The 18-year-old U.K.-based developer Callum Haywood just pulled the latest prank on Facebook users with leaky privacy settings.
Weknowwhatyouredoing.com pulls public Facebook updates in four categories: people complaining about their jobs, people talking about being hung over, people talking about drugs, and those who recently changed their phone numbers and didn’t realize they were announcing the new number to the world.
“Just an FYI I forgot to put out there, I’ve got a new Phone Number. For all those interested it’s 0776x010x06. Text me and lemme know who you are so I can add you,” writes one user in a typical update.
In the first version of the site, Mr. Haywood censored nothing and included users’ full names and links to their profiles. The phone numbers were also uncensored. However he had a change of heart after the site started getting popular, and removed some of the data to protect the innocent and “for my own legal protection.”
Mr. Haywood updated the site last night to include location and check-ins from Foursquare and Facebook’s check-in feature, along with street level photos of the coordinates. 
“Who wants to get fired?” is the heading over the column of public complaints about work and bosses. “Im getting so mad right now I hate my boss Jay I hope he dies better yet I feel like killin him if you in a bad mood don’t take it out on everyone at the job like wtf its way to hot to take your shit-_- #Piss off,” says one sample update.
We shudder to think what we’d see if he’d included photos. “Carrying a bucket round in my car cause im so hungover,” reads one update in the “Who’s hungover?” column.
The site was inspired by an Ignite London talk about oversharing on social media titled, “I know what you did five minutes ago.” Weknowwhatyouredoing.com has had 75,000 visitors and 100,000 pageviews in 24 hours, Mr. Haywood said on Twitter. Users who found their updates had been reposted can delete the update on Facebook or change their privacy settings to get rid of it.
So what is Mr. Haywood trying to teach us with all this? “Just make sure your Facebook privacy settings are sufficient, for example don’t publish status updates containing potentially risky material as ‘Public’ because then they have a good chance of showing up in the public Graph API. You don’t even need an access token to get this info, but the problem is not with Facebook themselves, when used correctly, their privacy controls are very good. The problem is how people simply don’t understand the risks of sharing everything,” the site says.
N.B.: Risks of sharing everything include “being reposted on meme sites about stupid social media updates.” But you should have known that.
