Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11JavaScript takes user data via the 'Sign in with Facebook' feature
The JavaScript library of many advertising and analytics services is taking user data from websites that use the Facebook login permission feature.
Experts from Princeton University discovered that 434 out of 1 million pages are downloading third-party JavaScripts, able to retrieve data in this way. They also said that 434 pages did not know what was happening.
Data collection scenario No. 1
The team said the data collection took place in two ways. Case 1 is on pages that use the 'Sign in with Facebook' feature to authenticate users. When logged in, this feature sends a request to the Facebook server, returning Facebook account data to allow users to access the page.
JavaScript takes user data via the 'Sign in with Facebook' feature Picture 1
Data collection process diagram of scenario 1
Third-party JavaScript code loaded on the page will interfere with this data and retrieve it. Although some pages collect user IDs, this ID can be transferred to Facebook ID and used to collect more information.
Data collection scenario No. 2
Scenario 2 is somewhat more complicated. If the page using 'Sign in with Facebook', a third party can embed iframe on other pages to trick the authenticated user's browser by logging into their Facebook. As in the previous case, the 3rd party monitoring script also interferes with and retrieves Facebook data.
JavaScript takes user data via the 'Sign in with Facebook' feature Picture 2
Data collection process diagram of scenario 2
'Leaving Facebook data to a third party is not due to the error of' Sign in with Facebook 'but due to the lack of security boundaries between the 1st and 3rd party web scripts', researchers Princeton's rescue said.
'Facebook and other social networks can avoid this situation: censoring APIs to see which units access social network login data, where and how. Facebook may also disallow viewing user profiles and Facebook IDs by app-scope user ID. Maybe now should allow anonymous login (Anonymous Login) with Facebook when they have said so 4 years ago, 'the researchers said.
See more:
- Facebook provides a warning and allows users to edit application access to protect information
- Facebook was sued collectively because of biometric data collection, which could cost billions of dollars
- How to turn off Facebook Platform to stop sharing personal data
Kareem WintersYou should read it
- What data has been collected from major technology companies from users?
- The way Facebook collects user information even without an account
- Why is your data worthwhile?
- Facebook was sued collectively because of biometric data collection, which could cost billions of dollars
- This is what Google and Facebook know about you, be prepared to not be shocked
- Facebook is officially under criminal investigation for allegedly illegally selling data
- It turns out Facebook has collected SMS and call information for Android users for years now
- Android collects user data even when the device is not used 50 times more than iOS
- Microsoft and Apple are the most trusted technology giants
- Should we worry about location access?
- List of 52 Facebook companies sharing user data
- Google Stadia - The name of the spy in the cover of the gaming service, maybe!
Maybe you are interested
How to Find Friends Nearby on Facebook for iPhone, Android
Group video call on Messenger, video call on Facebook Messenger
Facebook partner admits to eavesdropping on smartphone microphone conversations for advertising
Facebook Messaging Not Showing – Check Here!
How to easily change the look of YouTube, Facebook, etc.
Users can now cross-post from Instagram and Facebook to Threads
Attack the network
The new algorithm can prevent cyber-attacks on GPS devices- Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
- Warning: new code of virtual money digging is available via Facebook Messenger
- Hackers found a way to bypass Microsoft Office 365 Safe Links
- WannaCry is a year old, EternalBlue is bigger than you think
- Discover 2 new vulnerabilities on 2 popular email protocols
The new algorithm can prevent cyber-attacks on GPS devices
Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
Warning: new code of virtual money digging is available via Facebook Messenger
Hackers found a way to bypass Microsoft Office 365 Safe Links
WannaCry is a year old, EternalBlue is bigger than you think
Discover 2 new vulnerabilities on 2 popular email protocols