In order to make data more difficult to capture, Meta plans to recruit “bounty hunters”

On December 15th, Meta (formerly Facebook) announced the expansion of its "Bounty Program" since 2011 in response to data crawling issues.

It encourages researchers to report two situations, one is to find vulnerabilities to increase the cost and difficulty of malicious crawling behavior; the other is to find "a dead end" crawling data set, Meta will cooperate with related companies to delete the data set or seek Legal means.

Digital scraping here refers to the use of automated tools to collect a large amount of personal information from user profiles, such as email addresses, phone numbers, and personal profile photos. Although most of this information is not kept secret, crawlers can make it more widely public, publish it in a searchable database, and quickly reach millions of users.

▲ Picture from: Meta

Meta's terms do not allow anyone to automatically access and collect data. Dan Gurfinkle, Meta Security Engineering Manager, pointed out: "We are looking for vulnerabilities that allow attackers to bypass crawling restrictions to access data on a larger scale than we initially expected."

In April of this year , the personal information of more than 500 million Facebook users was posted on a hacker forum. What’s even more frightening is that the actual data capture took place a few years ago. Although Meta has patched the relevant loopholes in August 2019, When the data starts to spread online, it can do nothing but remind users to beware of spam and fraudulent information.

▲ Picture from: engadget

In October of this year, the data of more than 2.6 million Instagram and TikTok users were leaked. After the security personnel traced back, it was discovered that the data analysis company IGBlade had leaked the data. Their servers and data were not protected, which led to the leakage of the crawled data. Although this Instagram data breach was not directly caused by Meta, it also illustrates the necessity of controlling crawling behavior.

In addition, the leakage of personal information threatens not only one Facebook account, but Facebook ID is associated with many accounts and affects the whole body. These accounts are not difficult to find.

▲ Picture from: Unsplash

Each vulnerability or data set can be rewarded with at least $500. If the data set is found, Meta will donate the bonus to the charity chosen by the researcher, so as to prevent the researcher from "catch the thief" and grab the data first and then receive the bounty; if it finds a loophole, Meta will issue a monetary reward.

For databases, researchers will be rewarded for discovering "unprotected or public databases containing at least 100,000 unique Facebook user records". User records refer to personally identifiable information or sensitive data, such as emails and phone calls. Number, physical address, religious or political connection.

Since the beginning of this year, Meta has provided more than US$2.3 million in funding to researchers from more than 46 countries/regions, received a total of approximately 25,000 reports, and awarded more than 800 reports.

▲ Zuckerberg testified before Congress.

Meta claims that this is the first bounty program specifically for data scraping, but it has a reputation for inferiority in terms of privacy and security. In addition to the Cambridge Analytica scandal that settled with a $5 billion fine, there are also large and small data breaches. .

In October 2018 , Facebook was hacked, exposing the private information of 29 million users, of which 14 million users’ information is very detailed. In addition to regular information, it also includes relationship status, religious beliefs, education, work status, people you follow, Recently searched and logged into devices, etc.

▲ Picture from: Unsplash

Facebook, which "guards against theft", also likes to use data to make a fuss. It collects and uses a large amount of user data to sell targeted digital advertisements. ProPublica, a non-profit news organization, calls it "surveillance capitalism."

Ai Faner once wrote that an investigation by the Financial Times found that since Apple began implementing new privacy settings in April this year, Facebook and other four major social platforms have lost nearly tens of billions of dollars. In December 2020, Facebook criticized this privacy setting with a full-page newspaper advertisement, believing that it would harm small businesses that rely on personalized advertising.

In fact, when it comes to personalized advertising, the user is the real product on the social platform.

In March 2019, Zuckerberg announced a new “privacy-centric vision” . He took the “end-to-end encryption” model of his messaging app WhatsApp as an example. “End-to-end encryption” means only The sender and receiver can read the message, and other people and even WhatsApp officials cannot view it.

At present, all of Meta's products, and only WhatsApp claims to implement end-to-end encryption. Even WhatsApp still requires humans or AI to review whether messages reported by users violate the rules. They also review unencrypted materials, including data about senders and their accounts.

▲ Picture from: ProPublica

WhatsApp reported 400,000 possible child exploitation images to relevant authorities in 2020. Will Cathcart, head of WhatsApp, said in an interview with an Australian think tank: "I think we can definitely provide people with security through end-to-end encryption and cooperate with law enforcement to solve criminal problems."

All in all, whether for commercial purposes or security needs, almost no platform is as private as we expect. Perhaps it is essential to minimize exposure of personal information as much as possible.

Grapes are not the only fruit.

#Welcome to follow Aifaner's official WeChat account: Aifaner (WeChat ID: ifanr), more exciting content will be provided to you as soon as possible.

Ai Faner | Original link · View comments · Sina Weibo