Logging in with Facebook may let Javascript trackers steal personal data

javascript trackers steal facebook data facebookprivacy01

Using Facebook to login to certain websites may open you up to data theft attacks if those sites also employ particular Javascript trackers. Although the vast majority of sites that were found to contain the malicious trackers are relatively small operations, there are also quite a few that enjoy millions of regular visitors. Some of them are even in the top few hundred sites in the world for overall traffic.

This news first came to light as part of a report from the Princeton’s Center for Information Technology Policy website, Freedom to Tinker. It highlighted that the vulnerability allowed third parties to piggyback the Facebook login process to scrape usernames, email addresses, age ranges, genders, relative locations, and possibly even profile photos, as per Engadget.

In total the report cited seven different scripts that were collecting user data using the Facebook access system. Those scripts were found in 434 of the top one million websites as ranked by Alexa. Some sites have responded to the news by disabling and removing the offending scripts, though many others are still susceptible to this particular exploit.

“Scraping Facebook user data is in direct violation of our policies,” a Facebook spokesperson said in a statement to Engadget. “While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.”

The report does suggest, however, that although Facebook could take steps to prevent this exploit from being viable — such as the previously announced anonymous login feature — that this problem was more of an indication of security problems in modern web standards, than Facebook’s own fault.

Although the report authors admit that they don’t know how the scraped data is being used, this comes at a very poor time for Facebook. It is already embroiled in a scandal surrounding the harvesting of user data by companies like Cambridge Analytica, which purportedly used it for politically targeted adverts during a number of electoral campaigns over the past few years. Mark Zuckerberg even had to testify to Congress over the matter.

With the impending implementation of the GDPR, reports like this do little to curb fears of Facebook security and handling of personal data.

Smart Home

Booth babes, banned sex toys, and other mishaps at CES 2019

From female sex toys bans, to fake Tesla/robot collision stories, there was some weird stuff going on at CES 2019 this year. Here are some of the biggest mishaps and flubs at the world's biggest tech show.
Social Media

Nearly a million Facebook users followed these fake Russian accounts

Facebook purged two separate groups behind more than 500 fake accounts with Russian ties. One group had ties to Russian news agency Sputnik, while the other had behavior similar to the Internet Research Agency's midterm actions.

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Social Media

Nearly 75 percent of U.S. users don’t realize Facebook tracks their interests

Did you know Facebook tracks your interests, including political and multicultural affiliations? According to a recent Pew study, 74 percent of adult users in the U.S. have no idea Facebook keeps a running list of your interests.

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.

Cathay Pacific messes up first-class ticket prices — again

A couple of weeks ago, an error on Cathay Pacific's website resulted in first-class seats selling for a tenth of the price. On Sunday, January 13, the airline made the error again. The good news is that it'll honor the bookings.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.