Facebook Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.Anti-spam check. Do not fill this in! ==== DataSpii ==== In July 2019, cybersecurity researcher Sam Jadali exposed a catastrophic data leak known as [[DataSpii]] involving data provider DDMR and marketing intelligence company Nacho Analytics (NA).<ref name="Fowler-2019">{{Cite news |last=Fowler |first=Geoffrey A. |date=July 19, 2019 |title=Perspective {{!}} I found your data. It's for sale. |url=https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/ |access-date=April 3, 2024 |newspaper=Washington Post |language=en-US |issn=0190-8286}}</ref><ref>{{Cite web |last=Goodin |first=Dan |date=July 18, 2019 |title=My browser, the spy: How extensions slurped up browsing histories from 4M users |url=https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/ |access-date=April 3, 2024 |website=Ars Technica |language=en-us}}</ref> Branding itself as the "God mode for the internet," NA through DDMR, provided its members access to private Facebook photos and Facebook Messenger attachments including tax returns.<ref name="Jadali-2019">{{Cite web |last=Jadali |first=Sam |date=July 18, 2019 |title=DataSpii – A global catastrophic data leak via browser extensions |url=https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/ |access-date=April 3, 2024 |website=Security with Sam |language=en-US}}</ref> DataSpii harvested data from millions of Chrome and Firefox users through compromised browser extensions.<ref>{{Cite web |date=July 19, 2019 |title=Google, Firefox Browser Extensions Expose Data of 4 Million People |url=https://www.consumerreports.org/electronics-computers/privacy/google-firefox-browser-extensions-expose-personal-data-a2138132661/ |access-date=April 3, 2024 |website=Consumer Reports |language=en-US}}</ref> The NA website stated it collected data from millions of opt-in users. Jadali, along with journalists from ''Ars Technica'' and ''The Washington Post'', interviewed impacted users, including a ''Washington Post'' staff member. According to the interviews, the impacted users did not consent to such collection. DataSpii demonstrated how a compromised user exposed the data of others, including the private photos and Messenger attachments belonging to a Facebook user's network of friends.<ref name="Jadali-2019" /> DataSpii exploited Facebook's practice of making private photos and Messenger attachments publicly accessible via unique URLs. To bolster security in this regard, Facebook appends query strings in the URLs so as to limit the period of accessibility.<ref name="Jadali-2019" /> Nevertheless, NA provided real-time access to these unique URLs, which were intended to be secure. This allowed NA members to access the private content within the restricted time frame designated by Facebook. ''The Washington Post''{{'}}s Geoffrey Fowler, in collaboration with Jadali, opened Fowler's private Facebook photo in a browser with a compromised browser extension.<ref name="Fowler-2019" /> Within minutes, they anonymously retrieved the "private" photo. To validate this proof-of-concept, they searched for Fowler's name using NA, which yielded his photo as a search result. In addition, Jadali discovered Fowler's ''Washington Post'' colleague, Nick Mourtoupalas, was directly impacted by DataSpii. Jadali's investigation elucidated how DataSpii disseminated private data to additional third-parties, including foreign entities, within minutes of the data being acquired. In doing so, he identified the third-parties who were scraping, storing, and potentially enabling the facial-recognition of individuals in photos being furnished by DataSpii.<ref>{{Cite web |last=Goodin |first=Dan |date=July 18, 2019 |title=More on DataSpii: How extensions hide their data grabs—and how they're discovered |url=https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/ |access-date=April 3, 2024 |website=Ars Technica |language=en-us}}</ref> Summary: Please note that all contributions to Christianpedia may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here. You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Christianpedia:Copyrights for details). Do not submit copyrighted work without permission! Cancel Editing help (opens in new window) Discuss this page