Changing your email address on Facebook isn’t going to help: why you’re screwed anyway

As you have no doubt heard, Facebook abruptly reset every user’s displayed email address to [something]@facebook.com. In theory, every user’s address was reset to a unique Facebook ID # or, according to the Washington Post:

For those who have established a vanity URL for their Facebook pages, that means the e-mail address mirrors their Web domain name. (For example, someone whose Facebook page had the address facebook.com/jane.doe would be assigned the e-mail address jane.doe@facebook.com).

Some people are understandably concerned about the ease with which Facebook users can now be spammed:

You know that, oh, about 900 million people use Facebook — and almost all use their real names. So, you know that if you put a real name (minus the space) in front of @facebook.com, most likely those users will get that email.

Now, do those users have email rules? No. Do those users have junk filters? No. Do those users have any defense at all, even the ability to turn off getting email. No. No. No. No.

Thanks, Facebook. You just [expletive deleted] us up the [expletive deleted]. [Expletive deleted] you!

Now let’s see just how deep the rabbit-hole goes.

My curiosity was piqued when Facebook botched the assignment of my email address. I have a ‘vanity’ URL, but I was nevertheless assigned an email address incorporating my Facebook ID #. Two grabs from the same screenshot:

So I began to investigate: what would happen if I messaged mordechai.treiger@facebook.com, even though it didn’t show up as my assigned email address? So I tried it. And it worked – a message showed up in my inbox. Then I tried 623907 – my ID # – @facebook.com, the address that showed up on my info page. That worked, too.

Now, I was really curious. Time to try the reverse. I went to a friend’s Facebook page that showed her vanity URL had successfully been converted into a vanity email address. Next, I figured out her Facebook ID (in the URL, I replaced ‘www’ with ‘graph’ – you can do it for anyone), and sent an email to [her ID number]@facebook.com from my gmail account.

Here’s what happened:

Hardly earth-shattering messages, but you can see – I left a number visible on top and a letter visible on the bottom – she responded to an email sent to her ID number with an email sent from her vanity email address.

In other words, a potential spammer doesn’t have to make up names and stick them in front of ‘@facebook.com’ to send mass emails; all he needs to know is your unique ID#.

And if he is a typical spammer, meaning he doesn’t really care who you are – which he is – he doesn’t even need a unique ID number: he can just send messages to any number, followed by @facebook.com. My ID # is just 6 digits long. That’s shorter than a phone number. This could be hell.

I came online to write about the pending Supreme Court decision on Health Care and I wrote about Facebook… again. Look what you’ve turned me into, Mark Zuckerberg.

Advertisements

2 thoughts on “Changing your email address on Facebook isn’t going to help: why you’re screwed anyway”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s