To protect the privacy of its users, Meta will replace Facebook identifiers in URLs with pseudonyms made up of the original identifier and a timestamp.
Facebook has been repeatedly victimized by data theftamong other things because of a technique called scraping. This unauthorized extraction of content is possible thanks to many software tools that people can use to collect data from a website and then build a database. To do this, hackers hunt for Facebook identifiers (FBIDs), which uniquely reference people or content such as posts, images and videos. They attempt to guess FBIDs from URLs, or simply buy lists of IDs from other hackers. By making cross-references between the contents of URLs and other entry points, for example telephone numbers, it is possible to build profiles that can be resold.
To combat this practice, Meta will replace Facebook identifiers (FBID) with pseudonymous identifiers (PFBID). These will be generated from the original ID and hourly data, which will change regularly through time rotation. As Meta states:
“As we remove the ability to access original credentials, it helps deter unauthorized data scraping by making it harder for attackers to guess, log in and repeatedly access to data. »
Meta clarifies, however, that this change is designed to protect the privacy of Facebook users, but does not serve to prevent browsers from eliminating ad cookies.
“These identifiers are not designed to prevent browser tools from removing tracking components from the URL. We use this process to better protect people’s privacy against certain types of enumeration and delayed attacks while preserving the ability to have long-lived links. »
With the data leak from 533 million users last year, we can understand that Meta makes every effort to fight effectively against scraping. However, we will have to wait for any results figures to know if this initiative will bear fruit.