As part of an ongoing series on addressing data abuse, Meta recently shared an update on how our External Data Misuse (EDM) team is protecting people from cloned websites. Today, an official blog detailing ways to block the harvesting of Facebook Identifiers (FBIDs) on Facebook.
Most companies use unique identifiers in the URLs of their websites. Identifiers are a way to uniquely reference people or content, such as posts, images and videos. Within Facebook, these identifiers are called FBIDs and they are used to load content for people.
Harvesting is the automated collection of data from a website or application, which can be done with or without authorization. Unauthorized harvesting usually involves guessing identifiers, or using purchased identifiers to harvest data from people. In some cases, harvesters collect identifiers and collide cross-screening phone numbers or other publicly available data to create reusable datasets that are sometimes sold for profit.
The figure shows an example of a Facebook post with a PFBID in its URL
With this in mind, Meta created pseudonymized Facebook identifiers (PFBIDs), which combine timestamps and FBIDs to generate a unique time-rotated identifier. The ability to gradually remove access to the original identifier helps stop unauthorized data scraping, making it harder for attackers to guess, connect and repeatedly access data.
These identifiers are not designed to prevent browser tools from removing tracking components from URLs; the process is designed to better protect people’s privacy from certain types of enumeration and latency attacks while retaining the ability for long-lasting links.
Users can read additional updates and insights on privacy initiatives on Facebook’s “Privacy Matters” page at
