On May 11th it was reported that a flaw had been discovered in Facebook’s Instant Personalization service that made it possible for a third-party to capture a sizable amount of data about you without you ever even knowing it.
For those of you unfamiliar with the Facebook personalization tool, it allows sites to set cookies in your browser so that any time you visit the site again you will see which of your friends have been to the site and see what some of their activity was on that site. So far it has only been implemented on a handful of sites, but it has raised a firestorm of controversy over how much data a social network should share with others.
According to TechCrunch, George Deglin, a Web security expert, decided to play around with it on the Yelp site, to see if he could find any holes in it. Using “Cross Site Scripting”, he was able to inject malicious code in to the site that would allow a Facebook user’s name, e-mail address, friends list, groups and other data to be delivered to a third site for harvesting. Mr. Deglin did report the bug to both Yelp and Facebook which took down the code for a few hours to patch the error before returning it to service.
The problem here is that this cross pollination of services layering on top of one another just leaves to many possibilities for determined hackers to garner information. This particular issue required no action on the user’s part for it to work, and luckily it was discovered by someone with altruistic motives as opposed to someone actually trying to harvest personal info. Of course, there is always a chance it had been discovered by someone else before Mr. Delgin that simply didn’t report because they did want to harvest the information, but there is no way to know that right now.
Of all the issues raised by Facebook’s seeming attack on our privacy in which they feel their 450 million plus users should just share everything, I would have to say this one bothers me the most. If I want someone to know about a news story I read on a site, I’ll hit the “Share” button and tell them myself, but to think I just want all of my Facebook friends to automatically know about what I read and did on a site is act of unbelievable hubris on the part of the social network. Perhaps some people do want this information shared, and if they do, let them opt-in to the tool, don’t make it automatic. I have opted out of the service, but even then that is a pain.
Even though this security hole has been patched, it makes you wonder what else is lurking out there, just waiting to be discovered.
Add magic to your living space with these string lights
String lights add personality and soft light to your living space. Here are some of the best.
Disguise your little one with the help of a themed costume
From avocado halves to hoppy bunnies, costumes speak to every child's unique spirit. And we've collected our favorite options.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Have a friend or family member that loves chess? Check out these fun gifts!
Gifts are easy when the person you're giving to has a specific interest or hobby. We've gathered the best gifts for chess lovers and found the coolest ideas from T-shirts to phone cases. You'll certainly want to get one or more of these gift ideas for the chess lover in your life.