Users will accept friendship request from anyone if they have enough mutual friends

Nov 30, 2011 07:58 GMT  ·  By

A Brazilian security researcher set up an experiment to prove that he can get anyone to accept a Facebook friend request in a matter of hours, showing how privacy is still a major issue when it comes to social networking website.

According to Psyzone, Nelson Novaes, a researcher in the field of online security and behavior, made a proof of concept to demonstrate how easily people can be manipulated on social networks and Facebook in particular.

By creating a fake account that perfectly cloned the one of a manager, he set in mind to befriend a female security worker that worked for him, named for the purpose of the study SecGirl.

He started by going after the friends of the friends of the manager and within an hour, 24 out of 432 request were accepted, even though most subjects already had the manager as a friend.

Then he went on to the direct friends of the manager who also rushed to accept the friend request even though they already had the real profile in their contact lists. Finally, after seven and a half hours, after seeing that a lot of mutual friends were adding the cloned profile to their contact list, SecGirl gave in and accepted the request from the clone account.

With this, Novales wanted to show how users will befriend anyone if they have many mutual friends, even if they have no idea who the person actually is or if they suspect that the individual is up to no good.

“People have simply ignored the threat posed by adding a profile without checking if this profile is true. New Technologies have loopholes, but it is up to the users to be aware of this type of flaw. Social networks can be fantastic, but people make mistakes. Privacy is a matter of social responsibility. There is no solution. We must make good use of the social network and we are alone in this task,” said Novaes.