Navigation

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Facebook Messenger sidebar: opening a picture in a new tab publishes the picture to Internet, doesn't it?

    Lounge
    3
    9
    464
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ouser91
      ouser91 last edited by

      Hello, Opera users and developers!

      Please explain me where I am wrong: start with Facebook Messenger in Opera sidebar and try this: pick any picture from any chat and choose "open picture in a new tab" via right mouse click. The picture will open in a new tab with a long address of the form https://scontent-arn2-1.xx.fbcdn.net/v/t1.15752-0/p480x480/86935027_ ... 657347d84&oe=5EB56DEF .

      This address is public one (accessible by anyone with Internet access)! I've checked it by various means, e.g. by sending the link to my other PC, where I was not logged on to Facebook, it successfully opened that very picture. So the picture did not come from any local cash on that other PC, Also it worked with other browsers, where I was not logged on to Facebook.

      1. Does it mean anytime I choose "open image in new tab" Opera sends a the raw unprotected image from the chat to a public host?

      2. Does it mean the chat data in the messenger sidebar are unprotected even before "open image in new tab" is implemented?

      I hope I am wrong, but at the moment it looks like chilling.

      Best regards,
      ouser91.

      Win 7, Dell, 8GB RAM

      Reply Quote 0
        1 Reply Last reply
      • sgunhouse
        sgunhouse Moderator Volunteer last edited by

        No. If anyone can access the image it is because Facebook is not requiring a password. Opera doesn't own the fbcdn domain - Facebook does.

        Reply Quote 0
          1 Reply Last reply
        • ouser91
          ouser91 last edited by

          Anyway the images get public.

          Reply Quote 0
            1 Reply Last reply
          • sgunhouse
            sgunhouse Moderator Volunteer last edited by

            Try it without using Open image - there should be an option called Copy image address on the menu too. Type that address on another computer (or just open a private window and paste it in the address bar) and see if it opens. If it does, then the image always was public as long as you knew the address.

            Reply Quote 0
              1 Reply Last reply
            • ouser91
              ouser91 last edited by

              It works either. So, it makes your chat images accessible to everyone with Internet access.

              Reply Quote 0
                blackbird71 1 Reply Last reply
              • blackbird71
                blackbird71 @ouser91 last edited by

                @ouser91 The picture's URL is the digital pathway into the hosting server where the image is stored. If user-access authentication when visiting that URL isn't being required, that's a basic issue (or 'fault') with the picture's server and its operators - in this case, Facebook. While that picture can apparently be accessed by anyone following the exact same URL path, the address structure itself is rather complex, which provides a modest level of access limitation. Facebook is apparently relying on the fact that one must have the full, correct address to access the picture; so in that sense, the picture hasn't been made fully public unless one knows (or can guess) the correct full address. Regardless, that is indeed a weak 'security' approach.

                In any case, it reinforces the wisdom that publishing pictures to the Internet in any way should be done with the expectation that they are never fully "private" - if only because the hosting system will have access and can either mine the images or be hacked (internally by employees or externally by 'black hats')... as various celebrities have discovered to their embarassment or extortion.

                Reply Quote 0
                  1 Reply Last reply
                • ouser91
                  ouser91 last edited by ouser91

                  @blackbird71 Understood, but let's not mess voluntary publishing to Internet with chatting in Messenger. When, e.g. in Google Drive, one chooses to share an image, there is an option to create a shareable link, and there is an alert saying the image will be accessible to everyone with the link. Here, with Facebook sidebar, one does not publish anything, the unsuspecting users just operate on their local PCs, and that creates public links to the file. I think chats are supposed to be fully private, and FB might share some metadata/maybe even data samples in anonymized form to sell you ads, but 100% not make raw images visible to everybody, w/o notifying you.

                  Reply Quote 0
                    1 Reply Last reply
                  • sgunhouse
                    sgunhouse Moderator Volunteer last edited by

                    You try it in a regular Facebook tab? Or in a different browser to start with? Facebook has never been known for their security,,,

                    Reply Quote 0
                      ouser91 1 Reply Last reply
                    • ouser91
                      ouser91 @sgunhouse last edited by

                      @sgunhouse Thank you for the prompt responses indeed. At the same time, I don't think going back and forth with details is a constructive approach here. I think I have described the issue in full. Anyone with Facebook and Opera is free to check that with a couple of clicks.

                      Reply Quote 0
                        1 Reply Last reply
                      • First post
                        Last post

                      Computer browsers

                      • Opera for Windows
                      • Opera for Mac
                      • Opera for Linux
                      • Opera beta version
                      • Opera USB

                      Mobile browsers

                      • Opera for Android
                      • Opera Mini
                      • Opera Touch
                      • Opera for basic phones

                      • Add-ons
                      • Opera account
                      • Wallpapers
                      • Opera Ads

                      • Help & support
                      • Opera blogs
                      • Opera forums
                      • Dev.Opera

                      • Security
                      • Privacy
                      • Cookies Policy
                      • EULA
                      • Terms of Service

                      • About Opera
                      • Press info
                      • Jobs
                      • Investors
                      • Become a partner
                      • Contact us

                      Follow Opera

                      • Opera - Facebook
                      • Opera - Twitter
                      • Opera - YouTube
                      • Opera - LinkedIn
                      • Opera - Instagram

                      © Opera Software 1995-