views
New Delhi: Facebook has suspended the errant websites’ right to use ‘Login with Facebook’ after it came to light that data of a Facebook user can be accessed by third-party JavaScript trackers.
The third party trackers piggybacked on Facebook access granted to the websites. The tracker exploited the algorithm to access key users’ data, including email address, name, age range, gender, locale and photos depending on the details provided by the users.
Princeton’s Center for Information Technology Policy’s research and expert commentary “Freedom To Tinker” had exposed on April 18 how seven third party trackers abused website’s access to Facebook user data and one third party tracker used its own Facebook application to track users around the world wide web.
Responding to the report, Facebook told News18, “Scraping Facebook user data is in direct violation of our policies. While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.”
The report goes on to say that this exposure of Facebook data to third parties is not due to a bug in Facebook’s Login feature. Rather, it is due to the lack of security boundaries that exists between the first-party and the third-party scripts.
The user ID collected through the Facebook API is specific to the website or the application, which would limit the potential for cross-site tracking. But these app-scoped user IDs can be used to retrieve the Facebook ID, user’s profile photo, and other public profile information, which can be used to identify and track users across websites and devices.
Facebook Login and other social login system, are often used by users as it gives them the ease of not opening an account everywhere and keep a check on the number of passwords. But the report says these social login brings risk, even ‘Cambridge Analytica’ was found misusing user data collected by a Facebook quiz app which used the login with Facebook feature.
While the report did not specify how these trackers used the information that they collected, most of these applications collected user data to help publish to better monetize their users. While some provided ‘Identity-based fraud prevention’, the others offered cross-device tracking and consumer recognition services.
Under fire due to the Cambridge Analytica controversy, Facebook has been facing a tough last couple of months. There was a global outrage with #deletefacebook trending for days, falling share prices and the founder CEO Mark Zuckerburg had to testify in the senate and infront of the law makers.
This is when Facebook decided to tighten the leaking data pool. Facebook said it will be eliminating the platform that allows other companies to use the data they collected off Facebook for advertising on Facebook. “While this is a common industry practice, we believe this step, winding down over the next six months, will help improve people’s privacy on Facebook.
But this expose by the ‘Freedom To Tinker’ shows how Facebook, clearly failed to assuage the concerns of the users. This in spite of the assurance given by the company in US Senate.
Comments
0 comment