Long back, security experts and hackers found a serious security flaw on Facebook which allowed them to view private photos on Facebook with a small tweak. Facebook security flawed in that. Developers started to develop browser scripts which allowed people to see locked private profile pictures. A locked profile picture refers to a one which cannot be viewed in theater view or enlarged view. People even can't comment on it. This privacy holds good when a person doesn't wants to share a high resolution photo what he uploads.

People want to have privacy on their photos. There are people who keep pictures as their profile picture that does not contain pictures of them. That may be purely due to privacy of their own self. But still if they think that they want people to find them easily, then they should have their own picture as their profile picture. It is lucky for such people that Facebook provides a privacy feature to make a profile picture private.

As Facebook have common type of URLs everywhere for photos, it made me to guess the public URL of the enlarged URL of the locked profile picture. By changing some parts in URL, we can view the picture in enlarged form. All you need is to, learn the structure of two URLs. One is the short 160 x 160 px image which you will see this on people's timeline. The other is, the public URL of the same image which is enlarged. This enlarged image will be in the full resolution what the profile owner has uploaded.

The below is the structure of an enlarged profile URL.


The last part of the profile picture determines some property of your picture. The letter n which is defined before the extension of the image determines the size of the picture whether the public URL refers to a thumbnail or full size image. The n can be replaced with the letter t to view the thumbnail sized image. Each picture on Facebook is determined by a unique ID by Facebook. The number 123456789012345 determines the actual fbid of a picture.

When we copy the public URL of the image i a locked profile picture, the URL will be twisted somewhat like the one below which contains the size of the image too.


Facebook has hosted images at Akamai for making the site to be more faster while loading. If you wonder why Facebook is so fast that any other site when it contains many elements on their site, then this will be the answer.

To view a locked private profile picture on Facebook, you just need to change some elements in the public URL of the image. Here are the steps to view a locked private profile picture.

Step 1: Go to your friend's timeline whose profile picture cannot be enlarged. That is, one who have kept their Privacy Settings to "Only Me".

Step 2: Right click on their profile picture and click on Copy image URL.

View locked profile picture on facebook

Step 3: Copy the image URL and paste in a text editor like Notepad.

Step 4: Remove the following part of the URL in the image URL you have copied.


And, replace them with the following:


If the above URL string doesn't work, try with the below.


Step 5: The last part of the picture URL will be always the same. Now, just launch the URL which you have made changes. You will be getting the full size of the image that is locked or made private.

I don't know why Facebook should provide a public URL for all pictures but it will be nice if this flaw is fixed.

Share your thoughts here. If you have any comments or queries, please comment below. Do not forget to share this URL.