Facebook hasn't had the best press about privacy in the past. So, just how private are your photos?

Linking/hotlinking photos from Facebook has been made more frustrating recently due to the 'Theatre' viewer. You can't right click it and copy the URL as you used to be able to, until you remove the '&theatre' section from the URL. I'm unaware as to whether this is possible to turn off. If not, I'd like to be able to. But that's another story.

So once you've removed the theatre, you can link the Image directly. So you share that to a friend, they can see it, even if it's private and you're not a friend. I'm not amazing with web apps, but I'm fairly sure there must be some way of stopping that from happening, especially on something as big as Facebook.

Being the curious type I've had my fair share of these links in conversation. They can then be followed by more of the same person. So comparing the URLs of these images you can spot similarities.

I'm going to use my profile picture URL as an example here.

But break it down further (164027_470164611812_546201812_6281484_80274_n.jpg)

You see there are a number of IDs in this. The 3rd of which is your unique user ID, or whatever Facebook refer to it as, which app developers gain access to once you use their app. (546201812).

Putting that into the url template: http://facebook.com/profile.php?id=#numberhere#. You can trace back from their image URL to their actual profile. However, this would be the profile that the photo belongs to, not necessarily of who is in the image. 

It also seems that some on Twitter use a raw download from Facebook, not renamed, as their twitter image. This means you can again trace it back, as twitter does not rename the file. So if you don't want your Facebook profile to be discovered by others through twitter, just rename the file before uploading.

I'm not sure what IDs the others refer to, but I'm sure they're relevant to something. If you know, please let me know and I'll attribute it in this post.