If you’re a security researcher, accessing private Facebook data without authorization is still illegal unless you’re working under Facebook’s official and have explicit permission via a test account you own. Never test on real user accounts.