Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11JavaScript takes user data via the 'Sign in with Facebook' feature
The JavaScript library of many advertising and analytics services is taking user data from websites that use the Facebook login permission feature.
Experts from Princeton University discovered that 434 out of 1 million pages are downloading third-party JavaScripts, able to retrieve data in this way. They also said that 434 pages did not know what was happening.
Data collection scenario No. 1
The team said the data collection took place in two ways. Case 1 is on pages that use the 'Sign in with Facebook' feature to authenticate users. When logged in, this feature sends a request to the Facebook server, returning Facebook account data to allow users to access the page.
Data collection process diagram of scenario 1
Third-party JavaScript code loaded on the page will interfere with this data and retrieve it. Although some pages collect user IDs, this ID can be transferred to Facebook ID and used to collect more information.
Data collection scenario No. 2
Scenario 2 is somewhat more complicated. If the page using 'Sign in with Facebook', a third party can embed iframe on other pages to trick the authenticated user's browser by logging into their Facebook. As in the previous case, the 3rd party monitoring script also interferes with and retrieves Facebook data.
Data collection process diagram of scenario 2
'Leaving Facebook data to a third party is not due to the error of' Sign in with Facebook 'but due to the lack of security boundaries between the 1st and 3rd party web scripts', researchers Princeton's rescue said.
'Facebook and other social networks can avoid this situation: censoring APIs to see which units access social network login data, where and how. Facebook may also disallow viewing user profiles and Facebook IDs by app-scope user ID. Maybe now should allow anonymous login (Anonymous Login) with Facebook when they have said so 4 years ago, 'the researchers said.
See more:
- Facebook provides a warning and allows users to edit application access to protect information
- Facebook was sued collectively because of biometric data collection, which could cost billions of dollars
- How to turn off Facebook Platform to stop sharing personal data
Kareem WintersYou should read it
- Why is your data worthwhile?
- Facebook was sued collectively because of biometric data collection, which could cost billions of dollars
- This is what Google and Facebook know about you, be prepared to not be shocked
- Facebook is officially under criminal investigation for allegedly illegally selling data
- It turns out Facebook has collected SMS and call information for Android users for years now
- Android collects user data even when the device is not used 50 times more than iOS
- Microsoft and Apple are the most trusted technology giants
- Should we worry about location access?
May be interested
- The new algorithm can prevent cyber-attacks on GPS devices
scientists have developed a new algorithm that can help detect and prevent cyberattacks on gps-enabled devices in real time. - Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computerthe research team from qihoo 360's security unit discovered a zero-day vulnerability (the term refers to unpublished or unresolved vulnerabilities) on internet explorer.
- Warning: new code of virtual money digging is available via Facebook Messengersecurity researchers from trend micro have discovered a new virtual money code that is attacking users via facebook messenger called facexworm.
- Hackers found a way to bypass Microsoft Office 365 Safe Linkssecurity researchers have just revealed how hackers overcome microsoft office 365's safe links security feature, used to protect users from malware and phishing attacks.
- WannaCry is a year old, EternalBlue is bigger than you thinktoday 12/5, commemorating the 1st anniversary of wannacry extortion's virulence broke out into a global 'pandemic'.
- Discover 2 new vulnerabilities on 2 popular email protocolsthis vulnerability affects two of the very popular email protocols, pgp and s / mime, although the degree of impact depends on the use of the client software's protocol. quite a lot of email client software is affected, including apple mail, mail application on ios and thunderbird.
Attack the network
Facebook users will not be able to avoid being tracked and collected for advertising purposes- Facebook is officially under criminal investigation for allegedly illegally selling data
- List of 52 Facebook companies sharing user data
- How to Turn on JavaScript
- The way Facebook collects user information even without an account
Facebook users will not be able to avoid being tracked and collected for advertising purposes
Facebook is officially under criminal investigation for allegedly illegally selling data
List of 52 Facebook companies sharing user data
How to Turn on JavaScript
The way Facebook collects user information even without an account