Discussion:
log in to this website with Facebook!
(too old to reply)
RS Wood
2018-05-04 13:42:41 UTC
Permalink
Raw Message
Turns out, surprising no one, taking advantage of this convenience was
a terrible idea. Doubt anyone on Usenet would have done it, but many
many users opted for convenience and got screwed once again. A pox on
the modern web.

https://www.theregister.co.uk/2018/05/04/delete_facebook_login/

Researchers Steven Englehardt, Gunes Acar and Arvind Narayanan recently
published a report saying how Facebook Login (and its Google
equivalent) are a honey pot for "the exfiltration of personal
identifiers". The Reg covered it here.

As the report explains:

When a user grants a website access to their social media profile, they
are not only trusting that website, but also third parties embedded on
that site. We found seven scripts collecting Facebook user data using
the first party's Facebook access... Most of them grab the user ID, and
two grab additional profile information such as email and username.

The user ID collected through the Facebook API is specific to the
website... which would limit the potential for cross-site tracking. But
these app-scoped user IDs can be used to retrieve the global Facebook
ID, user's profile photo, and other public profile information, which
can be used to identify and track users across websites and devices.

The researchers also note that "hidden third-party trackers can also
use Facebook Login to deanonymize users for targeted advertising".
While a privacy violation, these hidden trackers can get away with it
"when the same tracker is also a first party that users visit directly".

According to the researchers, the unintended exposure of Facebook data
to third parties is not due to a bug in Facebook's Login feature but
rather the lack of security boundaries between the first-party and
third-party scripts in today's web.
--
RS Wood <***@therandymon.com>
Dirk T. Verbeek
2018-05-06 18:08:21 UTC
Permalink
Raw Message
Post by RS Wood
Turns out, surprising no one, taking advantage of this convenience was
a terrible idea. Doubt anyone on Usenet would have done it, but many
many users opted for convenience and got screwed once again. A pox on
the modern web.
You are absolutely right.
I am astounded even seasoned /. users log in with their Google account.
Dirk T. Verbeek
2018-05-06 18:10:25 UTC
Permalink
Raw Message
Post by Dirk T. Verbeek
Post by RS Wood
Turns out, surprising no one, taking advantage of this convenience was
a terrible idea.  Doubt anyone on Usenet would have done it, but many
many users opted for convenience and got screwed once again.  A pox on
the modern web.
You are absolutely right.
I am astounded even seasoned /. users log in with their Google account.
(Hit send too soon)

I find it even more worrisome sites like /. allow this sort of collusion.
Loading...