JavaScript takes user data via the 'Sign in with Facebook' feature
The JavaScript library of many advertising and analytics services is taking user data from websites that use the Facebook login permission feature.
Experts from Princeton University discovered that 434 out of 1 million pages are downloading third-party JavaScripts, able to retrieve data in this way. They also said that 434 pages did not know what was happening.
Data collection scenario No. 1
The team said the data collection took place in two ways. Case 1 is on pages that use the 'Sign in with Facebook' feature to authenticate users. When logged in, this feature sends a request to the Facebook server, returning Facebook account data to allow users to access the page.
Data collection process diagram of scenario 1
Third-party JavaScript code loaded on the page will interfere with this data and retrieve it. Although some pages collect user IDs, this ID can be transferred to Facebook ID and used to collect more information.
Data collection scenario No. 2
Scenario 2 is somewhat more complicated. If the page using 'Sign in with Facebook', a third party can embed iframe on other pages to trick the authenticated user's browser by logging into their Facebook. As in the previous case, the 3rd party monitoring script also interferes with and retrieves Facebook data.
Data collection process diagram of scenario 2
'Leaving Facebook data to a third party is not due to the error of' Sign in with Facebook 'but due to the lack of security boundaries between the 1st and 3rd party web scripts', researchers Princeton's rescue said.
'Facebook and other social networks can avoid this situation: censoring APIs to see which units access social network login data, where and how. Facebook may also disallow viewing user profiles and Facebook IDs by app-scope user ID. Maybe now should allow anonymous login (Anonymous Login) with Facebook when they have said so 4 years ago, 'the researchers said.
See more:
- Facebook provides a warning and allows users to edit application access to protect information
- Facebook was sued collectively because of biometric data collection, which could cost billions of dollars
- How to turn off Facebook Platform to stop sharing personal data
You should read it
- Why is your data worthwhile?
- Facebook was sued collectively because of biometric data collection, which could cost billions of dollars
- This is what Google and Facebook know about you, be prepared to not be shocked
- Facebook is officially under criminal investigation for allegedly illegally selling data
- It turns out Facebook has collected SMS and call information for Android users for years now
- Android collects user data even when the device is not used 50 times more than iOS
- Microsoft and Apple are the most trusted technology giants
- Should we worry about location access?
May be interested
- Syntax of JavaScriptjavascript can be implemented using javascript commands that are placed in html tags ... in a web page.
- It turns out Facebook has collected SMS and call information for Android users for years nowbefore permanently deleting your facebook account, many people downloaded all of their personal data on facebook and were surprised to discover that this social network is collecting data about the list and sms from the devices. has been android for many years.
- ! = and! == What is the difference in JavaScript?javascript includes operators like in other languages. an operator performs some operations on one or more operands (data values) and produces a result. today's article will help readers learn about 2! = and! == operators in javascript.
- Instructions to turn off AutoPlay Video feature on Facebookautomating the launch of facebook videos will consume network connection data, while increasing user network service fees. many facebook users have complained about this feature and you want to turn it off.
- What data has been collected from major technology companies from users?have you ever wondered, what kind of data are collected by big technology companies?
- Facebook collects data from everyone, even if you are not logged in or not using Facebookon the second day of the us congress hearing, mark zuckerberg revealed some information about their gathering of users' data even when they were not using facebook.
- How to backup Facebook data to your computerthe new download for facebook data backup feature is updated, in more detail, selecting the format when downloading.
- Virtual social network - new hacker 'gold mine'facebook is not only popular with users and marketers. currently, hackers are looking for vulnerabilities in javascript computer programming languages
- Nearly 700,000 people become experimental objects for Facebookfacebook takes advantage of the statuses, updates the new feeds of 689,000 users to find a way to 'manipulate' user emotions.
- What is JavaScript? Can the Internet exist without JavaScript?not everyone knows what javascript is and how it works. the long and fascinating development history of javascript as well as what we can do with javascript is still unknown.