Facebook has a tool in settings page, it can bulk modify post privacy settings for old posts, the tool is called "Limit old posts".
However, the tool can only modify posts that are shared with "Public" or "Friends of friends". So my script attempts to solve this problem.
Warning: this is a super hacky proof of concept project that contains a lot of dirty and badly written code, but hey, it works for me.
Facebook Graph API does not offer a way to modify post privacy settings, so my script needs you to steal cookies from a logged in browser, and send resuests emulating the browser to modify post privacy settings.
- You need to have Python 2 on your computer, modern MacOS and many Linux distributions have it.
- Download the code from Github, unzip, open a terminal, navigate to the unzipped folder by typing
cd
, space, then drag the unzipped folder onto the terminal window. - You need to obtain a few parameters, open your browser and log in to facebook, navigate to the API Explorer, click "Obtain Token", then "Obtain User Access Token", check
user_posts
, click "Obtain Access Token", copy the text in the field "Access Token", it usually starts withEAACE....
, this is theTOKEN
parameter, save it somewhere. - Switch back to the browser, open your facebook profile page, open developer tools, switch to the "Network" tab, input
/privacy/selector/update/
into the filter field. - Open any of your facebook post, change its privacy settings to anything, and switch it back, a few entries should appear on in the "Network" tab.
- Click any entry starting with
?privacy_fbid
, a panel will open to the right, scroll down and find the "Request Headers" section, in the section find thecookie:
field, copy all the text, this is theCOOKIE
parameter, save it somewhere. - Scroll down further to the "Form Data" section, click "view source", copy all the text, this is the
BODY
parameter, save it somewhere. - Find your facebook ID, it should be a long number, this is the
USER_ID
parameter. - Open
process.py
using a text editor, fill in the parameters you have saved:TOKEN
,USER_ID
,BODY
,COOKIE
, always put your text within single quotes, for exampleUSER_ID='10000012345678'
- Edit the date numbers in which your posts' privacy settings will be edited, using the
SINCE
andUNTIL
parameter, for example:SINCE=calendar.timegm(date(2011,8,1).timetuple())
this would mean to modify all posts since 2011/8/1. - In the text editor, save
process.py
. - Switch to the terminal window that you opened in step 2, type in
python process.py
, hit enter, and the script will start to run, if you see something likeSetting 64123317123111234 result code=200
, the script is running successfully. (result code 200 mean success, otherwise failure). You can hit Ctrl+C to stop the script any time.
This script first uses Graph API to grab all post ID's from a specific timeframe, then emulate browser requests to each of them.
However, I found that the wacky Graph API /user_id/posts endpoint does not actually show all posts, so there needs to be another way to grab all post IDs.
TOKEN
: a valid Facebook OAuth client token that is authorized to read your own timeline, you can go to Facebook Graph API Explorer, click "Get Token", authorize it with user_posts
permission, and copy the token here.
privacy_setting
: target privacy setting you wish to set. You can use 286958161406148
for "Only me". To use other values, open your browser developer console's network tab, then change privacy setting to what you want (Friends, Public, Custom list, etc) for an arbitrary post, monitor the dev console for xhr POST request to /privacy/selector/update/
, inside the request HTTP query strings, post_param
is the id for that privacy setting. Set this privacy_setting
to the privacy setting id you want to use.
BODY
: also from the request intercepted above, copy the request body here. It usually starts with __user=....
.
COOKIE
: steal cookies also from that intercepted request, you can find it in cookie
request header.
One way to grab all post IDs is:
-
Open your profile page on a browser
-
Find something small and heavy to keep your
End
key (Fn+Down
for Mac) pressed down -
Go to lunch
-
In the browser, save the page
-
Use the following command to get all post IDs that is on the saved HTML page:
egrep -oh 'top_level_post_id":"(\d+)"' Your_page.html | cut -c 31-45
-
Save post IDs to a file
post_ids
Then, process_from_ids.py
can read post IDs from that file and modify privacy settings for them.
Note: maybe later I can use Casperjs to grab the post IDs, maybe even get cookie by emulating login on Casperjs
AGPLv3