Truly embarrassing Facebook status updates exposed by website


Oh, word. Elliot S. showed up to work two hours late, hungover, and dude, nobody noticed. What a sweet gig!

Here’s what he had to say about it on publicly posted media, just in case his employer didn’t notice:

Post by Elliot S

Elliot S.: you know your job is good when you turn up 2 hours late hungover and unchanged and all your boss says is have a good night?

As opposed to poor Anastasia R., who OMG just hates her boss so much she could, like, kill him, she said publicly online where the entire world including her boss Jay can see her true, misspelled, homicidal, punctuation-challenged feelings:

Post by Anastasia

Anastasia R. Im getting so mad right now I hate my boss Jay I hope he dies better yet I feel like killin him if you in a bad mood don't take it out on everyone at the job like wtf its way to hot to take your shit-_- #Piss off

We know of such anguish because a) these people posted publicly on Facebook, and b) a new site called “We know what you’re doing” has aggregated some of the choicer content for us, delivered courtesy of Facebook via its Graph API, according to the developer behind the new site.

Callum HaywoodThat developer is an 18-year-old named Callum Haywood who lives in Nottingham, England.

As Haywood has written on the site’s “About this tool” page, the site is fueled by a tool he created that queries the Facebook Graph API and outputs the results.

There’s nothing slimy or hackerish about it: as Haywood notes, there’s nothing on the site that’s not accessible to anyone who cares to query the social media site.

Haywood’s site simply filters the raw JSON output, which comes in the form of uniformly represented objects in what Facebook calls its social graph, including people, photos, events, and pages and the connections between them: e.g., friend relationships, shared content, and photo tags.

His site makes the output more useful by, for example, omitting all posts except status updates, and by only showing posts in the last column that contain a phone number.

He’s focused his attention on these four buckets of Facebook status update embarrassment:

  • Who wants to get fired? Haywood’s tool populates this category by searching status updates for phrases such as “hate my boss.”
  • Who’s hungover? Searches for “hungover” in updates.
  • Who’s taking drugs? Searches for words such as “cannabis.”
  • Who’s got a new phone number? Searches for phone numbers.

Do these people want this information to be posted on a Facebook status update aggregator devoted to pointing out how oblivious so many people are to privacy settings?

Likely not, Haywood admits. His answer, from the site:

Probably not to be fair, but it was their choice, or lack of, with regards to their account privacy settings. People have lost their jobs in the past due to some of the posts they put on Facebook, so maybe this demonstrates why. Efforts have been made to remove any personal data from the results, such as the actual phone numbers, surnames, etc. The data is still easily accessible from the API, the filters have been put in place to protect the site from legal issues.

He went on to tell CNN that he put up the site to raise awareness about blithe oversharing, given how “shocked” he was to see what people reveal in their public Facebook posts:

"I created the website to make people aware of the issues that it creates when they post such information on Facebook without any privacy settings enabled. The people featured on the site are most likely not aware that what they post as 'public' can be seen by absolutely anybody, and that Facebook will happily give away this information to other websites via its Graph API."

We know what you’re doing isn’t the first social media aggregator launched with the express purpose of showing how people don’t think before posting.

Please Rob Me is one such. Launched in Feburary 2010, the site uses checkin data from the location-based Foursquare social network that’s subsequently posted to Twitter.


When the information becomes publicly available on Twitter, it makes it theoretically possible for a robber to know when you’re away from home, one of the founders, Boy van Amstel, told Time.

Well, maybe it was theoretical when they launched the site, but it’s sure not theoretical now.

That was evidenced on Sunday, when the Associated Press reported that two burglars in Anderson, SC, broke into the homes of friends after reading their Facebook updates to find out when they’d be away from home.

Hangover. Image from ShutterstockIf you post updates publicly, your boss can read your rants. Potential or current employers have a harbor-front seat to whatever flavor of debauchery floats your boat. Stalkers and con artists can get your phone number.

At the very least, people have got to start paying attention to Facebook’s privacy settings. This isn’t Facebook’s fault, after all.

If you don’t want to show up on Please Rob Me or on We know what you’re doing, just go to and make sure the Control Your Privacy setting isn’t “Public.”

As Haywood says on his site, you can set it to “Friends.” But as the SC burglary makes clear, even that’s no guarantee that you’re protected.

Be careful whom you friend on Facebook. Be selective about your privacy settings, using Custom settings to ensure that questionable Friends won’t see when you’re away from home.

And a quick note for all the truly sad, anguished people posting publicly on Facebook: Waddah Z., congratulations on overcoming your cannabis addiction. Kevin M., I’m sorry for the loss of your father.

I hope that this public sharing of your updates doesn’t worsen your situations.

Namaste. May things get better for you.

If you want to learn more about privacy and security threats on Facebook and elsewhere on the internet, join the Sophos Facebook page.

Lazy young femalek image courtesy of Shutterstock.