Submitted via IRC for SoyCow8317
Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.
Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.
TechCrunch is still awaiting a formal statement from Facebook beyond "We will look into this and get back to you."
Source: https://techcrunch.com/2018/04/18/login-with-facebook-data-hijacked-by-javascript-trackers/
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @03:37PM (3 children)
-ck.
It's URL is
http://www.facebook.com/tr?id=1234567890 [facebook.com]
Or whatever your developer I'd is.
You can't block Facebook's web bug without blocking Facebook's entire site
Were I to do that I would be unable to contact my cousins anymore
Perhaps privacy badger would nuke it
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Saturday April 21 2018, @04:59PM (2 children)
Is there a particular reason you're unable to use a separate browser, a separate user profile, incognito mode, containers, temporary unblocking only on main FB site, uMatrix, AdBlock, or dozens and dozens of other ways to block Facebook tracking but allow the site itself?
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @07:28PM (1 child)
A while back we were discussing security camera surveillance, web bugs, Google's redirection of every single hit so as to log which link you clicked and transit payment cards on Hacker News.
There is nothing that makes me more paranoid than to know I'm being tracked. So I really did implement much of what you suggest.
And the result was that my paranoia got even worse.
It is well-documented that just thinking about psychosis will make you psychotic [warplife.com].
My psychiatrist advised me of that before admitting me to a ten day "Harmful to yourself or others" involuntary inpatient hold. And I replied:
"I wrote an essay about that phenomenon in 2003"
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @07:29PM
http://www.warplife.com/mdc/books/schizoaffective-disorder/heebie-jeebies.html [warplife.com]
Yes I Have No Bananas. [gofundme.com]