shadowprofile
Latest
Facebook's data sharing excesses even surprised its 'partners'
We regret to inform you that we may have published our article titled "Facebook's terrible 2018" just a few hours too early. Tonight the New York Times has once again dug into the social network and assembled -- based on internal documents and interviews with employees, former employees and business partners --an unflattering picture of the data it has been sharing for years with the likes of Bing and Rotten Tomatoes. Taken as a whole, these revelations make the Cambridge Analytica data leak revelations seem almost insignificant. Even with the last few months and years of revelations, the behavior described is surprising -- and not just for users. According to the article, companies like Apple and Russian search giant Yandex claimed to not know how much access Facebook had given them to user information. In the case of Yandex, the NYT said Facebook initially claimed the company wasn't an "integration partner" in October just months before telling Congress it actually is, and had access to Facebook's unique user IDs longer than others apps. It claims that Spotify, Netflix and the Royal Bank of Canada had access to read, write and delete private messages as well as see who was on a message thread. Apple had special access to phone numbers and calendar entries that the company said it was not aware of, while also leaving no trace that its devices were pulling in the data. According to a Netflix spokesperson, "At no time did we access people's private messages on Facebook, or ask for the ability to do so." Spotify has said it was unaware of this access, and Royal Bank of Canada disputed that it had such access. Microsoft had access to the names of Facebook's users friends and was apparently building profiles of Facebook users on its own servers, while Sony and Amazon could snag email addresses of a user's friends. Even the New York Times itself makes an appearance, with an app that was discontinued in 2011 still retaining access to users' friends list.
Facebook’s two-factor ad practices give middle finger to infosec
We've all encountered security questions asking where we went to school, our favorite color or food, our first concert, and the ubiquitous "mother's maiden name." Imagine a world where on one screen you carefully chose Stanford, red, spaghetti and so on, and on the next you were shown ads for Italian restaurants, red shoes, and jobs for Stanford grads. Seems like an insane violation, right? I mean, it stands to reason that we expect that the information we type to secure our online accounts and apps is private and safely guarded.
