Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cambridge Analytica. Show all posts

Brave Disabled a Chrome Extension Linked to Facebook Users

 

Last week, security analyst Zach Edwards stated how Brave had restricted the L.O.C. Chrome extension citing concerns it leaked the user's Facebook information to the third server without warning or authorization prompt. An access token used by L.O.C. was obtained easily from Facebook's Creator Studio online app. After retrieving this token — a text thread made up of 192 alphanumeric characters – from the apps, the chrome extensions can use it with Facebook's Graph API to get data about the signed-in user without being a Facebook-approved third-party app. 

The concern is whether this type of data access could be exploited. Without the user's knowledge, an extension using this token could, copy the user's file and transmit it to a remote server. It might also save the user's name and email address and use it to track them across websites. According to a Brave official, the business is working with the programmer to make certain changes — most likely an alert or permission prompt – to ensure the extension is appropriate in terms of privacy and security. 

In September 2018, Facebook announced a security breach impacting nearly 50 million profiles, it blamed criminals for stealing access tokens supplied by its "View As" function, allowing users to see how the profiles appear to others." They were able to steal Facebook access tokens, which subsequently used to take over people's accounts," said Guy Rosen, Meta's VP of Integrity.

Cambridge Analytica accessed people's Facebook profiles using a third-party quiz app which was linked to the social media platform. One would assume a quiz app won't disclose your Facebook profile information with others, and a Chrome extension won't do the same. Despite Facebook's assurances, some steps must be taken to prevent a repetition of the Cambridge Analytica scandal, the Creators Studio access tokens in the hands of a malicious and widely used Chrome extension might lead to a rerun of history. 

Part of the problem is Google's Chrome extensions seem easy to corrupt or exploit, and Meta, aside from reporting the matter to Google, has no immediate ability to block the deployment of extensions which abuse its Graph API. The Creator Studio token is detailed to the user's session, according to a Meta representative, meaning it will terminate if the extension user signs out of Facebook. And, if the token hasn't been transferred to the extension developer's server, as looks to be the situation with the L.O.C. extension, uninstalling it will also result in the token expiring. 

Meta has asked Google to delete the extension from the Chrome Web Store once more and is looking into alternative options.

CBI Booked Firms for Harvesting Data of 5.62 Lakh Indian Facebook Users

 

The Central Bureau of Investigation (CBI) has lodged a case regarding an unlawful collection of personal information of nearly 5.62 lakh Indian Facebook users and the use of information to manipulate elections in India. In regards, CBI has booked Cambridge Analytica, the UK's political consultancy company, and another UK- based firm Global Science Research Ltd. 

In a preliminary CBI inquiry in July 2018 following a complaint from the Electronics and Information Technology Ministry, investigative officials discovered that Aleksandr Kogan, the Founder-Director of the Global Research Limited (GSRL), created an app called ‘This Is Your Digital Life’, which was used to collect data of Facebook users under the tag "academic and research purposes", as stated in the policy of the digital platform. Further in a probe, it was revealed that approximately 335 Indians had downloaded this app, whereby data of their Facebook friends- nearly 5.62 lakh, had been allegedly harvested without their knowledge. 

During the early investigation, Cambridge Analytica and GSRL reported criminal offenses, and the department later booked all companies for criminal conspiracy and cyber-crime. The organization Cambridge Analytica was initially accused of harvesting details of Facebook users and then manipulating it to obtain success in America, more precisely, the elections for 2016, as well as the Donald Trump campaign. Cambridge Analytica first became the subject of scrutiny three years ago.

In response, Facebook replied, “Data of 5.62 lakh Indians users might have been illegally harvested." Cambridge Analytica on the other hand responded that ”they only received data of UK users from the Global Science Private Limited.” 

According to CBI, these two companies had approached Facebook. Facebook later in conversation with CBI, told that they did allow Global Science Research ltd with their application, but they illegally collected the data of 5.62 lakhs users and later shared it with Cambridge Analytica. The data stolen contains information of the users, page likes, their private data, personal messages, and chats. Reportedly, the stolen information was later used to influence elections in India. 

Out of the 335 app users contacted by the CBI, six replied and were subsequently investigated. They all claimed that the software fooled them and that they were not aware that their personal and friends' data had been improperly gathered, the FIR suggested, adding that all six said they would not have used the app if they had the slightest indication that their privacy would be violated. 

Both UK-based companies have been booked by CBI for criminal conspiracy and violation of the IT Acts.

Facebook fined $5bn over Cambridge Analytica scandal










US regulators the Federal Trade Commission (FTC) has approved a fine of $5 billion on Facebook to settle an investigation into Cambridge Analytica scandal, reports in US media. 

The commission was investigating the data breach that that affected more than 87 million Facebook users. 

The main focus of the investigation was to find out whether Facebook had violated a 2011 agreement which prohibits companies from obtaining users data without notifying them. 

"With the FTC either unable or unwilling to put in place reasonable guardrails to ensure that user privacy and data are protected, it's time for Congress to act," US Senator Mark Warner said.

The fine of $5bn was sanctioned by the FTC in a 3-2 vote with Republican commissioners in favor and Democrats opposed.

According to the New York Times report the Democrats wanted to take stricter action against the firm,  while other Democrats criticized that the fine is too less.