by Steven Englehardt [0], Gunes Acar, and Arvind Narayanan So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs. Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login APIs. Specifically, we found two types of vulnerabilities [1]: seven third parties abuse websites’ access to Facebook user data one third party uses its own Facebook “application” to track users around the web. Vulnerability 1: Third parties piggyback on Facebook access granted to websites Facebook Login and other social login systems simplify the account creation process for users by decreasing the number of passwords to remember. But social login brings risks: Cambridge Analytica was found…
Read more detail on Recent Technology posts –