Facebook ID data leak

Three weeks ago there was some fuzz in the media about a new Facebook data leak. The problem was that a lot of Facebook applications, small pieces of software usually made by third parties allowing e.g. to play games, were transmitting users' Facebook IDs to outside companies. This was done by an HTTP Header, the Referer. As a result, some people were demanding that browser vendors should embrace privacy by default and block or at least modify the Referer properly in order to avoid such data leaks. Meanwhile, the user has just the option to deactivate or somehow modify the Referer in order to mitigate the problem. Deactivating the Referer is not a good solution as it often breaks the web. Thus, modifying the Referer seems the only viable option here. This is done best within the browser e.g. by an extension. We therefore included that particular functionality into our JonDoFox extension a while ago: Basically, the Referer is now deleted if a user surfs to a new domain but kept if she just surfs to a subdomain. That does not give domain owners any clue from which other domain a user was coming while it at the same time does not break the Web as some sites need the Referer for internal aims.

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.