Facebook Open Graph Tags Modification

A couple of weeks ago, I discovered that Facebook allowed you to change the title and description of links that you post. This allows you to craft some pretty interesting posts. For example:

I was puzzled by Facebook's decision to implement this feature. The grey all-caps text at the bottom is the domain name where the alleged content is supposed to originate from. This field cannot be changed. Therefore, I would be more willing to click on a link if the domain is a well known one, e.g. FACEBOOK.COM, GOOGLE.COM or APPLE.COM and so on.

By allowing users to change the content of the post, they are essentially allowing users to "put words into the mouths" of these organizations. Once users click onto the link, they will realise that the information in the post is bogus, however there is the possibility that users may simple share the link without clicking into it, thus spreading misinformation. We have seen numerous similar cases where journalist have retweeted fake news story without verifying because they want to be the first to get the information out there. Some of these have even resulted in substantial real world impact such as a crash in the stock market.

The only legitimate use for such a feature is the ability to insert a more relevant paragraph of text from the article itself. However, in my opinion, the negative effects far outweigh the positive and such a feature should never have been implemented in the first place. Most major websites have been optimised and the open graph text and description should be fairly relevant to the page content.

Instructions

instructions

Contrary to most beliefs, this is a feature built into Facebook and not a vulnerability as some have thought. All you need to carry out this "attack" is Google Chrome and a Facebook account. Simply paste the link you would like to share into your "update status" box and wait for the preview to show up. Hover over the title or the description, it should turn yellow, left click to change the content. I have also found that if you perform this on a Facebook page, you also get to modify the image in addition to the title and description.

Disclaimer: I have contacted Facebook prior to this and they have classified it as a "social engineering or spam attack against Facebook users and infrastructure". As far as I know, there are no plans to remove this feature.

Edit on 05/12/16: Facebook has now disallowed modification of page content when posting to your personal wall. However, posting to a page will still work.



Tags: Security

Similar Articles

Rules of Engagement in Cyberspace - Rules of engagement is a concept familiar to most military personnels worldwide. The basic premise of having rules of engagement is to ensure an appropriate level of response or reaction to a ...
Biometrics and Passwords - Many people have the misconception that biometrics such as fingerprint readers are more secure than passwords. It probably stems from Hollywood spy movies showing Top Secret facilities protected ...
The Golden Key - TSA Locks and Encryption - Earlier this year, TSA master keys were leaked and ordinary folks were supposedly able to 3D print these keys and open any luggage with a TSA lock. Despite the huge uproar, I personally feel that ...
Negative space - Sometimes, the lack of information is valuable information. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled "a number of officers" from the ...