Just to set any minds at ease after the initial shock:
The link I posted is just a generic bad id link that ends up redirecting to your own Facebook profile if you are currently logged into Facebook. Anyone logged into Facebook will see their own profile.
The link joering2 posted OTOH is actually to my Facebook profile. But:
A) I don't really care (anything I put on my Facebook profile is assumed to be 1000% publically available information anyway).
Interestingly, the string of numbers is a real user id. I presume it defaults to your own profile because facebook.com/profile.php goes to your own profile, and fb simply ignores the malformed parameters.
Nope, the trick is that he's skipping the "id=" part between the '?' and the user ID, so the param is not being passed properly and thus the link is processed as just 'profile.php' without params. The link https://www.facebook.com/profile.php?id=yaddayadda would work propperly.
The link I posted is just a generic bad id link that ends up redirecting to your own Facebook profile if you are currently logged into Facebook. Anyone logged into Facebook will see their own profile.
The link joering2 posted OTOH is actually to my Facebook profile. But:
A) I don't really care (anything I put on my Facebook profile is assumed to be 1000% publically available information anyway).
B) Turnabout is fair play