Among the user info that could have been comprised include the user’s name, sex, location info, email address, profile picture and age range. It is not known specifically to what use the above information might have been put to use though the most usual one is to sell it off to monetization firms.
Facebook has stated they are already looking into the issue even though the issue has nothing to do with the social site, especially its own login feature. Instead, as the report stated, it is owing to a “lack of security boundaries between the first-party and third-party scripts in today’s web”.
The report has been prepared under the aegis of the Princeton University’s Center for Information Technology Policy. Also, contributors to the report include Steven Englehardt, Gunes Acar and Arvind Narayanan, researchers associated with Freedom to Tinker, an organization that the university supports.
On the whole, it is seven scripts that have been found to be collecting user’s data using the first party’s Facebook login feature. In another sole instance, a third party has its own Facebook application to keep a tab on user info.
No wonder all of this is refreshing our memories about the Cambridge Analytica episode where an innocent looking Facebook quiz turned out to be a ploy to collect vital user information. Worse, the same was also made available to a politically affiliated data analysis firm that is known to have helped Donald Trump win the US elections.
While the onus is on the individual sites to ensure they sanitize all third-party scripts embedded in their sites, Facebook too will no doubt never like to be associated with any such scrupulous sites.