people at Facebook are not working that well to achieve that vision. A newfound hack shows that Instagram privacy can be jeopardized by sneaking into private accounts and profiles. It has been found that the Instagram web can be used to publicly share and view profiles and stories of private Instagram account holders by tweaking into the inspect elements tool. This hack, as reported by Buzzfeed questions the reliability of Instagram web and the content delivery network used by Facebook.
Privacy On Instagram Jeopardized
Firstly, for anyone to publicly share posts and stories of a private account holder, he/she must be a follower/friend of that particular person. Only then you’d be able to view the highlights, stories, and the posts of a private Instagram account. This way one can see all the stories and posts from a private account. But they aren’t shareable across Instagram. Posts and stories from private Instagram accounts can only be shared among the account holder’s followers/friends. However, the new hack has breached Instagram privacy settings and is allowing followers to share feeds and stories from private Insta accounts to non-followers or non-users of the platform.
How? Well, the process is a bit techie, it’s not that you can’t get in just one simple demonstration.
When you open your friend’s profile (who operates a private account) on Instagram web, the browser forms public URLs of all the content available on that particular webpage. This includes the photos one can view on the feed and the stories/highlights your friend might have saved. To retrieve these public URLs, just right-click anywhere on your browser screen, and click on the option Inspect Elements/Inspect. It would open a dock with elements of that particular webpage. Just like this one:
Here goes the column called Network (fourth from the left). Here you’d be able to see the public URLs to all the images (even the icons, emojis, and thumbnails) that can be viewed on that page. In the case of the Instagram web, these links would include the images on the feed, stories, and the profile picture. All you have to do is find the relevant link, and then copy it to a new tab. You’d be able to see that picture regardless you follow that person or not. That link can then be shared further, and it has been confirmed that this hack does work.
Here’s a GIF file published by Buzzfeed showing how one can copy that link from Inspect Element Tools.
These Inspect Element Tools can be accessed in just a few clicks on any browser out there. These public URLs can violate your privacy on Instagram and can put your personal moments you post on the platform under threat of misuse.
However, Facebook has quite a valid statement in response.
Facebook’s Response to Hack’s Discovery
A Facebook spokesperson has said that this activity is not at all a threat to privacy on Instagram. This is similar to the activity where a follower/friend of yours can take a screenshot of your post/story on Instagram and can share further by any means. Since this hack can only be used by someone who is already a friend of the concerned account holder, this does not seem like an intervention to user’s privacy. The spokesperson has stated that since this hack isn’t allowing unauthorized access to the user account, it’s not a concern of immediate threat.
In some ways, this is true. You’ve already given access to your pictures to your friends by accepting their follow requests, right? Why bother someone sharing that picture using that hack when he/she can already screenshot it anytime?
The situation is a bit more extended.
Why This Hack is Not Same as Screenshotting an Image?
There are slight differences between screenshotting an image on Instagram and sharing it via public URLs. Firstly, Facebook tracks all user activities on Instagram like screenshotting and image-sharing, when they are carried out on Instagram app or Instagram web. But, when you share a feed/story using the public URL, it cannot be traced back to Facebook content delivery network. Moreover, the public URLs of the expired stories (which are only active for 24 hrs) and deleted posts still remain there on Inspect for some time, thus, creating a breach of your Instagram privacy.
Besides, when you screenshot an image, there are no associated details shared with it. But when you access it using a URL, the photo may include details such as picture dimensions, date of upload, and the source of upload. These details alone can lead to potential EXIF dangers.
There are reports that this hack may be applicable on Facebook accounts as well; however, there have been uncommon reports regarding the credibility of this claim. But when we checked it on Facebook (on my own profile), the hack worked (see screenshot above). The images on the timeline and the profile pictures of Friends visible on the timeline page were accessible and easily shareable. The reason can be the fact that Facebook uses the same content delivery network for all its platforms including Instagram, which is linking this hack to Facebook.
There is no severe concern that has been reported yet caused by any malicious activity associated with this hack. But this has brought Mark Zuckerberg’s privacy-focused future into questioning. Given the tough year of 2018 Facebook had and the constant missteps associated with privacy, this hack can be a huge blow to whatever Facebook has been saying in the last few months. I mean, Mr. Zuckerberg himself has said that if he can’t guarantee our safety over his platforms, then he and his global enterprise do not deserve the tremendous public response it has received since Facebook’s inception. This is like the hundredth privacy concern associated with a Facebook platform that has emerged in the past few months.
Yet, it is ironic that Facebook is not losing users and Instagram is becoming popular day-by-day. These platforms have been so deeply integrated into this millennial lifestyle that these concerns have almost zero effect on the public.
Given the expanded use of social media platforms for personal and professional use, it is almost impossible to completely keep off them. But we can at least limit our presence over them and reduce our time spent scrolling down the feed. By downloading Social Fever you can not only easily warn yourself of extended time limits on Instagram and prevent wasting your crucial time.
Social Fever is an Android-based app that lets you add timers to your usage on different applications. Once your set time limit is over, the app barges your news feed with a notification for the same. This allows users to monitor the time they spend on the phone and encourage them to go for something more productive in the meanwhile. The best part about using Social Fever is that the trackers set in the app isn’t limited to Instagram or Facebook but can be set on shopping and video streaming apps as well.
Earlier this year Dustin Moskovitz said that splitting up Facebook may bring that change in its monopolistic business tactics. But until then, is it right to give in to our social media urges? Or there is another way out of this trouble?
Let us know in the comments what your views are on this latest hack. Does this jeopardize user privacy on Instagram while making Instagram web vulnerable to breaches?