While direct access is blocked, some indirect methods might reveal limited content:

Most websites claiming to "unlock" private photos are phishing for your login info.

This method worked on some early social networks (e.g., MySpace) but has never worked on Facebook. Facebook’s private image URLs are dynamically generated, and the actual image content is not loaded into the DOM unless the requesting user has access. If a photo is private, the HTML contains a placeholder or no image tag at all.

It’s the only direct, intended way to gain access.

If a website looks like it was designed in 2005 and promises "Unlimited access to private profiles," it is a trap.

Many websites and "Facebook Profile Viewers" promise access to private photos. Users should exercise extreme caution: 5+ Ways to Keep Your Facebook Photos Private and Protected

through any official or legitimate tool. Facebook's privacy architecture ensures that if a user restricts their content, the server will not deliver that data to unauthorized users.