Untitled Document

Facebook, Google and Twitter caught monitoring URLs in messages - legitimate or spying?

by Nizar on 2013-09-09 at 10:33:56


Large Internet firms including Facebook, Google and Twitter are monitoring some web links sent between their users, including those in private communications, a research firm has confirmed. Swiss security consultancy High-Tech Bridge made the discovery by performing the simple experiment of setting up a web server hosting ‘secret’ URLs for each one of 50 services it wanted to assess. It then performed a set of common actions for each of the services to see whether any of the firms tried to access these links.

By the end of the ten-day experiment, only six of the 50 services looked at had been ‘trapped’ following the links back to the server, twice by different Google services, and one each by  bit.ly, Facebook, Formspring, and Twitter.

Two of these, Bit.ly and Goo.gl, are link shortening services which have legitimate reasons to follow added links but what about the other three?  In Facebook and Twitter’s case, the link were inside private messages, while Google’s was a link being shared with a circle that had zero members.  

All three are badly afflicted by phishing attacks on their users, and could claim to have legitimate reasons for following all links yet didn’t appear to check many other links that might generate similar security problems such as (in Google’s case) sending a link via the Talk application.

High-Tech Bridge was also careful to deter automatic link examination using a robots.txt exclusion file on its server, but only Twitter had paid attention to this.

The results of the experiment puzzled High-Tech Bridge CTO, Marsel Nizamutdinov.

“The four trapped social networks justify their activities by ‘automated verifications’.  However, it is technically impossible to verify what is really going on and how the information obtained on the user-transmitted URLs is being used,” he said.

“Today, quite a lot of web applications omit authentication and rely on temporary or unpredictable URLs to hide some content and, when users transfer such URLs via social networks, they cannot be sure that their information will indeed remain confidential.”

It’s a valid point although some will see it as being of very little significance to the overwhelming majority of web users.  Even those using temporary or secure links for personal material will probably feel untroubled; these days anyone with this need will surely be using URL authentication.

One might look turn the results around and wonder why the services examine so few links given the security problem presented by social media worms and phishing attacks.

High-Tech Bridge remains convinced that the results contain a small but important privacy warning.

“The term ‘spying’ is quite subjective here, but this can be definitely called monitoring. After, if the information obtained from such monitoring is being used ethically or not - nobody can say for sure,” said a company spokesperson.



20
Oct

Finland: Hacker illegally accessed 60,000 servers worldwide and used foreign

by Nadeer

Finland: A hacker has been arrested from Helsinki (capital and largest city of Finland) for a suspect in Illegal accessing of 60,000 servers worldwide.

Along with the servers, hacker


14
Oct

Vulnerability in Whatsapp allows decrypting user messages

by Nadeer

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages.

 Whatsapp, the mobile application for instant messaging platform has


11
Sep

7 top changes in Apple's new iOS 7 operating system

by Nadeer

Apple is touting its latest mobile operating system as the "most significant" iOS update since the original iPhone.

"Downloading iOS 7 is like getting an all-new device," said Craig Federighi,


04
Sep

Hackers Find Weaknesses in Car Computer Systems

by Nizar

As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?

In recent demonstrations, hackers have shown they can slam a car's brakes at freeway


28
Aug

Web and Mobile Interest Group Emerges from W3C to Further

by Nadeer

Everyone’s on the move these days — the mobile Web movement that is. The World Wide Web Consortium (W3C) is, too, and is adding more depth to its mission for


25
Aug

Affordable web designs that are effective

by Nizar

New article released on the effectiveness of good web design for business.

With increase in the population of IT professionals with every passing year, web development in


20
Aug

HTTPS hack

by Nizar

The HTTPS security measures that are used to protect websites are susceptible to a new attack that can extract information in as little as 30 seconds.

The method, called


19
Aug

50 BIG Social Media Stats of 2013

by Nadeer

The Social Media industry has shown no signs of slowing down, which means it’s becoming and in some cases already is a major channel


18
Aug

Hackers targeting servers running Apache Struts applications

by Nadeer

Hackers targeting servers running Apache Struts applications, researchers say 

A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said

Chinese hackers


13
Aug

Website Abandonment – How to Keep Visitors From Leaving Your

by nizar

Getting traffic is half the battle…keeping that traffic is an entirely different story.

You may have a great product, an award-winning website design, and even stellar content, but if


13
Aug

Facebook for Business to revolutionise business

by Nizar

Facebook has always considered business to be an integral part of its mission to enhance communications and because of Facebook, thousands of businesses have indeed prospered. Whether it is a


13
Aug

Majority of Internet users in Iraq have Facebook account

by Nizar

A new comprehensive survey from the Arab Advisors Group probed the media consumption habits in Iraq. The survey provides insights into the broadcast and online media