Facebook crawls links in PDFs you send in Messenger

Facebook spies on everything you do. Stop using it. This is the only way this will end. It's not even a useful product. Stop being sheep.

And if they didn't the headline would read: "Facebook fails to stop malicious and illegal content from being shared on their Network! Should they be shut down?!"

This will keep happening until they enable e2e.<p>I’ve had Facebook block several links sent in private message groups, to completely legal and safe sites (Messenger prints out an obscure API error and refuses to send the content). They have done this for a long time.

My company&#x27;s malware detection crap on my work laptop once scanned a PDF of a security research paper I was reading for my project, found a link to a web site with malware on it because that&#x27;s what the research was about, and then it summarily deleted the PDF to &quot;protect&quot; the company from that link.

Not in the least surprising. Wouldn&#x27;t be surprised if Gmail does this to...&quot;detect phishing&quot; (pdfs containing phish links are common). Always a plausible reason they can use.

Microsoft does this with Skype too. They say it&#x27;s for detecting malicious links.

This should not be news to anyone. Facebook scans all links posted in Messenger.

Could someone effectively DOS another site using this method by including a bunch of links that generate a lot of load?<p>Would be interesting to see if Facebook has a maximum number of links it&#x27;ll follow.

Sidenote i wonder why FB doesnt launch a search engine since they crawl most of the web anyways

You can also use canary tokens for this. [1]<p>I am not personally affiliated with them, but I believe they are South African.<p>[1] <a href="https:&#x2F;&#x2F;www.canarytokens.org&#x2F;generate" rel="nofollow">https:&#x2F;&#x2F;www.canarytokens.org&#x2F;generate</a>

The galaxy brain maneuver here is to start trying to fuzz whatever machines Facebook is using to do this.

While I don&#x27;t like FB this is not something related to PDF, they provide quick preview for all links like almost all social networks

This feels like it could be an attack vector. Gather intel on what the user agent is, nmap the IP, possibly find a vulnerability in the parser or the server.

Huh, but why?<p>I can totally understand <i>scanning</i> a PDF for links to look for malicious links to protect users.<p>But that wouldn&#x27;t involve actual HTTP requests to them.<p>I&#x27;m struggling to imagine what purpose this could have.

There is a way to send any type of file through messenger without facebook snooping into your private life.<p>1. Compress the file you want to send in an password protected zip. 2. change the extension of the Zip file (.zip) to text file (.txt). 3. Send the file trough Messenger.<p>I already did it to send MacOS application to a friend. To avoid size restriction, compress in several zip parts, rename the extentions to .txt and send.<p>File size can be as high as 50mb+.

Are there any comparable hosted messaging services that don&#x27;t do this?

A good way to enable delivery tracking for PDFs over messenger, I guess!

Would making a passworded PDF file help a bit? Then you can tell them the password by a separate message.<p>(And, I don&#x27;t use Facebook, anyways.)

seriously. how many times has the world tell you to stop using facebook?<p>stop using facebook. and no, there is not a single reason for you to be there. trust me. how do you think we lived our lives before there was a facebook?

I only use the messenger thing on the Facebook webpage. I don’t generally install apps on my phone as I don’t trust them. I trust an ad company like Facebook the least.

Let’s play this game

Facebook: we can crawl you but you can&#x27;t crawl us!

Not to be flippant, but if you choose to use Facebook you are already throwing your privacy to the wind, and you are probably getting what you deserve.