On May 11th it was reported that a flaw had been discovered in Facebook’s Instant Personalization service that made it possible for a third-party to capture a sizable amount of data about you without you ever even knowing it.
For those of you unfamiliar with the Facebook personalization tool, it allows sites to set cookies in your browser so that any time you visit the site again you will see which of your friends have been to the site and see what some of their activity was on that site. So far it has only been implemented on a handful of sites, but it has raised a firestorm of controversy over how much data a social network should share with others.
According to TechCrunch, George Deglin, a Web security expert, decided to play around with it on the Yelp site, to see if he could find any holes in it. Using “Cross Site Scripting”, he was able to inject malicious code in to the site that would allow a Facebook user’s name, e-mail address, friends list, groups and other data to be delivered to a third site for harvesting. Mr. Deglin did report the bug to both Yelp and Facebook which took down the code for a few hours to patch the error before returning it to service.
The problem here is that this cross pollination of services layering on top of one another just leaves to many possibilities for determined hackers to garner information. This particular issue required no action on the user’s part for it to work, and luckily it was discovered by someone with altruistic motives as opposed to someone actually trying to harvest personal info. Of course, there is always a chance it had been discovered by someone else before Mr. Delgin that simply didn’t report because they did want to harvest the information, but there is no way to know that right now.
Of all the issues raised by Facebook’s seeming attack on our privacy in which they feel their 450 million plus users should just share everything, I would have to say this one bothers me the most. If I want someone to know about a news story I read on a site, I’ll hit the “Share” button and tell them myself, but to think I just want all of my Facebook friends to automatically know about what I read and did on a site is act of unbelievable hubris on the part of the social network. Perhaps some people do want this information shared, and if they do, let them opt-in to the tool, don’t make it automatic. I have opted out of the service, but even then that is a pain.
Even though this security hole has been patched, it makes you wonder what else is lurking out there, just waiting to be discovered.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Win an iPhone, iPad and Apple Watch with the Reader's Choice giveaway!
What's the best phone of 2019? Is it the iPhone 11 Pro, Pixel 4 or OnePlus 7T? What about the best laptop, games console, tablet and more? Vote NOW in the Reader's Choice awards and win BIG in time for the holidays!
Here are the best products from IFA 2019!
Here are the products announced at IFA 2019 that were worthy of our Best of IFA 2019 awards. Also featuring MrMobile's single best product at the show!
Suck out the moisture, not the fun, with these dehydrators
Dehydrated food is a great way to make your food last longer than normal. we have made a list of our favorites for you to enjoy.