Jul 19, 2019

Broker sells near-real-time browsing info from unsuspecting victims

At least 8 browser extensions sold extremely sensitive data about their users to a data broker, who then sold access to that data in real time to unknown buyers, according to a report from researcher Sam Jadali.

Why it matters: The broker sold a continuously updated list of what sites users visited, including page titles, location and computer information about the user. That data, viewed in near real time, can severely hamper user privacy and security.

Details: Jadali discovered the following browser extensions feeding data to the broker: Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock, PanelMeasurement, Branded Surveys and Panel Community Surveys.

  • The extensions range in users from 1 to more than 1 million.
  • The extensions are for Chrome and FireFox, and would have received user permission to observe browsing behaviors on the web when first installed. But Jadali writes that only 4 of those extensions thoroughly explained that browser data would be collected.
  • Jadali is not releasing the name of the data broker.

Threat level: We don’t know that any data was used maliciously. But there’s a clear way that real-time data could be used maliciously.

  • Many sites use temporary links as a security measure. Jadali notes that when an infected machine sent an image file over a chat app, a web link to that image appeared on the broker's page to that image. The link only worked for a very short period of time.
  • A project management service included important information in the page titles, including engineering missteps at 2 major companies.
  • Other sites include critically important information in the web address itself. Links to various airline sites included account holder names.

Go deeper

Mobility data could give cities new tools to improve equity

Illustration: Sarah Grillo/Axios

As mobility data is amassed from ride-hailing, dockless bikes and e-scooters, cities need tools to responsibly track, store, and analyze it.

The big picture: With cities collecting that mobility data, in some cases as a condition for transportation companies to operate, they are facing a new challenge: how to be responsible stewards of this influx of data.

Go deeperArrowAug 14, 2019

Facebook's privacy-scandal Groundhog Day

Photo: John Tlumacki/The Boston Globe via Getty Images

Tuesday's news (via Bloomberg) that Facebook had contractors listen to users' private recorded messages to provide transcription quality control was hardly surprising.

The big picture: Google and Apple had been doing the same thing until a couple of weeks ago, when they stopped after reports surfaced in public. In fact, Facebook says it stopped the practice when its rivals did, as well. What's surprising is how little Facebook's playbook around privacy violations has changed, even after 18 months of controversy and a recent $5 billion settlement over the issue with the Federal Trade Commission.

Go deeperArrowAug 14, 2019

How tech platforms handle a user's death

Illustration: Sarah Grillo/Axios

Online platforms built for the living increasingly have to confront what to do when one of their users dies, leaving an account behind.

Details: Each major platform is different, but all have procedures in place should a user die.

Go deeperArrowAug 10, 2019