Search
  • Home
  • Technology
    Random
    • Chinese University develops Police cars with face-scanning technology

      Raj
      March 25, 2016
      Technology
    Recent
    • Northern Trust’s Data-Driven Transformation: Integrating the Human and Technology Dimensions

      Loknath Das
      April 30, 2019
    • Classroom Technology Is Indoctrinating Students Into A Culture Of Surveillance

      Loknath Das
      January 30, 2019
    • Huawei unveils new AI speaker for Chinese market

      Loknath Das
      October 28, 2018
    • Smartphones May Soon Make Your Commute Less Stressful: Study

      Loknath Das
      October 15, 2018
    • Chrome OS Linux Apps Support Spotted in Beta

      Loknath Das
      June 25, 2018
    • Microsoft acquires Forerunner Software’s report-rendering technology

      Loknath Das
      April 3, 2018
  • Computer
    Random
    • Computer science education still not in many Wyoming classrooms — nearly 18 months after bill signed

      Loknath Das
      November 15, 2019
      Computer
    Recent
    • BUILDING A FAUX RETRO PORTABLE COMPUTER

      Loknath Das
      December 2, 2019
    • article placeholder

      Computer firm HP rejects takeover approach by Xerox

      Loknath Das
      November 18, 2019
    • 3D PRINT YOUR VERY OWN MECHANICAL COMPUTER

      Loknath Das
      November 11, 2019
    • Stalkerware can access your computer easily

      Loknath Das
      October 14, 2019
    • 3 signs you need a computer repair service

      Loknath Das
      August 27, 2019
    • article placeholder

      Facebook is inching closer to a think-to-type computer system

      Loknath Das
      August 3, 2019
  • Softwares
    Random
    • Software-based system improves the ability to determine the cause of ischemic stroke

      Loknath Das
      May 6, 2017
      Softwares
    Recent
    • Cancer Registry Software Market 2019 Strong Development By 2027 with Major Eminent Players Ordinal Data, Conduent, IBM, Himagine solutions

      Loknath Das
      July 27, 2019
    • 5 Tips for Choosing Cryptocurrency Mining Software

      Loknath Das
      May 28, 2019
    • Aviation Software Market to Witness Heightened Revenue Growth During the Forecast Period 2026

      Loknath Das
      May 11, 2019
    • Live Video Streaming Software Market to Witness Huge Growth by 2025 | Haivision, IBM, Microsoft, Kaltura

      Loknath Das
      May 10, 2019
    • Constellation Software’s growth engine is slowing, National Bank Financial says

      Loknath Das
      May 6, 2019
    • Ballista is High Voltage Software’s first game for Oculus Quest

      Loknath Das
      May 3, 2019
  • Gadgets
    Random
    • HTC CFO promises "compelling" camera experience in future products

      Raj
      February 28, 2016
      Gadgets
    Recent
    • Gadgets you should have before kicking off your holidays

      Loknath Das
      November 13, 2019
    • Increase your business efficiency with these 6 cool office gadgets

      Loknath Das
      August 20, 2019
    • Gadgets can be hacked to produce ‘dangerous’ sounds, says researcher

      Loknath Das
      August 13, 2019
    • The Sony Walkman Turns 40: Gadget That Changed The Way We Enjoy Music

      Loknath Das
      July 22, 2019
    • GADGET COUNTS CANCER CELLS TO SEE IF CHEMO IS WORKING

      Loknath Das
      July 17, 2019
    • Gadgets Advance to the Head of the Class This Back-to-School Shopping Season

      Loknath Das
      July 15, 2019
  • Games
    Random
    • Gears of War Creator: "I Hope Microsoft Doesn't Screw It Up"

      Raj
      April 26, 2016
      Games
    Recent
    • Mario Kart Tour was the most downloaded iPhone game of 2019

      Loknath Das
      December 4, 2019
    • article placeholder

      Prevent Your Mac from Making Plain-Text Copies of Your Encrypted Emails

      Loknath Das
      November 12, 2019
    • Gamers are the worst thing about video games – Reader’s Feature

      Loknath Das
      November 10, 2019
    • NBA TV goes over-the-top to offer live games and original programming to cord cutters

      Loknath Das
      November 6, 2019
    • 5 PS4 Black Friday games deals to look out for

      Loknath Das
      October 21, 2019
    • Apple Arcade Release Date And Game List: All The Games Coming To Apple’s New Service At Launch

      Loknath Das
      September 20, 2019
  • Internet
    Random
    • Asus Blue Cave Router Launched at Computex 2017

      Loknath Das
      May 29, 2017
      Internet
    Recent
    • Suspected Internet Cable Spy Ship Operating In Americas For Over A Month

      Loknath Das
      December 3, 2019
    • Why Tim Berners-Lee didn’t invent the internet

      Loknath Das
      November 30, 2019
    • Iran letter raises prospect of ‘white list’ internet clampdown

      Loknath Das
      November 27, 2019
    • Iran kills the internet for its people’s own good as riots grip the Middle Eastern nation

      Loknath Das
      November 19, 2019
    • Now, Kerala aims for internet in every household

      Loknath Das
      November 8, 2019
    • Heads up from Internet of S*!# land: Best Buy’s Insignia ‘smart’ home gear will become very dumb this Wednesday

      Loknath Das
      November 5, 2019
  • Mobiles
    Random
    • Score an unlocked LG V20 for just $354.99 after checkout code

      Loknath Das
      June 24, 2017
      Mobiles
    Recent
    • The new mAadhaar app: A mobile identity while using multiple services

      Loknath Das
      November 29, 2019
    • Redmi 64-Megapixel Camera Tech Showcase Expected at Xiaomi’s Image-Centric Event on August 7

      Loknath Das
      August 6, 2019
    • Mobiles are no longer first port of call for etail numbers

      Loknath Das
      June 2, 2019
    • Redmi K20 Pro Price, New Image Leak; Powerful Loudspeaker Teased Ahead of May 28 Launch

      Loknath Das
      May 26, 2019
    • Flipkart Big Shopping Days Sale: The Best Offers on Mobile Phones

      Loknath Das
      May 17, 2019
    • MP Board Results 2019 Out: 3 Simple Steps To Check Using Mobiles

      Loknath Das
      May 15, 2019
  • Social Media
    Random
    • Facebook CEO Mark Zuckerberg Addresses Harvard Class of 2017: Full Commencement Speech

      Loknath Das
      May 30, 2017
      Social Media
    Recent
    • How SparkNotes’ social media accounts mastered the art of meme-ing literature

      Loknath Das
      May 5, 2019
    • Six offensive posts on social media in trash bin

      Loknath Das
      April 8, 2019
    • Christchurch shooting: Australia PM calls for social media crackdown

      Loknath Das
      March 19, 2019
    • Social media creates a spectacle society that makes it easier for terrorists to achieve notoriety

      Loknath Das
      March 18, 2019
    • How social media ‘shifted’ India’s focus to Abhinandan’s release

      Loknath Das
      March 3, 2019
    • Can social media heal society’s divisions and reconnect people?

      Loknath Das
      February 26, 2019
  • Latest News
    Random
    • EU extends Russia sanctions over Ukraine

      Raj
      December 16, 2016
      Latest News
    Recent
    • article placeholder

      How Confidential Data Destruction Benefits Your Business

      admin
      June 15, 2019
    • article placeholder

      3 Ways Technology Manufacturers can Prevent eWaste

      admin
      June 7, 2019
    • Sonam Kapoor’s latest post will remind you of Shah Rukh Khan and Anushka Sharma from Rab Ne Bana Di Jodi

      Loknath Das
      February 9, 2019
    • The Latest: White House reaches out to Kentucky students

      Loknath Das
      January 23, 2019
    • The Latest: Tsitsipas is getting help from Serena’s coach

      Loknath Das
      January 22, 2019
    • Nokia 8.1 sales begin in India today online and offline: price, specifications, and more

      Loknath Das
      December 24, 2018
  • Contact Us !
Breaking
  • Mario Kart Tour was the most downloaded iPhone game of 2019
  • Suspected Internet Cable Spy Ship Operating In Americas For Over A Month
  • BUILDING A FAUX RETRO PORTABLE COMPUTER
  • Why Tim Berners-Lee didn't invent the internet
  • The new mAadhaar app: A mobile identity while using multiple services
  • Iran letter raises prospect of 'white list' internet clampdown
Home
Social Media

Facebook Login System Being Abused by Third-Party Trackers to Exfiltrate User Data: Report

Loknath Das
April 19, 2018
Social Media

Facebook Login System Being Abused by Third-Party Trackers to Exfiltrate User Data: Report

HIGHLIGHTS

  • Trackers are exfiltrating users’ name, email address, age range, etc.
  • Lack of security boundaries between first and third-party scripts: Report
  • Investigating the security research report: Facebook

Several third-party trackers are abusing the Facebook Login system, exfiltrating users’ data including name, email address, age range, gender, locale and profile photo, a new security research report has claimed.

The unintended exposure of Facebook data to third-party JavaScript trackers is not owing to a bug in the Login With Facebook system. “Rather, it is due to the lack of security boundaries between the first-party and third-party scripts in today’s Web,” said the report prepared by Steven Englehardt, Gunes Acar and Arvind Narayanan, researchers at Freedom to Tinker – a digital initiative by Princeton University’s Center for Information Technology Policy.

third party exfiltration freedom to tinker Third Party Identification

Photo Credit: Freedom to Tinker/ CITP

 

“We report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “Login with Facebook” and other such social login APIs,” the trio wrote.

Meanwhile, Facebook told TechCrunch that it is investigating the security research report.

The researchers found two types of vulnerabilities: Seven third parties abusing websites’ access to Facebook user data and one third party using its own Facebook “application” to track users around the Web.

British political consultancy firm Cambridge Analytica was found misusing users’ data collected by a Facebook quiz app which used the “Login with Facebook” feature.

“We’ve uncovered an additional risk: when a user grants a website access to their social media profile, they are not only trusting that website but also third parties embedded on that site,” the report noted.

The researchers found seven scripts collecting Facebook user data using the first party’s Facebook access. These are OnAudience, Augur, Lytics, ntvk1.ru, ProPS, Tealium, and Forter. Of these, OnAudience was said to have stopped collecting data after an earlier report by the researchers.

facebook login no boundaries citp Facebook Login

Photo Credit: Freedom to Tinker/ CITP

 

“These scripts are embedded on a total of 434 of the top 1 million sites, including fiverr.com, bhphotovideo.com, and mongodb.com,” they wrote.

Update: 19 April 2018 8:30pm IST. The researchers have posted the following clarification:

We confirmed that the Forter scripts embedded on fiverr.com and bhphotovideo.com do NOT include functionality to access Facebook data. On mongodb.com we only observed the presence of an Augur script. We have published an updated list of sites, marking the ones where we have confirmed the presence of functionality to access Facebook data.

 

The user ID collected through the Facebook API is specific to the website (or the “application” in Facebook’s terminology), which would limit the potential for cross-site tracking.

“But these app-scoped user IDs can be used to retrieve the global Facebook ID, user’s profile photo, and other public profile information, which can be used to identify and track users across websites and devices,” the researchers warned.

third party identification freedom to tinker full Facebook third party Authentication

Photo Credit: Freedom to Tinker/ CITP

 

“While we can’t say how these trackers use the information they collect, we can examine their marketing material to understand how it may be used,” they noted.

OnAudience, Tealium AudienceStream, Lytics, and ProPS all offer some form of “customer data platform”, which collect data to help publishers to better monetise their users.

Forter offers “identity-based fraud prevention” for e-commerce sites while Augur offers cross-device tracking and consumer recognition services.

Hidden third-party trackers can also use “Facebook Login to de-anonymise users for targeted advertising”.

“This is a privacy violation, as it is unexpected and users are unaware of it,” the researchers said.

There are steps Facebook and other social login providers can still take to prevent abuse.

“API use can be audited to review how, where, and which parties are accessing social login data. Facebook could also disallow the lookup of profile picture and global Facebook IDs by app-scoped user IDs,” the report emphasised.

“It might also be the right time to make Anonymous Login with Facebook available following its announcement four years ago,” the researchers added.

[“Source-gadgets.ndtv”]

AbusedbeingbydataExfiltrateFacebookloginreportsystemThird-PartytoTrackersUser

Share On:
Tweet
Despite Facebook Data Privacy Scandal, Tech Dream Still Alive at Tech Gathering
Facebook CEO Zuckerberg, EU Official Discuss Privacy Protection

About The Author

Loknath Das

Related Posts

  • Spooked by Bangladesh Heist, Asian Security Summit Works on Cyber-Security

    Raj
    June 6, 2016
  • Nokia to Have a Major Showing at MWC 2018, HMD Global Teases

    Loknath Das
    January 19, 2018
2nd Contact US Click Here