SUGGESTIONS FOR YOU

The simple trick that exposed the FBI director’s secret Instagram account and could expose yours

Well, you got me.
Well, you got me.
Image: AP Photo/J. Scott Applewhite
By

Gizmodo’s Ashley Feinberg has found the private Instagram and Twitter accounts belonging to James Comey, director of the FBI.

At least, she thinks she has (the FBI hasn’t responded to her), and the evidence is pretty compelling. You should read her account of the ingenious but simple sleuthing that led her to them, but the crucial trick she used was a loophole in Instagram that inadvertently showed her an account she would never have run across otherwise. It’s an example of where the privacy controls of platforms like Instagram and Facebook collide head-on with their need to get as many users and connections as possible.

At a public event, Comey mentioned that he had a private Instagram account followed by only nine people, most of them his family. After some Googling and clicking through Twitter, Feinberg was able to identify one of his sons’ Instagram accounts. It was private, but when she requested access, Instagram showed her a list of other accounts she might also be interested in—based, of course, on accounts that the young Comey followed or was followed by.

One of those, reinholdniehbur, had 10 followers (close enough). And though she couldn’t see its contents either, various other circumstantial evidence suggested it indeed belonged to the FBI head, as did a Twitter account, @projectexile7. (Reinhold Niehbur was a theologian that Comey wrote about in college; Project Exile was a program he developed as a US attorney.)

Facebook has a similar privacy hole. Even if you set your list of friends to “private,” strangers can still see part of it by sending you a friend request. Facebook will show them a list of “People you may know,” based on the assumption that they must know who you know. There is no way to prevent Facebook from doing this.

“I treasure my privacy and security on the internet. My job is public safety,” Comey said in his speech. Clearly time to brush up on your techniques, Mr Director.

Update: Comey seems to be taking taking his Instagram outing gracefully, and even showed some GIF chops in a his first-ever Instagram post, published after the Gizmodo article.

In the comments of his photo, he typed “GG [good game] @ashleyfeinberg.”

Update 2: Or maybe not. Feinberg said it’s likely that Comey has abandoned the reinholdniehbur username, allowing someone else to snap it up.