Instagram is a society owned by Facebook. People using Instagram usually use their Facebook account to register on Instagram….So far, so good right ?!

Since Facebook / Instagram cares about our privacy, there is the possibility for users to make their account private. What does that mean ? It means that Instagram users can’t follow you (and therefore see your pictures / profile) unless you, the account owner, have accepted the following request.

First, let’s check out our privacy settings on our Facebook account to see how much someone not knowing you, not having a Facebook account can know about you…

So it seems that you can’t access to my profile if you don’t have a Facebook account. Good ! This is what I expected.

Now let’s go on Instagram and see if this Facebook profile has an account linked to:

That’s a match ! But the account is private…. So let’s create an Instagram account with a simple (valid?) email address so I can send a request to other Instagram users.

Let’s make a request and see what happens :

Instagram de facto makes suggestions based on the profile friend’s list. Here the request has been sent but not accepted yet by the user (me) !

The people displayed in the suggestion frame are my friends on Facebook that have an account on Instagram.

Based on this fact, one could use this suggestion list as a leverage to :

1/ Bypass Facebook privacy users’ settings;

2/ Enumerate users’ Facebook friends list (only the one that have an Instagram account).

All you need to do is register on Instagram with a valid email address to then start linking / mapping relationships from an individual.

Take it a step further and investigate on other people on Instagram. I’ve chosen to pick a friend of mine so he could confirm me that the suggestions I’ll get from Instagram are indeed his friends on Facebook:

My friend confirmed these persons in the suggestions are all friends with him on Facebook.

To conclude, even though Facebook enforces privacy settings from your Facebook account, it fails to properly respect your privacy choice when using Instagram and here’s the proof of it. As far as I know, there’s currently no way to avoid this from happening at the time of this writing. It’s a shame when you know that Instagram is owned by Facebook…