Skip to Content

Why did Facebook remove the view as option?

By: Author Elizabeth Wilson

0 Comments
Why did Facebook remove the view as option?

Facebook’s “view as” feature allowed users to see what their profile looked like to other people. This enabled users to preview their profile as a friend, public user, or entirely logged out of Facebook. The feature provided insight into exactly how profiles appeared to different audiences.

When did Facebook remove the view as option?

Facebook removed the view as profile feature in September 2018 after discovering a security issue that impacted 50 million accounts. Attackers exploited a vulnerability in the view as feature to steal access tokens and take over user accounts.

What was the security issue with the view as option?

The view as feature vulnerability allowed attackers to steal the access tokens of accounts. An access token is like a digital key that keeps you logged into Facebook so you don’t have to enter your password every time. It allows you to stay logged into your account on apps and websites that use Facebook Login.

Attackers exploited the view as feature to generate access tokens for any Facebook account. This meant they could potentially take over any Facebook account. Access tokens for 50 million accounts were stolen in the attack before Facebook identified and fixed the bug.

How did the attackers exploit the view as option?

The attackers exploited a combination of vulnerabilities in Facebook’s code to gain access to user access tokens. Here are the key details of how they exploited the view as feature:

  • The view as feature allowed users to see their profile as a public user not logged into Facebook. This preview mode didn’t properly validate authentication and authorization.
  • Attackers were able to generate and access the access tokens of any user while previewing profiles in view as mode. They scraped large amounts of access tokens through automation.
  • Access tokens were not revoked when users left view as mode. This meant stolen tokens remained valid even after previewing.
  • Access tokens provide permissions to user accounts. With a valid token, the attackers could take actions on behalf of compromised accounts.

By exploiting these vulnerabilities together, the attackers were able to steal valid access tokens for any account. This provided full account access without needing the account password.

How did Facebook fix the security issue?

After discovering the attack, Facebook took a number of steps to fix the security vulnerabilities and protect accounts:

  1. Disabled the view as feature to prevent further exploitation of the vulnerabilities.
  2. Revoked the access tokens that were stolen, which logged affected users out of their accounts.
  3. Refreshed all user access tokens to protect accounts from additional compromise.
  4. Addressed the coding flaws that allowed the vulnerabilities to be exploited.
  5. Supported users in securing their accounts by prompting password resets and other protections.
  6. Continued investigation into other potential impacts from the attack.

These measures stopped attackers from being able to access accounts through compromised tokens. They prevented further account takeover once the vulnerabilities were fixed. However, disabling view as was necessary to fully close the security gaps.

Why did Facebook remove view as permanently?

Facebook ultimately decided to remove the view as feature permanently rather than trying to fix and re-enable it. There were a few key reasons behind this decision:

  • Significant vulnerabilities – The bugs that allowed view as exploitation were fundamental to how the feature worked. This made bolstering security without fully reworking the feature very challenging.
  • Safer alternative preview options – Facebook has other profile preview options like previewing as a friend. These options were not vulnerable to the same flaws.
  • Broad usage – View as was used billions of times annually by a high percentage of Facebook users. This high usage meant high risk if vulnerabilities resurfaced.
  • Focus on security – Facebook prioritized preventing future abuse of data security flaws after highly publicized issues like Cambridge Analytica.

With these factors in mind, Facebook decided removing view as was the most prudent option to maintain account security. Other preview options achieve similar functionality for users without the same risks.

What alternatives are available without view as?

While view as provided helpful profile previews, users still have options to see what their profile looks like to others. Some alternatives include:

Previewing as a friend

Facebook allows users to preview their profile as a friend sees it. This shows how the profile appears when logged in and connected as a friend on the platform.

Switching between accounts

Users with multiple Facebook accounts can easily switch between them to view their various profiles. This provides visibility into how the different accounts appear.

Logging out

Users can always log out of their account to view it as a public, non-logged in user would. This option still exists without the view as feature.

Getting feedback

Asking friends and connections for feedback on your profile is another way to understand what your profile looks like to others. Their perspective can identify aspects you may not notice yourself.

Previewing posts and photos

When sharing individual posts and photos, users can still preview how they will appear to others before publishing them.

While not as robust as view as, these options provide alternative ways to preview profiles as they appear to friends or public users. They allow basic visibility without the same security risks as the removed view as feature.

Could Facebook bring back view as in the future?

Facebook has not indicated any plans to reinstate view as capabilities. The factors that led to removing the feature likely remain barriers to bringing it back. However, Facebook could potentially reintroduce some form of view as functionality down the road if:

  • They completely rework the feature to eliminate the vulnerabilities.
  • New technologies emerge that allow similar previews without security flaws.
  • User demand grows for more robust preview options.
  • Facebook shifts priorities and focus on capabilities over security risk.

But the company would likely proceed cautiously given the previous issues. Thorough security reviews and gradual, limited rollouts would be necessary. Overall, view as or similar features returning seems unlikely in the near future but can’t be ruled out long-term.

Conclusion

Facebook removed the popular view as profile preview feature due to significant security vulnerabilities that allowed account takeover. While useful for users, the flaws with view as posed too much risk to Facebook’s platform security. Alternatives like previewing as a friend provide some capabilities without the same risks. However, Facebook shows no signs of reinstating view as any time soon after removing it to protect user accounts.

Related posts:

  1. What Are Facebook Shortcuts?
  2. Is Facebook Shortcut Random
  3. Are facebook shortcut public
  4. Why Are There Always Shortcuts of Friends Showing Up Facebook App