Updated It's possible for miscreants to secretly extract people's personal information via Facebook's Login service – the tool that lets you sign into websites using just a Facebook ID.
Readers will be familiar with Steven Englehardt, a Mozilla privacy engineer who pursues privacy research for his PhD at Princeton, whose work on browser fingerprinting led him to identify a remarkable degree of privacy invasion by analytical scripts.
In Englehardt's latest work, in partnership with Gunes Acar and Arvind Narayanan, the trio detailed seven online tracking services that can potentially access Facebook user data.
For netizens, Facebook Login looks like a boon: they only need to use their Facebook username and password to log into multiple sites or apps. However, it turns out that once you log in this way, any JavaScript code running on the page can pull up parts of your Facebook profile, which is useful for third-party tracking tools.
“When a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site,” Englebardt explained.
These third-party trackers, when embedded in a webpage accessed via Facebook Login, can potentially grab Facebook user IDs, email addresses, names, and other profile information including – in one case – gender.
“We found seven scripts collecting Facebook user data using the first party’s Facebook access,” Englebardt wrote. The practice isn't yet widespread, thankfully: scripts provided by web tracking outfits were only found on 434 of Alexa's top one-million websites, including “fiverr.com, bhphotovideo.com, and mongodb.com." ... Much more https://www.theregister.co.uk/2018/04/19/facebook_third_party_site_login_security_leak/
News 
Market Data 
Discover 
