Facebook Exposes Photos Of Millions Of People In Latest Gaffe, Says 'Sorry'

-

Facebook exposed personal photos of millions of people in its latest privacy gaffe disclosed on Friday. The debacle happened due to a bug in one of the company's application programming interfaces for image management which allowed hundreds of app developers to access much broader photo sets than what users agreed to share with them. The vulnerability period ran from September 12 to September 25 and affected up to 6.8 million users who provided access to their photos to some 1,500 apps from 876 developers. Only users who explicitly granted access to their photos to apps via the vulnerable API could have been compromised by the bug which essentially allowed developers of those services to access any photo from their profiles, including those attached to incomplete posts, i.e. those that were never published, Facebook Engineering Director Tomer Bar revealed earlier today. "We're sorry" The said photos API is generally only used for granting apps access to one's Timeline photos on the world's largest social media network, whereas every other image from one's profile — including those uploaded to albums by other people, content from Stories and Marketplace — should be off limits. Facebook says it discovered the bug on its own, i.e. one of its internal security teams did, and has yet to find any evidence of the vulnerability being abused by third parties. "We're sorry this happened," Mr. Bar said in a prepared statement, without providing an explanation on how the bug came to be. What he did say is that Facebook will be providing its app developers with tools designed to help them determine which of their users might have been affected and had their photos accidentally harvested. The tools will roll out next week and also come packed with an option for deleting the involuntarily shared photos in a straightforward manner. What's presently unclear is whether Facebook is looking into the possibility that some of the accidentally collected images were used for malicious purposes. The social media juggernaut also didn't clarify why it took nearly three months to disclose the existence of the bug, though such a delay isn't unusual when it comes to cybersecurity vulnerabilities and the firm was likely looking into the extent of the issue before opting to go public with it. Users potentially impacted by the newly disclosed bug will be notified of the development via a standard Facebook alert sent via a push notification. The notification will contain a link to the service's Help Center where they'll be able to see which particular apps possibly collected photographs they didn't agree to share. As is the case with the vast majority of data exposures Facebook failed to prevent in recent times, the newly confirmed vulnerability was inherently tied to Facebook Connect, the tool used for accessing apps and web services within and outside of the company's online ecosystem. A pre-emptive justification Regarding images attached to incomplete posts Facebook admitted to storing as part of today's disclosure, the company quickly went on to clarify it only saves such content for up to three days, then purges it from its servers. The reason for such policy to exist has to do with the fact people often fail to post their photographs for a variety of reasons like lost signal and distractions, with Facebook hence looking to save them mobile data and time in case they decide to revisit their incomplete posts in the immediate future, according to the company. While this clarification initially wasn't provided alongside the disclosure of the photos API bug, Facebook added it to the communication within hours of first publishing it, presumably as it was expecting public backlash for what could be interpreted as yet another privacy-invasive practice on its part. No end in sight While the Cambridge Analytica debacle is by far Facebook's largest privacy scandal of the year, numerous smaller gaffes such as the newly disclosed one keep emerging. The nature of software development makes no system perfect and new bugs always appear as apps and services get upgraded and revamped, though Facebook still isn't showing signs of reacting to such issues in a timelier manner like it repeatedly pledged to do over the course of this year, largely in response to the Cambridge Analytica episode. "We must do better" was the message the company's top executives including CEO Mark Zuckerberg and COO Sheryl Sandberg voiced on countless occasions in 2018, though the details of how that needed improvement is meant to happen remain slim. What remains to be seen is how many users in California and the European Union were affected by the issue Facebook confirmed today seeing how those two jurisdictions have strict data privacy laws with specifically defined disclosure periods which may or may not have been broken in this case. The latest development is yet another piece of evidence suggesting not even the world's best-funded platforms are immune to data leaks. On the contrary, as the complexity of online services increases, so does the number of moving parts, i.e. chances for something to go wrong. Even when things are working as intended, the human error factor is always a risk. In the case of Facebook in particular, that issue can materialize in the form of "dead" apps leeching data long after users stopped relying on them, though the world's largest social media platform has recently undertaken steps meant to address that possibility and automatically revokes access to user info from apps that went unused for a certain period of time (usually several months). But new regulations are on the horizon Moving forward, Facebook can expect more regulatory scrutiny in regards to how it collects, manages, stores, and utilizes data from its over two billion users around the world. Following its own scandals and debacles from other Internet giants like Google, Capitol Hill seems keener than ever to enact federal-level legislation meant to protect American citizens from having their privacy compromised, intentionally or not. California already started the trend earlier this year with the toughest privacy law in the country, though the Silicon Valley and other digital companies are presently lobbying for federal legislation in order to avoid a scenario wherein they have to create and maintain 50 different privacy policies. On the other side of the pond, the EU's General Data Protection Regulation is facing its first judicial tests after watchdogs filed complaints against numerous Internet companies, including both Google and Facebook.
#Google #Android #Smartphones #OS #News @ndrdnws #ndrdnws #AndroidNews

Popular Posts:

Do more from your inbox with Gmail Add-ons

-
Image
For many of us, email is mission control—the prompt to generate an invoice, prepare a presentation or follow up on a sales opportunity. With so many to-dos, imagine if you could complete these tasks directly from your inbox without interrupting your workflow. We believe email can do more, which is why we're launching Gmail Add-ons, a new way to work with your favorite business apps directly in Gmail. Gmail Add-ons, built for your workflows Rather than toggling between your inbox and other apps, use add-ons to complete actions right from Gmail. With Gmail Add-ons, your inbox can contextually surface your go-to app based on messages you receive to help you get things done faster. And because add-ons work the same across web and Android, you only need to install them once to access them on all of your devices. Click the settings wheel on the top right of your inbox and then "Get add-ons" to get started. We made Gmail Add-ons available in developer p
Continue Reading....

Apple is postponing new iOS features in favor of reliability and performance

-
Image
Apple has decided to postpone new features in iOS in favor of improving the reliability and performance of the operating system, as according to a report by Axios. According to the report, Craig Federighi, Senior Vice President, Software Engineering, announced the revised plan to employees at a meeting earlier this month. This pushes features like refresh of the homescreen and in-car user interface, improvements to core apps like Mail and camera experience to 2019. What we will get this year is improvements to AR, digital health and parental controls. Apart from that, the OS will largely feature improvements to performance and user experience. We have seen Apple do this with macOS in the past, where they dedicate one entire update cycle to just refining the OS and make existing features work better. However, we have never quite seen Apple do that on iOS. This is largely due to the hyper competitive nature of the mobile market where competition and customer demands push companies t
Continue Reading....

This is Samsung’s official spec sheet for the Galaxy S8 and S8+

-
Image
The Galaxy S8 and Galaxy S8+ have finally been unveiled, and our hands-on experience with the devices is available for everyone to see. Everyone has a pretty good idea about the devices’ specifications at this point, but for those wanting to see it, we have added the official spec sheet offered by Samsung below. Remember, detailed specs are also available from our devices page . Oh, and don’t remember to take a look at what we think about Samsung’s new flagships .
Continue Reading....

DJI Mavic Air: could this be the definitive drone?

-
Image
DJI showcased its new Mavic Air drone in New York. The third quadcopter in this series is of similar quality to its predecessors and can also fold its arms for better portability. For its size, no competitor offers so much in terms of photo quality. Release date and price The DJI Mavic Air can be ordered through the official DJI website  and is also available from other retailers. The drone is available in three colors: marengo grey, white and red. We can buy the Mavic Air in a basic pack with remote control, protections, charger, cover, propeller replacement and a battery from US$799 (£769 in the UK). Often, one battery is not enough so there is a more complete pack available with three batteries, charger for four batteries and two propeller replacements from $999 (£949 in the UK). The red model reminds me of a Porsche. / © AndroidPIT Design and build quality In essence, it is th
Continue Reading....

Jurassic VR - Google Cardboard

-
Image
Jurassic VR - Google Cardboard Rabbit Mountain Adventure VERSION/BUILD: 1.6.4 UPDATED: 28 January 2018 REQUIRES ANDROID: 4.4 and up FILE SIZE: 66.4 M Walking with the dinosaurs! Roam the earth and experience prehistoric times in Virtual Reality. Celebrating 4+ million downloads! Have you ever wanted to meet Dinosaurs in real life? Experience the ultimate dino ride with Jurassic VR - Google Cardboard Freely roam the open environment en poke round the beautiful cedar evergreen trees to see huge dinos come to life. You can go to any point and see the sites and dinos in VR. Players get to experience the site at their own pace and the mission is simple; enjoy and discover the world of prehistoric dinosaurs before the modern world cities were built. It's like a virtual reality attraction traveling you back to prehistoric times! The ultimate experience There is no need anymore to become an archaeologist and dig the earth
Continue Reading....