Avast WEBforum

Other => General Topics => Topic started by: Charyb on April 21, 2018, 06:55:16 PM

Title: VPNs sharing data with Facebook.
Post by: Charyb on April 21, 2018, 06:55:16 PM
HideMyAss is named in this.
https://www.enterprisetimes.co.uk/2018/04/19/vpns-sharing-data-with-facebook/ (https://www.enterprisetimes.co.uk/2018/04/19/vpns-sharing-data-with-facebook/)
https://www.vpnmentor.com/blog/report-vpns-share-data-users-facebook/ (https://www.vpnmentor.com/blog/report-vpns-share-data-users-facebook/)



And, let's not forget Jumpshot which users can opt out of.
https://blog.avast.com/2015/05/29/avast-data-drives-new-analytics-engine/ (https://blog.avast.com/2015/05/29/avast-data-drives-new-analytics-engine/)


The great, year round harvest. Bravo.
Title: Re: VPNs sharing data with Facebook.
Post by: polonus on April 21, 2018, 10:08:51 PM
I sincerely hope the facebook privacy scandal(s) could lead to rethinking such schemes,
and opposition against this "a free service meaning,
you the browser user being abused for Big Data profit-optimizing.

Here a link to an article about the ongoing privacy invasion through facebook: https://www.theregister.co.uk/2018/04/19/facebook_third_party_site_login_security_leak/

Tracking firms involved in such schemes:

OnAudience -http://api.behavioralengine.com/scripts/be-init.js   User ID (hashed), Email (hashed), Gender
Augur     -https://cdn.augur.io/augur.min.js   Email, Username
Lytics     -https://c.lytics.io/static/io.min.js (loaded via OpenTag)   User ID
ntvk1.ru     -https://p1.ntvk1.ru/nv.js   User ID
ProPS     -http://st-a.props.id/ai.js   User ID (has code to collect more)
Tealium     -http://tags.tiqcdn.com/utag/ipc/
Forter     -https://cdn4.forter.com/script.js?sn=

Use NoScript or uMatrix to block such facebook-log-in personal data slurping 3rd party scripts.

What to think of this suspicious code: https://urlscan.io/result/8d4663cf-9f09-4ff4-b17d-bc086644ee77/content/

and the error or "mock" analysis here:

Quote
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
-cdn.augur.io/augur.min.js suspicious
[suspicious:5] (ipaddr:104.20.141.21) -cdn.augur.io/augur.min.js
     status referer - saved 38538 bytes ddf7121abcf24e645ab7a48bc1ac44e559e07218
     info: [decodingLevel=0] found JavaScript
     error: line:21: SyntaxError: missing } after function body:
          error: line:21: f(v)>-1&&(r("surpress",e.error),e.preventDefault(),F||(e.stopPropagation(),e.stopImmediatePropagation()))})}),u.augur=new L)
          error: line:21: ...^
     suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
above code is being blocked by uBlock Origin.

polonus (volunteer website security analyst and website error-hunter)