Post by tarzan on Apr 7, 2018 17:24:36 GMT -5
market-ticker.org/akcs-www?post=233161
The REAL Social Media SCAM
It's very important you understand how they steal data on you, the scope of that theft, and why it matters along with why you not only didn't consent you can't consent.
Let's say you go to market-ticker.org and read some pages there. That's this blog, by the way.
If you're new around here you will see a highlighted bar telling you that signing in will improve your experience. This is because if you create a (free) account and sign in you can customize how the system displays things (the control panel's options are quite-extensive), you can ask it to notify you if topics you're interested in get new user comments and more.
If you sign in you would assume (and the TOS tells you) that the system will store a "cookie", which is just a numeric identifier, on your machine. That's how it knows who you are when you click a new page, or when you come back to the page later.
But this is not limited to when you sign in. Any site on the web can and most do send down other cookies. This software, for example, sends done what is known as a "UUID", or "unique user ID". It's simply a random, unique (and very long) numeric code that identifies your machine. Why? Because it's useful for the software to be able to do things like enforce rate-limiting (that is, to prevent spam-bots from overloading the system and doing other nasty things they would try to do), specifically. It also allows the software to correlate accesses whether you're signed in or not, which helps security (e.g. if you lose your password the system has a decent idea if you really are who you're trying to get a validation email for!)
Why is this important? Because any access to a page on the site for which the cookie is valid will have the cookie sent with the request, no matter what page you are accessing on the Internet, and in addition the exact URL you visited is also sent that generated the request.
What's important to understand is that the site you're reading does not generate that request -- your browser does. Your browser gets a line that says "<script .....>", "<img ....>" or similar and it sends a request for that resource to the specified place. In the request is the source page (where the request came from) and any cookies your browser has that are valid for the address to which the request is sent.
So let's assume you're Facesucker. You make it "easy" for site owners to put "likes" and even use sign-on features from Facebook's authentication on your page. Say, you're a newspaper.
Ok, so I go to www.mylocalnews.dirtbag/my-local-jackass-city-council.html.
As the page loads it requests the "like" buttons from Facebook for the articles, and in addition requests the sign-in box for comments. Both of those generate a request to Facebook's computers and in that request is the exact URL I am reading -- that is, from where the request came.
Now here's the important part: If I have signed into Facebook at any time in the past from that device then the company has stored one or more cookies on my machine that uniquely identify me. Since the request to Facebook's servers match the place where the cookie came from they now get the exact article I was reading and my identity even though I did not sign into Facebook to read the article. I have given no consent to this, I cannot opt out of it and every single place on the Internet that has these buttons and/or sign-on boxes causes this to happen.
What's even worse is that I don't have to actually have signed into Facebook, ever, or even have an account in order for this to occur. The first time that request goes to Facebook if there are no cookies sent Facebook can assign me one and check my browser's characteristics, including the IP address I'm coming from. I now am "branded", in that the same cookie will be used to track me forever, and if I at any time in the future sign into Facebook or otherwise use any of their facilities I will then retroactively associate all of that browsing data with my person.
more at link
The REAL Social Media SCAM
It's very important you understand how they steal data on you, the scope of that theft, and why it matters along with why you not only didn't consent you can't consent.
Let's say you go to market-ticker.org and read some pages there. That's this blog, by the way.
If you're new around here you will see a highlighted bar telling you that signing in will improve your experience. This is because if you create a (free) account and sign in you can customize how the system displays things (the control panel's options are quite-extensive), you can ask it to notify you if topics you're interested in get new user comments and more.
If you sign in you would assume (and the TOS tells you) that the system will store a "cookie", which is just a numeric identifier, on your machine. That's how it knows who you are when you click a new page, or when you come back to the page later.
But this is not limited to when you sign in. Any site on the web can and most do send down other cookies. This software, for example, sends done what is known as a "UUID", or "unique user ID". It's simply a random, unique (and very long) numeric code that identifies your machine. Why? Because it's useful for the software to be able to do things like enforce rate-limiting (that is, to prevent spam-bots from overloading the system and doing other nasty things they would try to do), specifically. It also allows the software to correlate accesses whether you're signed in or not, which helps security (e.g. if you lose your password the system has a decent idea if you really are who you're trying to get a validation email for!)
Why is this important? Because any access to a page on the site for which the cookie is valid will have the cookie sent with the request, no matter what page you are accessing on the Internet, and in addition the exact URL you visited is also sent that generated the request.
What's important to understand is that the site you're reading does not generate that request -- your browser does. Your browser gets a line that says "<script .....>", "<img ....>" or similar and it sends a request for that resource to the specified place. In the request is the source page (where the request came from) and any cookies your browser has that are valid for the address to which the request is sent.
So let's assume you're Facesucker. You make it "easy" for site owners to put "likes" and even use sign-on features from Facebook's authentication on your page. Say, you're a newspaper.
Ok, so I go to www.mylocalnews.dirtbag/my-local-jackass-city-council.html.
As the page loads it requests the "like" buttons from Facebook for the articles, and in addition requests the sign-in box for comments. Both of those generate a request to Facebook's computers and in that request is the exact URL I am reading -- that is, from where the request came.
Now here's the important part: If I have signed into Facebook at any time in the past from that device then the company has stored one or more cookies on my machine that uniquely identify me. Since the request to Facebook's servers match the place where the cookie came from they now get the exact article I was reading and my identity even though I did not sign into Facebook to read the article. I have given no consent to this, I cannot opt out of it and every single place on the Internet that has these buttons and/or sign-on boxes causes this to happen.
What's even worse is that I don't have to actually have signed into Facebook, ever, or even have an account in order for this to occur. The first time that request goes to Facebook if there are no cookies sent Facebook can assign me one and check my browser's characteristics, including the IP address I'm coming from. I now am "branded", in that the same cookie will be used to track me forever, and if I at any time in the future sign into Facebook or otherwise use any of their facilities I will then retroactively associate all of that browsing data with my person.
more at link