Wednesday, March 1, 2017

Facebook is censoring the web

tl;dr: Facebook copies and stores GIFs from other websites by converting them to mp4 videos.

Driven by my curiosity and by chance, I did this interesting and a bit polemical finding.

I was browsing a friends wall and noticed an old GIF I published there. It was a funny picture of an actor. When I click on it to open the original website I encounter myself with a security warning, and there was no way to proceed to the apparently "unsafe website".

Original post

Malicious website warning

By checking the source HTML of the page I discovered that the gif that I was seeing in my friends wall was an infinite loop video hosted in Facebook's servers "video-lga3-1.xx.fbcdn.net". And I was able to see the video in an embed player.

HTML source of the page

Embed video direct link hosted by Facebook

Finally, one last interesting thing is that Facebook stores and sends along the original URL of the image, but this is encoded and as part as their URL requests. Maybe they are using this to do some sort of caching?
This last finding allowed me to recover the original url:


Now I am able to share again the link with other friends, outside of Facebook.