De-Anonymization via Clickjacking in 2019
- This blog post is about my journey to understand the current practice of de-anonymization via the clickjacking technique whereby a malicious website is able to uncover the identity of a visitor, including his full name and possibly other personal information.
- My journey began when I read the excellent Google YOLO blog post by @filedescriptor about a clickjacking vulnerability of the Google YOLO (You Only Login Once) service, a web widget that provides an embeddable one-click login on websites.
- The blog post discusses how the widget can be used as a privacy threat, explaining that it’s possible to build a website with the Google YOLO widget and disguise the widget to make it look like a harmless button.
- An attacker can easily create a new website and use clickjacking with the Like widget, and then send the page to a limited amount of victims and reveal their identities by tracking the likes on Facebook.
THE STORIES REPORT: How brands can take advantage of the viral growth of the Stories format
- Business Insider Intelligence Stories are on track to become the main format for social media consumption, providing brands with a massive and vital opportunity to reach consumers.
- Combined, Stories features on Facebook-owned platforms command a whopping 1.5 billion daily active users (DAU), though some may be double-counted.
- Stories-centric features have also emerged on several other platforms, including YouTube, Google search results, and even LinkedIn. The viral acceptance of Stories, their accelerating usage, and their highly engaging nature make it imperative for brands to use the format to reach consumers.
- In The Stories Report, Business Insider Intelligence identifies the most popular platforms for Stories features, defines best practices to maximize engagement without alienating users, and pinpoints challenges hindering brand adoption for the future.
- The companies mentioned in this report are: Facebook, Google, Instagram, LinkedIn, Messenger, Snapchat, WhatsApp, and YouTube.
THE SOCIAL VIDEO REPORT: How social platforms are transforming their video distribution strategies and creating new opportunities for brands
- Social platforms are ramping up on emergent video formats to drive new and deeper forms of engagement across their sites and apps, yielding new opportunities for brands.
- As platforms experiment beyond in-feed videos, new formats and user behaviors around social video present meaningful opportunities for brands to reach millions of social users.
- In 2018, social platforms saw explosive growth around innovative video formats like Stories; a rising push around communal video experiences; the launch of new video-centric hubs on social platforms (e.g. IGTV); and the expansion of more premium or longer-form fare.
- Social platforms continue to undergo transitions in a bid to capture user attention, but each represents a significant key to understanding how the social video landscape is expanding and reorganizing around new formats and distribution models.
- Get the latest Snap stock price here.
- Get the latest Google stock price here.
Exactly how Facebook stalks you - and it's creepier than you thought
- Facebook is giving us a new way to glimpse just how much it knows about us: On Tuesday (Wednesday AEDT), the social network made a long-delayed "Off-Facebook Activity" tracker available to its 2 billion members.
- You don't necessarily have to be logged in to the Facebook app or website on your phone - companies can report other identifying information to Facebook, which will marry up the activity to your account after the fact.
- The social network also doesn't pass your personal information back to businesses - they just get the chance to target ads to people with Facebook accounts who triggered the trackers.
- The Washington Post says it stopped using the Facebook tracking pixel, along with some other social-networking trackers, on content pages as of Oct. 24.
- Facebook says companies are required to provide us "robust notice" that they're sending data about our activity to the social network.
Jay Parikh, Facebook’s Top Infrastructure Engineering Exec, Leaving Company
- This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.
- Informa PLC's registered office is 5 Howick Place, London SW1P 1WG.
- Kurt Wagner (Bloomberg) -- Facebook Inc.’s top engineering executive, Jay Parikh, is leaving after more than a decade.
- Parikh, who announced the move on his Facebook page Tuesday, oversees all engineering and infrastructure efforts, and manages thousands of employees around the world.
- He was instrumental in building the massive data centers that power Facebook’s social-media services.
- Other projects included bringing wireless internet connectivity to rural areas through solar-powered drones and undersea fiber cables, and the use of more renewable energy.
- Facebook will probably distribute Parikh’s responsibilities to multiple executives.
- David Mortenson, a vice president of engineering who has been at the company for almost nine years, will take over the infrastructure side of Parikh’s job, according to a company spokesman.
People are spreading memes and fake news online as the deadly coronavirus spreads across the globe
- According to a Washington Post report from January 27, Facebook, in particular, has tried to limit the spread of conspiracy theories about the Wuhan coronavirus, including one that the US government manufactured the deadly disease and holds a patent for it.
- According to the South China Morning Post, ByteDance struck a 630 million yuan (about $90,000,000 US) deal with Huanxi Media to stream new movies directly to users using its Douyin, Toutiao, Xigua Video, and Huoshan apps.
- The New York Times reported on January 27 that people in China were posting online about their panic and anger, dodging social media censors to post criticisms of the government on social media platforms amid the ongoing outbreak, which may have started at a Chinese wet market.
- In the US, there has been a variety of content posted to social media platforms, like TikTok, amid the virus that started in Wuhan.
Facebook's Jay Parikh, the veteran datacenter exec who helped the company cope with explosive user growth, is the latest insider to leave
- Facebook's vice president of engineering and infrastructure, Jay Parikh, announced plans to leave the company on Tuesday, the latest longtime executive to depart the social network as it faces one of the most challenging phases in its history.
- Parikh, who has worked at Facebook for more than a decade, was largely responsible for helping the company build out and maintain its massive technical infrastructure, a network of expensive datacenters stocked with thousands of computers and spanning multiple continents.
- Facebook saw its reach explode while Parikh was at the company, requiring major investments and innovations to handle an onslaught of traffic from billions of users of the flagship social network and popular apps like Instagram and Whatsapp.
- As one of Facebook CEO Mark Zuckerberg's top lieutenants at the company, Parikh spearheaded various ambitious initiatives such as internet connectivity and an internet drone project that was eventually abandoned.
Amazon’s Ring app shares loads of your personal info, report finds
- Amazon's Ring line of home surveillance products has come under intense scrutiny in recent months following a seemingly endless litany of worrying revelations about Ring's police partnerships, account security, vulnerabilities, employee snooping, and sharing of extremely detailed location data.
- The EFF notes that this data goes to Facebook regardless of whether the user has a Facebook account, and it adds that the user identifier persists even when you reset your advertiser ID in your OS.
- Branch likewise gets several unique identifiers relating to user identity and device fingerprint, along with other device data points such as IP address, phone model, screen resolution, and DPI.
- AppsFlyer, which likewise offers an array of deep linking, mobile, and cross-platform analytics services, also receives a unique identifier as well as information about your wireless carrier.
- MixPanel—which provides, you guessed it, user-behavior analytics and data—gets the most personal information out of the whole set, the EFF found.
Facebook’s new tool will tell you how it knows so much about you
- It can tell you which companies are supplying Facebook with information about your real-world activity — for example, that you visited their website or purchased a product from it.
- That’s because a lot of sites use Facebook’s trackers, which automatically collect and send visitor data back to Facebook.
- This seems like it would turn off all real-world data collection, but that’s not exactly true.
- Right after you flip the switch, you’ll see a dialogue that says, “We’ll still receive activity from the businesses and organizations your visit.” This information just won’t be associated with your account.
- Turn off “Ads based on data from partners,” “Ads based on your activity on Facebook Company Products that you see elsewhere,” and “Ads that include your social actions.” Again, this won’t completely shut off the tracking, but it will minimize it.
Toothless: Facebook proposes a weak Oversight Board
- Facebook’s internal “Supreme Court” can’t set precedents, can’t make decisions about Facebook Dating or Marketplace, and can’t oversee WhatsApp, Oculus, or any messaging feature, according to the bylaws Facebook proposed today for its Oversight Board.
- But it will only be able to challenge content taken down, not left up, until at least later this year so it likely won’t be able to remove misinformation in political ads allowed by Facebook’s controversial policy before the 2020 election.
- The result is an Oversight Board does not have deep or broad power to impact Facebook’s on-going policies — only to clean up a specific instance of a botched decision.
- It will also force Facebook to be a little more transparent about its content moderation rule-making, since it will have to publish explanations for why it does or doesn’t adopt the policy change recommendations.