Submitted via IRC for SoyCow8317
Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.
Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.
TechCrunch is still awaiting a formal statement from Facebook beyond "We will look into this and get back to you."
Source: https://techcrunch.com/2018/04/18/login-with-facebook-data-hijacked-by-javascript-trackers/
(Score: 0) by Anonymous Coward on Saturday April 21 2018, @01:09AM
Don't you worry. If they could grab this data there's no way they could get your login credentials. Trust them to tell you every time they do you wrong ;-)
(Score: 5, Insightful) by Runaway1956 on Saturday April 21 2018, @01:54AM (11 children)
Those people who are comfortable with Facebook tracking them all over the web won't care at all. We outliers don't log in with Facebook, if we even have a Facebook account. The sheep won't notice, won't care, and life will go on.
(Score: 2) by takyon on Saturday April 21 2018, @02:11AM (8 children)
It's amusing to see stories like: Delete Facebook? It's a lot more complicated than that [usatoday.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Insightful) by Runaway1956 on Saturday April 21 2018, @02:27AM (6 children)
I think we should blame authors. They aren't writing enough dystopian novels. Where is Orwell when you need him? I mean, people just don't seem to understand how bad things CAN GET. To date, we've only seen the tip of the iceberg. If we don't apply the brakes, if things continue entirely at the will of government and corporations, there will be ZERO freaking privacy.
You leave the house (apartment), get in the car (bus) and head off for work. A cop stops you, to inform you that you failed to lock the door, or to set your burglar alarm, or whatever. So, now you have to turn around, go back home, and make things right. And, probably pay a fine for having imposed upon the police department with your negligence.
Maybe a new mother, giving baby a bath - and she does it "wrong". There's a knock at the door (unless the police have mandated that cops have automatic passes at all residential front doors) and some busybody cop barges in to "teach" Mama how to properly bathe baby. And, yes, there is every possibility that Mother will be fined - cops gotta have revenues to fund these interventions!
Privacy. Protect it or lose it - and we're doing precious little to protect it.
(Score: 4, Interesting) by takyon on Saturday April 21 2018, @02:54AM (2 children)
Black Mirror [wikipedia.org] has been doing a pretty good job of illustrating the dangers of the social media future.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by canopic jug on Sunday April 22 2018, @01:11PM (1 child)
Black Mirror [wikipedia.org] has been doing a pretty good job of illustrating the dangers of the social media future.
Dangers or attractive template? Monkey see, monkey do.
Money is not free speech. Elections should not be auctions.
(Score: 2) by takyon on Sunday April 22 2018, @01:27PM
It depends. Many people today love to engage with Facebook, Instagram, Kardashians, mobile payments, doxing, blah blah blah.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday April 21 2018, @04:48AM
A few too many details for this to be a hypothetical scenario. Say it ain't so, Runaway! You were busted for improper infant bathing techniques? Oh, the same and humiliation, that must live on forever, after even being charged, let alone convicted, of such a dastardly act! !
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @03:43PM
In Newfoundland it's unlawful to leave your car unlocked
Where my ex is from there's not much to do but joyriding
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by el_oscuro on Sunday April 22 2018, @02:22AM
You might want to read The Robespierre Conspiracy. [amazon.com]
SoylentNews is Bacon! [nueskes.com]
(Score: 2) by FatPhil on Saturday April 21 2018, @08:05AM
These are not professions. These people contribute nothing to the greater society as a whole, they only contribute to their own little bubble. Of course they don't want to see their own little bubble to pop, but in reality they are as obsolete as black-face minstrels.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Funny) by aristarchus on Saturday April 21 2018, @04:44AM (1 child)
I opened an Facebook account for you, Runaway. Sorry, but they insisted on a real phone number, and your real name, and so forth. So you are a victim, now, despite your best efforts. No need to thank me. Your password is "Runaway12345", in case you want to log in to be javascript hacked.
(Score: 0) by Anonymous Coward on Saturday April 21 2018, @07:47PM
do they really require a phone number now?
i wouldnt install signal because, to chat on my desktop, i required to give them my phone number and contact list, because they said, to find if other contacts in my list already have it, so I can be idenfitied about who is trying to keep private.
fuck that? so i didn't install it, because I remember back when I actually had to... deliberately tell chat programs who I wanted to chat with, not let the server slurp that data as part of how I can rat out my friends and family and stuff.
it doesnt matter to me if they are so encrypted it takes 3 deses to unlock the sucker; they are taking copies of data that I on principle do not want them to have. I don't want to have to ask everyone on my contact list hey is it OK if I give your details to a company known for hiding the texts of bad people if we were to believe the government propaganda? No? shit now I can't use it
no one asked me if it was OK for some app to download my info from their contact list.
so fuck facebook for requiring the phone number. i dont want them to have it but I imagine they already do. just confirming it for them would feel dirty
(Score: 1, Troll) by realDonaldTrump on Saturday April 21 2018, @03:00AM
I always have people say, "could you do 'The Snake?'" And I say, well, people have heard it. Let's do it anyway. I'll do it, all right? Now, this was a rock & roll song -- little amendments -- a rock-and-roll song. But every time I do it, people -- and you have to think of this in terms of cyber. We have to have great cyber -- I want modern cyber, I want Internet, for our Country. The digital. And I want cyber that is going to help us. And I don't want cyber that is going to be accepting all of the gifts of our Country for the next 50 years and contribute nothing. I don't want that, and you don't want that.
So this is called "The Snake." And think of it in terms of cyber. And you may love it, or you may say, "isn't that terrible." OK? And if you say, "isn't that terrible," who cares? Because the way they treat me -- that's peanuts compared to the way they treat me. OK? Cyber.
On her way to work one morning, down the path along the lake, a tenderhearted woman saw a poor, half-hearted, frozen snake. His pretty colored skin had been all frosted with the dew. "Poor thing," she cried, "I'll take you in, and I'll take care of you."
"Take me in, oh, tender woman. Take me in, for Heaven's sake. Take me in, oh, tender woman," sighed the vicious snake.
She wrapped him up all cozy in a comforter of silk, and laid him by her fireside with some honey and some milk. She hurried home from work that night, and soon as she arrived, she found that pretty snake she'd taken in had been revived.
"Take me in, oh, tender woman. Take me in for Heaven's sake. Take me in, oh, tender woman," sighed the vicious snake.
She clutched him to her bosom, "You're so beautiful," she cried. "But if I hadn"t brought you in by now, surely you would have died."
She stroked his pretty skin again, and kissed and held him tight. But instead of saying "thank you," that snake gave her a vicious bite.
"I saved you," cried the woman. "And you've bitten me. Heavens, why? You know your bite is poisonous, and now I'm going to die!"
"Oh, shut up, silly woman," said the reptile with a grin. "You knew damn well I was a snake before you took me in."
And that's what we're doing with our cyber, folks. And it's going to be a lot of trouble. It's only getting worse. But we're giving you protection like never before. Our law enforcement is doing a better job than we've ever done before. FOSTA, or SESTA. And we love our Country. And we're going to take care of our Country. OK? We're going to take care of our Country. MAGA!
(Score: 2) by captain normal on Saturday April 21 2018, @03:24AM
Use either and you are p0wned. Use both FB Login and JS...?
When life isn't going right, go left.
(Score: 2) by Spamalope on Saturday April 21 2018, @07:27AM (3 children)
Isn't unauthorized access of a computing device illegal?
Is there some special way that the people behind the amplified ad network aren't criminals along with the Bandsintown website for enabling them? (I guess conspiring them in breathless prosecutor speak)
Also, time to make a FB persona that loves 'interesting' things to be logged in to on the browser advertisers would see. You know, there should be a discord group for sharing those so they can all friend each other and look more legit. I wonder what would be the best bait for advertisement bottom feeders? A profile that brags about buying timeshares and is looking for a mesothelioma lawyer? Maybe with personal phone numbers of FTC officials on the profile just in case they take the bait? Hmm...
(Score: 2) by FatPhil on Saturday April 21 2018, @08:07AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by crafoo on Saturday April 21 2018, @09:33AM
Exactly. Typing in the URL to a publicly available AT&T server is HACKING and has been fully punished under the law.
Invading every corner of your personal life and selling it out to every business that asks is business as usual. Carelessly leaking the credit history data of every single adult person in the United States is an "unfortunate incident". Rest assured they were given a stern talking-to, citizen. Carry on.
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @03:39PM
I bought a can of Room Shocker for a friend who values his privacy
I was seeing room shocker ads for weeks
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @03:37PM (3 children)
-ck.
It's URL is
http://www.facebook.com/tr?id=1234567890 [facebook.com]
Or whatever your developer I'd is.
You can't block Facebook's web bug without blocking Facebook's entire site
Were I to do that I would be unable to contact my cousins anymore
Perhaps privacy badger would nuke it
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Saturday April 21 2018, @04:59PM (2 children)
Is there a particular reason you're unable to use a separate browser, a separate user profile, incognito mode, containers, temporary unblocking only on main FB site, uMatrix, AdBlock, or dozens and dozens of other ways to block Facebook tracking but allow the site itself?
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @07:28PM (1 child)
A while back we were discussing security camera surveillance, web bugs, Google's redirection of every single hit so as to log which link you clicked and transit payment cards on Hacker News.
There is nothing that makes me more paranoid than to know I'm being tracked. So I really did implement much of what you suggest.
And the result was that my paranoia got even worse.
It is well-documented that just thinking about psychosis will make you psychotic [warplife.com].
My psychiatrist advised me of that before admitting me to a ten day "Harmful to yourself or others" involuntary inpatient hold. And I replied:
"I wrote an essay about that phenomenon in 2003"
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @07:29PM
http://www.warplife.com/mdc/books/schizoaffective-disorder/heebie-jeebies.html [warplife.com]
Yes I Have No Bananas. [gofundme.com]