Remember when you took that little Facebook quiz that claimed to reveal “what type of beauty you possess”?
Or that funny photo app that turned you into a magazine cover model? Or maybe that test that told you what kind of “Game of Thrones” character suits you?
Admit it, you have taken a number of these Facebook tests, haven’t you?
Quizzes like these are some of the social media site’s most popular guilty pleasures. If all your Facebook friends are taking them, they’re probably OK, you might think.
Well, the Cambridge Analytica scandal reminded us how these seemingly harmless and fun quizzes and apps can be trojan horses for massive data collection.
Take this popular third-party Facebook quiz app, for example. It looks like it has been leaking user information for years!
(No, this is not another silly quiz.)
NameTests, one of Facebook’s biggest quiz app platforms, has been publicly exposing the data of up to 120 million people for years, including names, birthdates, photos and status updates.
Security researcher Inti De Ceukelaire discovered the alarming flaw and reported it via Facebook’s new Data Abuse Bounty program. Note: This program was launched as part of Facebook’s ongoing crackdown on abusive third-party apps.
Now, unlike in the Cambridge Analytica case where the quiz developer willingly shared the data with the analytics firm, Nametest’s data leak was caused by a glitch on its website.
According to De Ceukelaire’s findings, each time someone takes a NameTests quiz, its website fetches the Facebook user’s personal information and displays it on a webpage.
The problem? This page was poorly configured and allowed anyone to access it.
“I was shocked to see that this data [were] publicly available to any third-party that requested it,” de Cuekelaire wrote in a blog post. “In a normal situation, other websites would not be able to access this information.”
To prove how easy it was to steal someone’s personal information through the website, he set up his own webpage that connected to NameTests.com and fetched the data about each visitor.
Through his test website, he was able to harvest the private photos, friends list, status updates of each visitor who has used NameTests in the past, even after they’ve deleted the app from their Facebook account.
NameTests.com
The NameTests website also provided a secret access token that gave him access to this information for up to two months.
According to de Cuekelaire, the flaw has been there at least since the end of 2016 and based on NameTests’ number of monthly users, it may have publicly exposed the information of more than 120 million people.
Watch the video below to see the NameTests website flaw in action:
Based on the de Cuekelaire’s timeline, he reported the flaw to Facebook on April 22.
On June 25, he noticed that NameTests have fixed the flaw and third parties could no longer access its users’ personal information.
And finally, on June 28, Facebook posted its official public statement regarding the NameTests flaw and confirmed that the fix was indeed in place.
Facebook also revoked the past NameTests access tokens for every Facebook user who used the app in the past.
For his efforts, Facebook awarded $4,000 to de Cuekelaire as part of the bug bounty program. He donated the amount to the Freedom of the Press Foundation instead, which Facebook promptly matched, bringing the total to $8,000.
Click here to read de Cuekelaire’s full blog post on Medium.
As usual, despite Facebook’s ongoing crackdown, the NameTests flaw is yet more proof that third-party apps can expose your information without your knowledge!
Now, when you take that seemingly harmless quiz, app or game, please check its permissions diligently. If it’s asking for more than your basic public information, think twice before logging in and granting it access to your Facebook profile.
Here’s one more thing you need to know. Once you authorize a third-party app to access your Facebook data it can remain on your profile forever.
If you’re not auditing your third-party Facebook apps, they can be accessing your data for years without your knowledge!
So in the name of your security, it’s time to audit those third-party Facebook apps.
Open/download audioWhat you’re about to hear is hard to believe. Whether you have kids who play video games or not, you will find this shocking. There’s a popular American video game about to be sold called “school shooting simulator.”
Learn more about your ad choices. Visit megaphone.fm/adchoices
Amazon Prime recently got a much-scrutinized 20-percent price increase that has many people reevaluating their commitment to the online retailer’s subscription service. While Amazon packs a lot of features into that $119 annual fee, you might be looking to get a little more out of it. One way to do that is with Amazon Household.
Who isn’t addicted to Netflix at this point? It’s one of the most popular streaming services around and with good reason.
Not only does it stream some of the best Hollywood movies and TV shows, but it has a huge collection of originals to look forward too. I’m sure we’ve all spent many weekends binge-watching shows like “13 Reasons Why,” “Stranger Things” and “Black Mirror.”
The iPad is one of the most iconic Apple gadgets on the market and everyone was excited about the latest changes. With competition from cheaper gadgets from Amazon and other Android-based tablets, the new features at the same price point was definitely the shot in the arm that Apple needed to make the basic iPad relevant again.
If there is a downside to be found with downloading all of the iPhone’s apps it is that they can lead to a good amount of clutter on the screen. No one likes having to scroll through page after page to find the app they need, which is why Apple allows us to group them into folders. That’s great, but the process can take a while.
Have you daydreamed about speaking a foreign language? Or have you put in a lot of effort to learn a language, whether you need to be nearly fluent for your job or you just want to pick up important phrases before you take a trip to another country? Now you can with ease! All it takes is your smartphone and a bit of determination on your part.
Open/download audioTechnology allows you to literally put words in someone else’s mouth. Video manipulation is advancing to a point where even terror attacks and mass destruction can be falsely created. We are on the cusp of a new era, where fake news will look more real than ever. Click here to listen to my free Komando on Demand podcast about why you can’t believe everything you see and how video manipulation could be a major threat to national security.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Streaming services like Netflix and Hulu are great, but what if you are looking for an old classic that they just don’t carry? Sometimes it’s frustrating when you can’t find a copy of your favorite movie from the 1960s. It’s not just movie rental stores that are disappearing either. Record shops have been fading away for years also. It would be nice if there was a way to find some of the more unattainable things online. Don’t worry, there is!
Amazon Prime’s original annual price of $79 wasn’t raised until 2014, when the company bumped up the cost to $99 each year. That price hike didn’t seem to hurt them. With more than 100 million subscribers, Prime is a full-fledged powerhouse. Now, 4 years later, Amazon is again adding $20 onto the price of Prime membership. And it’s piling on the perks in hopes you won’t mind the new $119 annual price.
You use Google search every day. You use it to get driving directions and recipes. You use it to buy movie tickets, to hear the hours for Sunday mass and so much more. Everyone uses Google search, but only a select few know these insider secrets.
Have you ever looked at your iPhone or iPad user guide? I mean, read through all 100-plus pages of it? Chances are, like most people, you were so excited when you got your new Apple gear that you forgot all about the user guide. But guess what? Buried deep inside its pages are some really clever tricks.
Open/download audioRemember the days of going to the store to rent your favorite movie? Then the disappointment when there were no copies available? Netflix sure fixed that problem and now is growing into a media giant. Movies, TV Shows, original programming, all at your fingertips, whenever you want. But there’s more to Netflix than you might know! Listen to my free Komando on Demand podcast for handy tips to help you get the most out of your video-streaming service.
Learn more about your ad choices. Visit megaphone.fm/adchoices
