Profile picture unblock for Facebook [June 2014]


<A random day in college>
Sign in, Click, Scrolldown, Scrolldown, Click, Scrolldown, Click, Click, Refresh, Click, Click, Click
<Nothing happens>
Hmmm.. Why doesn’t this photo expand and zoom? Opens another browser.
Sign in, Scrolldown, Scrolldown, Scrolldown, Scolldown, Click, Scrolldown, Click, Click, Refresh, Click
<Nothing happens>

I had been trying to view a friend of friend’s profile picture on Facebook and clicking on the thumbnail did not show me the full photo. I was annoyed. How was I supposed to accept the friend request if I couldn’t identify the person from a zoomed out thumbnail size photo? This person had probably set the profile picture settings to be visible only to self.

As I sat there, I remembered reading about Facebook’s photo storage architecture. It was a paper titled ‘Finding a needle in Haystack: Facebook’s photo storage’ [1]. I had read this in my first semester at Georgia Tech in Advanced Operating Systems class in 2012. Although I couldn’t recall the exact contents of the paper, I distinctly remembered the way browser requests to photos were served up via CDNs. Also, I had been paying extra attention to URLs ever since my earlier hack to circumvent Quora’s sign in policy. As I examined the image URL for profile pictures, I found that the size of the image was explicitly mentioned in the URL. Also, the image URL did not change when the privacy setting for that image changed. WHOA! This had several implications :-) After several attempts, I found that just removing the size portion in the profile picture’s URL returned the full size image.

So there I was, able to retrieve the full size profile picture of any user even if that user had set the privacy setting for the picture to just himself. The first thing I did next was to see if I could report this to Facebook. To my surprise, their bug reporting page explicitly stated not to report cases like these. Oh well, I guess this is their architecture after all and they obviously knew about it. It felt like they designed it like this intentionally to cut corners. Although I was able to see the full-size profile picture now, I hadn’t solved my problem yet.

Solving my problem:

Chrome extension Icon

Grabbing the image URL, editing it and pasting it back on a different tab was a chore. I didn’t want to do this manually again. And some of my friends wanted to use this too. So I wrote a browser extension which would do the following: Whenever it encounters a profile picture on Facebook that was not clickable, it would modify the HTML to make it point to the full size profile picture. The profile picture would be displayed in a manner similar to any other profile picture, so that the Facebook experience wouldn’t be broken. This browser extension would always be running in the background, thus making the whole thing seamless. Problem solved.

Installation: 

The browser extension is available for free here (For Chrome browser): Profile Picture Unblock for Facebook

Source code: 

https://github.com/arunpn123/ProfilePictureUnblockForFacebook

Resources: 

[1] Finding a needle in Haystack: Facebook’s photo storage

Update 1: (December 2014)

Facebook updated their backend. The CDN links to access the full size profile pictures were no longer accessible. They also modified the Facebook page DOM a little bit. I added a workaround to my extension to fix it. The extension now uses Facebook Graph API to retrieve the full size profile picture.

Update 2: (January 2015)

Facebook updated the profile picture settings silently. Now all profile pictures can be viewed at full size regardless of your privacy settings. Thus my extension is no longer required. :-)

(I had around 300 users using this extension at this time.)