Hack: Google for Facebook Photos Interpretations #OSINT

booleanstringsBoolean, Google, Hack, OSINT Leave a Comment

Based on the following two behaviors from the tech giants:

  1. Facebook interprets pictures and inserts the interpretation into its public pages HTML code
  2. Googlebot indexes these interpretation phrases

– you can reveal lists of members’ names and profiles based on Google’s image search.

The two Facebook phrases most common for tagging photos are:

  1. “Image may contain… “, for example, “image may contain 7 people.”
  2. “Text that says,” for example, “text that says right to left.” 

As an end-user, you cannot see the phrases on the pages, but they appear in Google’s indexing. (I will skip discussing the reason.)

Example X-Ray (note that I am searching in “photos” for better results):

Try a similar search and count people in a picture. Facebook is excellent at recognizing and counting us!

(You can also search for cats, mice, elephants, or fights, guns, and other things. It is an OSINT technique for sure.)

Now, make the search more useful by a) customizing to your recruiting needs and b) specifically looking for pictures where people are tagged. Use your target terms, words pointing to lists, and words for photos with people. It can be a hit and miss; vary the strings a lot. Example:

Here are some example lists you can uncover (one more is at the top of the post):

(Zoom “selfies” is a category of its own!)

Your comments are welcome!

Leave a Reply

Your email address will not be published. Required fields are marked *