Introducing-Graph-SearchFacebook recently launched a notable new feature known as Graph Search. Mark Zuckerberg highlighted this feature as one of the 3 pillars of Facebook (after Newsfeed and Timeline) that make the social network relevant and personalized. But how safe is Graph Search? We feel that there are several security and privacy concerns that accompany this feature and it is essential for users to be aware of the related privacy settings.

What exactly is Facebook Graph Search?
Facebook Graph Search is a service that lets people use natural phrases as search queries when they are logged onto their Facebook profile. They then receive personalized results (related to themselves or their friends) for these queries. Such search results will make Facebook searches similar to Google web searches. However, the major difference is that the search results will be specifically based on a user’s friend network.

Facebook-Graph-SearchTo illustrate, one can search for “Chinese restaurants my friends like” or something like “Pictures of my friends in Goa”. One can also post queries like “Photos I have liked” or “Friends of friends who work or study in ________”. Graph Search intrinsically allows a Facebook user to find things based on relationships and context. The feature utilizes the endless collection of Likes, tags and check-ins that have been posted by more than a billion Facebook users all around the world. This means that Graph Search also works as a recommendation engine for people to see what their friends like.

How is Facebook Graph Search a threat?
While it is easy to see the benefits of Graph Search, the reality is that scammers and phishers will also use this feature to carry out social engineering attacks more advanced than those we know of. Many Facebook users could also end up facing potentially embarrassing situations thanks to the accumulation of the data they have posted.

It is also plausible that some users will carry out unethical searches. Some groups of people may also look for something accusatory and then vilify Facebook members for what they find. Governments could also use Graph Search to find people who are affiliated to something that they feel is inappropriate. This will increase censorship and moral policing and will threaten the freedom of the Internet.

Graph-Search-exampleOn the upside, the information that can be seen through Graph Search is already present on Facebook and the feature simply collects and presents it .But it is also safe to assume that Facebook will eventually use this information to better target advertising efforts and will thus end up invading user privacy as a result.

The major threat though, is that phishers can gain a lot of information about their potential victims. This information can be used to tailor phishing attacks to specifically target a victim. Corporate employees can also end up revealing too much information which can be easily viewed via Graph Search. So companies need to include Facebook or social media training as a part of their security awareness initiatives. The fact is that all micro-targeting tricks that have been used by online advertisers for so long will now be available to cyber criminals as well.

It seems that Facebook users cannot opt out of this feature anymore, which is a shame. But what users can do is adjust their privacy settings to prevent their Likes and other information from being visible to everyone. Graph Search does take into account the preferred security settings of users. However, many users do not actively adjust their privacy settings and many others are simply unaware of them. These people will be affected the most as their information will be visible to anyone. In addition to adjusting their privacy settings, Facebook users are also advised to install the latest version of system protection software  to stay protected from phishing attacks and other social engineering tricks.