Now any site can find out the address of your page in VK?
I came across a service that allows you to place on your site js-code, which determines the visitor ID without authorization. The user is completely unaware of this, because ID determination occurs when loading any page of the site without any questions about authorization.
For marketing, this opens up broad opportunities, but does not fit into my ideas about the safe transfer of personal data.
Those. for example, for example, brought you to some porn site, and after half a minute in contact, the bot writes you an offer to buy a product or service recommended for you in the drug box or wall according to the sections you visited on the site, or according to search queries through which you came to this site.
')
Any site after installing this spyware script will know almost everything about its visitors, up to the phone number if it is listed. It is clear that users themselves are responsible for what data they post to the public, but when I go to a third-party site, I do not give consent to the processing of my personal data.
The creators of the service claim: “The service does not carry out any hacking or other illegal actions. We identify an incoming person and accumulate public information. ” But I consider the fact of identification to be illegal. Correct me if I'm wrong.
Vkontakte retargeting works in a similar way, but it does not give access to profiles that fall into the retargeting group.
Maybe there is someone among the web security experts who can cover this topic in detail?
The link to the service itself is not difficult to find. The question is: how did it become possible on such a scale?
I checked the code, but I understood little. Some kind of xss magic with frames.
UPD
An invisible authorization widget is used.
For marketing, this opens up broad opportunities, but does not fit into my ideas about the safe transfer of personal data.
Those. for example, for example, brought you to some porn site, and after half a minute in contact, the bot writes you an offer to buy a product or service recommended for you in the drug box or wall according to the sections you visited on the site, or according to search queries through which you came to this site.
')
Any site after installing this spyware script will know almost everything about its visitors, up to the phone number if it is listed. It is clear that users themselves are responsible for what data they post to the public, but when I go to a third-party site, I do not give consent to the processing of my personal data.
The creators of the service claim: “The service does not carry out any hacking or other illegal actions. We identify an incoming person and accumulate public information. ” But I consider the fact of identification to be illegal. Correct me if I'm wrong.
Vkontakte retargeting works in a similar way, but it does not give access to profiles that fall into the retargeting group.
Maybe there is someone among the web security experts who can cover this topic in detail?
The link to the service itself is not difficult to find. The question is: how did it become possible on such a scale?
I checked the code, but I understood little. Some kind of xss magic with frames.
UPD
An invisible authorization widget is used.
Source: https://habr.com/ru/post/234067/
All Articles