Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
email2face
Email2Face
Email2Face is a simple library for getting the person's face behind an email address. At Lockitron, we wanted faces next to names. It's a lot easier to remember who someone is when you can see their face. But, that's difficult to implement when all you have is an email address and a name.
After thinking about it for a few days, we came up with a good solution. Facebook has lots of faces, so why not use that? But, Facebook does not have an API for searching for profile pictures by email. So, we made one.
Dependencies
It needs a Facebook account to work. I do not recommend using your own Facebook because I'm not sure if this plays well with Facebook's TOS. So, make a fake Facebook for it. I've included a default one, but it'll probably be banned by the time you get to it.
Before jumping in
You need to have Xvfb and QTWebkit installed in order to use this.
Install it on Mac OS X:
$ brew install qt
Then, download and install XQuartz.
Install it on Arch Linux:
$ sudo pacman -S xorg-server-xvfb qtwebkit
Install it on Ubuntu:
$ sudo apt-get install xvfb libqtwebkit4 libqtwebkit4-dev
Using it
Start off by installing the gem:
gem install 'email2face'
Then, we just give Email2Face the email we want a face for:
require 'email2face'
Email2Face.face("jarred.sumner@facebook.com")
It should return something like:
http://graph.facebook.com/jarred.sumner/picture
However, if you get something like this:
"I couldn't find a face for that email :(. It's also possible that Facebook has asked for a security check on that account, which means that you should sign in and perform the security check."
That might mean that Facebook is redirecting all requests to their checkpoint. If it's an account you made, sign in and perform the security check. Otherwise, change it to an account that you know works.
Changing the Facebook Account
It's unlikely the included Facebook account will work for long. So, you may need to make a fake Facebook for it. Do not use your own because it's possible that Facebook may ban it.
With Ruby on Rails:
1.Create a new file in config/initializers called facebook.rb
2.Open that file in a text editor, and drop in the following:
Email2Face.username = "MY_FAKE_FACEBOOK_USERNAME"
Email2Face.password = "MY_FAKE_FACEBOOK_PASSWORD"
You'll need to restart your application server for it to have any affect.
Without Ruby on Rails:
The code above wasn't specific to Ruby on Rails. Just set Email2Face.username and Email2Face.password to what you want.
FAQs
Unknown package
We found that email2face demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 May 2012
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025