Uncheck the "Public Search Results" box in your Search settings. It's pulling from info you make public by checking the box.
That said, that box DOES NOT imply it's making your entire friends list public. It seems to say that only what's on the preview page is visible, but that's entirely wrong.
So, you're authenticating yourself, and searching other non-publicly-searchable people's ID? Or you're authenticating, searching your own, and seeing people who don't list themselves as public? Or, you're seeing people who aren't public, but in your friends list, and you're publicly searchable?
If it's the first, then that's definitely a problem, as anyone can be a FB user. In that case, care to post the command somewhere? This should be made known, as it's definitely a privacy concern, and FB tends to do nothing unless threatened.
Ouch, it is the first option; if logged into facebook it seems you can see any old friends list (including ones you can't normally see). The "command" is just to go to the URL in the shell command in your authenticated browser (or to faff about with cookies if you want to use lynx/wget/curl).
FB also removed the option to completely opt out of their application API at the same time they messed this up. Not impressed.
That does it, I'm off FB for good. Not for any real feelings of invasions of my privacy, it's just because they're careless and/or practically malicious.
I believe this has to do with the privacy changes last month, which made it so that Friends Lists can no longer be hidden.
After an initial backlash, Facebook made it relatively easy to remove your friends list from public search results, but it sounds like it isn't actually blocking access to them — they're just harder to find.
"In response to your feedback, we've improved the Friend List visibility option described below. Now when you uncheck the "Show my friends on my profile" option in the Friends box on your profile, your Friend List won't appear on your profile regardless of whether people are viewing it while logged into Facebook or logged out. This information is still publicly available, however, and can be accessed by applications. "
This is really dishonest of Facebook. Most people will have a reasonable (but incorrect) expectation that if a user can't see a friend list on their profile page then Facebook will stop that user from accessing that information. Why else would Facebook provide a tool that lets you see how your profile appears to other people?
Facebook should properly authenticate access to the URL given in the post, and reenable blocking all applications. That is, actually respect people's privacy, not just patch things up to superficially look like it.
Don't know about building, but having a list of someone's friends must provide some excellent ammunition for fraud. Eg. you could do the Spanish Prisoner scam using peoples' friends' names. Most attempts would fail of course, but you'd be doing it in bulk over the web, from a safe distance.
You know that saying "everyone knows everybody over 6 other people", maybe something about that. Or: who of your friend's friend's friend's has the same hobby / whatever.
Uncheck the "Public Search Results" box in your Search settings. It's pulling from info you make public by checking the box.
That said, that box DOES NOT imply it's making your entire friends list public. It seems to say that only what's on the preview page is visible, but that's entirely wrong.