Facebook confirmed to TechCrunch that it is investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using "Login With Facebook".
This is because “When a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site”. Thus these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data.
This is dangerous because the identity of visitors can be learned and such a visitor becomes a vulnerable target to possible maliscious hackers of this sites who may want to track a particular visitor.
The discovery of these data security flaws comes at a vulnerable time for Facebook. The company is trying to recover from the Cambridge Analytica scandal, CEO Mark Zuckerberg just testified before congress, and today it unveiled privacy updates to comply with Europe’s GDPR law. But Facebook’s recent API changes designed to safeguard user data didn’t prevent these exploits. And the situation shines more light on the little-understood ways Facebook users are tracked around the Internet, not just on its site.
What is most dishearting is that Facebook could have identified these trackers and prevented these exploits with sufficient API auditing. Facebook could also change its systems to prevent developers from taking an app-specific user ID and employing it to discover that person’s permanent overarching Facebook user ID.
Revelations like this are likely to beckon a bigger data backlash. Over the years, the public had became complacent about the ways their data was exploited without consent around the web.
Zuckerberg makes an easy target because the Facebook founder is still the CEO, allowing critics and regulators to blame him for the social network’s failings. But any company playing fast and loose with user data should be sweating.
0 comments: