You’d be hard pressed to find an information rich source as robust as Facebook. With over 2.7 Billion active users (including my own grandma), it has to be a first stop for anyone conducting online research. There has been much written about gathering information from Facebook, and it remains one of the more popular OSINT subjects, which will likely continue until the simply misunderstood Google + makes its triumphant return to glory and… oh hell, nevermind. Let’s move on.
In trying to prepare for this, I spent many hours sketching out thoughts on my favorite tips and tricks for blue big brother, and eventually it became apparent that unless I wanted to write a book instead of a blog, this needs to be whittled down. Perhaps it’ll end up being a series of blogs one day. And perhaps I’ll print them all off, bind them, and make a cover page sporting a wind-blown, bare-chested, golden-haired super hunk, perched atop the rocks on a beach at sunset. (age check: If you’re super confused about what you just read, and you didn’t know that was a reference to Fabio, or if you thought of Fabio, but only know him as the guy in the butter commercials… you are too young to be reading this blog.)
Turns out it’s basically impossible to find a royalty-free image of Fabio online, and I’m not much for getting sued, but whoever this guy is, he doesn’t mind standing in for free. Besides, after a few beers, you can hardly tell the difference anyway.
So, this write-up is for my 3 favorite Facebook tips & tricks that I think everyone investigating online should know. One is technical, one is a URL, and one requires a little intuitive thought, which of course you have a truckload of. A preface… the thing you’ll never see from me is trying to take credit where it’s not due. I view my role here in large part as being someone who shares what knowledge I have gained through some trial & error, but mostly research, in a semi-relatable and poorly-written way. Regarding these tips, I can only take credit for teaching myself one of them, and while the other 2 have appeared in print all over the place, my earliest learning of them came from Michael Bazzell. Bazzell just released the 8th Edition of his book, and while tons of incredible free information exists online from stellar sites and collectives (like my favorite, the OSINT Curious Project), as far as books go, it has become widely regarded as the OSINT bible. Anyway, off we go…
The first tip is a URL you’ll want to have handy, so you can easily edit it with your target profile IDs and go:
https://www.facebook.com/browse/mutual_friends/?uid=1&node=2
This is known as the “mutual friends search” where the numbers 1 and 2 are to be replaced with profile user IDs. Basically, you’re asking Facebook to provide you a list of all friends common to 2 different accounts. The real beauty of this search is that it can work even when one of the profiles has their friends list set to private.
Finding a facebook profile ID is as simple as right clicking on the profile’s page, selecting view page source, then pressing Ctrl + F and searching for “userID” without the quotes. The ID number will follow, looking like this:
Let’s talk about that for a minute…
Say you’re conducting online research and having a hard time finding your target profile. Being the top flight investigator you are, you begin searching for people in their close orbit based on information you’ve gathered from other online sources. Perhaps relatives, close friends, members of a similar social/interest group, friends/followers from a different social platform, co-horts from arrest records, a significant other from a baby registry, etc etc. If you manage to find some of what I call “orbit profiles” (people you know will most likely be connected to your target if your target actually has an account), but you’re not finding your target, perhaps the mutual friends search is in order! To put it another way, if your yet-unlocated target profile is Martin Robinson, Sesame Street Puppeteer, and you don’t know that he goes by the vanity name Young Snuffleupagus, you need some help. If Martin’s adorable grandma is on facebook, but has 1,000 friends, manual review is out of the question, ain’t nobody got time for that! What if you asked Facebook for mutual friends of nana and Martin’s wife, Annie? Suddenly, you’ve only got 50 people to review and ol’ Snuffy is bound to be one of them!
This trick also works well if you’re trying to develop a list of friend connections for a locked-down profile. Take your locked down profile, and run a mutual friends search with anyone who liked or commented on anything of your target and gather up those lists via a scraping tool, add them all together and boom… you’ve got a pretty decent list of people who are friends with your target!
****EDIT**** in the Spring of 2021, Facebook killed off the following “page role trick” so it no longer works for searching an email address. Leaving this here for posterity, and to remind myself of how great life was “back in the day”.
Next up is a somewhat technical tip, again something I learned years ago from Bazzell’s book (actually, I think I might have read about it on the now-defunct forums on his website but my dusty old brain can only remember like 3 or 4 things, and 2 of them are the names of cereals I like). Big props to the ever-generous Technisette, who helped me trouble-shoot an issue with this trick and uncover an exception I’ll point out in the write up.
(Also, quick shout out to the HowToFind Bot, which also sent this tip out on Telegram recently, they put out some really great stuff and are worth a follow!)
This one is called the page role trick, and it’s the only known way to still search for Facebook accounts by email. As we’ve discussed in blogs past, much like my dream of being a catalog writer for J. Peterman, Facebook destroyed many of my other important dreams by killing its best OSINT features over the years #RIPgraphsearch. One that survived, albeit in a slightly different fashion is the ability to look up accounts by way of a linked email address.
Here’s a quick explanation of how it works… Basically, you create a new “page” using your covert profile, act like you’re trying to add someone as an admin for that page, open the developer tools, and use Facebook’s predictive analytics against it to reveal whose account is attached to the email address you have. If it works, you grab the userID, slap it on the end of a facebook.com/ URL and off you go! Here’s what it looks like…
First, click on the + in the upper right hand corner of your profile and create a new page:
Add in some info to the boxes on the left and hit save:
Once your page is live, go to settings at the bottom left:
Within the settings menu select Page Roles:
Type the email you’re looking for in the page role box.
When you type the last letter of the full email address, if it’s tied to an account, that account will autopopulate as an option just below the box and you’re in business! If it doesn’t tie, or if the account’s privacy settings prevent it (thanks again Technisette for figuring that headache out), you will not see a result below the box and it’s time to move on.
If you’ve got a match, you’ll be able to see the user name as well as the profile photo. Handy indeed, but we want to take it a step further, especially if that user name is as common as people (asshole scammers) calling me about my vehicle’s warranty.
Open the developer tools for your browser (F12 in Chrome & Firefox) and select the network tab, then the search icon:
In the search box type: ANYONE_EXCEPT_VERIFIED_ACCOUNT and hit enter to filter the information to a more manageable list.
Scroll to the bottom of the list in the search box and expand that entry by clicking the little arrow to the left, then click on the URL line which appears below. Make sure “Preview” is selected from the header in the details box as shown below:
There you’ll see the ID alongside the name. You simply take the user ID and place it after www.facebook.com/ to see the account!
You’d type the result like this: https://www.facebook.com/10002677560191
The 3rd and final tip I have for you is using the new search option on profile pages in the most recent Facebook UI. Not every page will have this option, but if they do, it will look like a magnifying glass either in the area just below the profile photo, or it could be in the 3 dots to the right of that header.
This is something I stumbled across back early last year and wrote a much more comprehensive blog post about, (which I’m sure everyone has already read, bookmarked, printed off, tweeted about, and saved), but just in case… you can read here.
In essence, the search option on a profile page allows you to bring up posts, photos, comments, etc from a profile page which contain keywords or fuzzy search variations of those. For example, searching for the word mother will also bring up results for mom. The best part of this trick is that it will also search tagged posts & photos of that profile, as long as the post by their friend was set to public, even if they aren’t visible on the target profile’s timeline as you scroll the page! That’s a big win for your OSINT investigation.
I discovered this while looking at a profile of someone who I knew was a Sr, and had a son by the same name. I wondered if searching Sr’s wall for their first name might provide some results. As I learned, searching first name, last name, or a combination of the two provided me all kinds of things I hadn’t previously found while scrolling the page!
Here’s an example of what that looks like, but I encourage you to revisit my old blog post for a detailed read.
The profile here is locked down, nothing visible on the wall:
When I search their wall for their first name, suddenly I get results! These are posts/photos that tagged the target profile, and are set to public for the original poster, but were hidden by the target on their own timeline.
This tip can open so many doors for you in your research. If you know family member names, search them to find pivot points. If you’re trying to validate whether you’re on the right profile, try searching for things you know about your target: their job name, their school name, the word birthday, the word kids (that’s where the closes friends/family members will be commenting), and on and on.
The possibilities are practically endless!
That’s it! My top 3 favorite FB investigative tricks. I hope you enjoyed the ride as always, and thank you to everyone who writes me and says they learned something or enjoyed something here. I have almost enough casual fans to start a bowling team, which is pretty good ROI for all the nights spent hacking out this content. I wish I had time to do more, but it turns out writing a mediocre and unpopular blog about a niche subject does not pay the bills, but it sure is fun!