Creepy ‘hidden’ Facebook API allows you to monitor when your friends are asleep
Security analyst delves into Facebook code to create graphs that present his friends’ sleeping patterns – and shares how he did it
A security analyst has discovered a ‘hidden’ Facebook API that allows users to monitor the sleeping patterns of their friends.
Facebook users will already be familiar with the green dots on the desktop sidebar that show which of their friends are online, and when offline users were last active.
Intrigued by this feature, Alexander Hogue, who works at Australian software company Atlassian, decided to investigate.
Hogue inspected the code on Facebook’s website and found a ‘pull’ request. Or as he puts it on his blog, 'The kind of 100% legit secret undocumented “API” that we came here for.’
After carrying out some reverse-engineering, Hogue realised the code revealed a Facebook user's online status, as well as exactly when they were last active on the website or its Messenger app.
‘This doesn’t seem that interesting at first, since you already know who is online by looking at the sidebar,’ he said. ‘But what if there was someone always watching the little green dots?’
To do this, Hogue wrote a Python program that automatically listens to, and records, all of the 'pull' requests for several of his Facebook friends.
The program produced thousands of log files relating to the online and offline activity data of Facebook users that gave him their permission to be tested.
By using a data visualation tool, Hogue then graphed the log files to present exactly when an individual Facebook user is active throughout the day.
With most Facebook users visiting the website or app first thing in the morning and last thing at night, the graph presents when they are asleep and how regularly they use the social network throughout the day.
‘You can see the amount of rest they’re getting each day – it’s the width of the “asleep” bit,’ said Hogue. ‘Of course, this isn’t perfect, since they might be awake and not using Facebook. [But] having spoken to a few people who were graphed, it’s been a fairly accurate measure of awake/asleep time, as well as “how much do you browse Facebook at work” time.
‘Do you look at Facebook shortly after you wake up? Shortly before you sleep? If so, these graphs are a fairly accurate way to measure when you were asleep, and anyone you’re friends with on Facebook can do it.’
Hogue has open-sourced his project and provides a full guide on GitHub, but he doesn't encourage it.
He also claimed the program could be written to email him every morning with the names and sleep times of all of his Facebook friends who have had, for example, less than six hours sleep.
‘I hope I’ve convinced you that this is real creepy,’ he said. ‘I don’t really want to be able to have the power to do this.
‘I don’t know all the details of how facebook.com uses all the data that’s sent via the /pull endpoint, but it’s kinda creepy that I can see my friends’ status on every device.’