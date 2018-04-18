'Login With Facebook' Data Hijacked By JavaScript Trackers (techcrunch.com) 26
An anonymous reader quotes a report from TechCrunch: Facebook confirms to TechCrunch that it's investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user's data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data. The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That's according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton's Center For Information Technology Policy.
Here is the real problem:
After TechCrunch brough the issue to MongoDB’s attention this morning, it investigated and just provided this statement “We were unaware that a third-party technology was using a tracking script that collects parts of Facebook user data. We have identified the source of the script and shut it down.”
You were unaware? UNAWARE? You were UNAWARE of what's running ON YOUR OWN FUCKING WEBSITE?????
What the fuck is wrong with you? Are you really that fucking incompetent? Seriously. What the fucking fuck.
Facebook has magnified the consequences of poorly placed trust far beyond most anyone's worst nightmares.
I never fell for the idiocy of Facebook myself, so all the suckers and chumps who did are just fools who provide me with a reason to laugh derisively.
Thanks for the laughs, you dumb fucks.
I never fell for the idiocy of JavaScript.
I hear Oracle is trying to sue anyone publishing JavaScript because they own the trademark "JavaScript". Lawsuit fear may finally end the organic mess of JavaScript floating around. Okay, I'm only dreaming.
(meme from Twitter, and maybe that too) For anyone who cares the path is clear. If you don't care, do nothing and quityerbitchin.
Do, or do not. There is no try.
Suck it Traitorberg!
Where is the exploit here? How is it surprising or concerning that if I give a company access to my data, they might use third-party SAAS to process my data? Is the endgame of this hysteria a complete ban on SAAS?
Just you wait until they get around to auditing the banner ads.
Always felt it to be highly invasive, potentially insecure. The LAST thing I want, is to sign in to bloody sites with Facebook credentials.