There were no truly anonymous public accounts in VK until 10/29/14
Hello! I am human. A person who is interested in how it works, what he uses more often than once a day. And if there is a flaw in the functionality, I can’t share it with someone. Tritely, there is not enough patience to contain information that may be useful for a certain category of people who have the opportunity to benefit from it and share with me the knowledge of how to use such knowledge.
It all started with the emergence of thoughts about viscera, the well-known (at least in Russia), the site vk.com. Namely, how to extract the information I need about the female part of one public in order to see the best photos in their profile on one page.
The idea is simple as a door - “ either pull or push ” (“either act or hammer”). Through the site's api, we request an array of subscribers of the group “Overheard in * the name of the university *”, of course, of the female sex and a certain age. We are going through all their photos, choosing only the one that has the largest number of likes. We add the resulting link to the image to the created .html, framing it into a link to the owner's page. And then in a circle. Writing a python script took about two hours. With minimal knowledge of this language and zero vk.api.
This occupation provoked me in earnest and after an hour of looking at the results of the first script, I sat down to read the api documentation. I was interested in how the anonymity of news published on the wall of the group that speaks about the security of everything and everything that users write is determined. Fortunately, the developers have taken care of the convenience of testing the methods in the documentation. This is a tempting little window that, in response to a person’s id, can give you all his information. I constantly jumped from method to method and loudly knocked on the keyboard, already on the machine dialing on it the identifiers of my page and the page of the public “Overheard in *”.
')
When pain came to my fingertips, and every screen update seemed to throw sand in my eyes, I realized that the study was prolonged. Closing one by one tabs in the browser, each of which had one of the methods, the eye caught on the output of the simplest function wall.getById and the presence of the extend parameter, which:
“What kind of user objects” - I exclaimed in the night, waking up a roommate. Without thinking, I copy the first record id from the wall of my group and paste it into the dough mold. To which I get a logical answer that I am the author of the post.
The following identifier has already been taken from the wall of the “anonymous” group “Overheard in *”. And the first test gave the user id. It only remained to find out what kind of administrator it may be, who approved the entry sent through “Submit a news story” or it is generally the author of the post.
Three dozen consecutive requests made it possible to finally make sure that the authors of “anonymous” posts in the “anonymous” groups are in the public domain and do not interfere with writing a simple js-script that would automatically give out the author of the post with standard for vk styles.
What I just did not know about the people around me at the university. The feeling of euphoria from the fact that I have access to such information quickly changed to disgust.
Without hesitation, I decided to write in support, but due to my inexperience in bug tracking I sent a request to the usual technical support, and not to the technical one. Thus, I did not receive a proper response, and the bug was closed in an hour, during which I suffered, but I continued to read posts and see their authors.
I do not know how much it all hung in the public domain before I found this “bug”. If you think logically, then this request could easily work incorrectly since the last update of api. And this is not so little. During this time one could have done a lot of things. Now I’m sure that there can be no anonymity in VK. Give fake accounts with fake friends and fake emotions.
I’ll add a preface to my next post. I was banned the other day in VK, but the trouble is that I am not a spammer, not a fake, and I don’t use means for promotion. I flew the following:
Ban for posting on the wall of my group, which at that time had 23 subscribers. The tag is absolutely free. I decided to immediately go to support VC for explanations. To which they began to ask questions in response to my questions. Still waiting for a response. But they are already apparently thinking how could a recording from a small public get to someone in the section “My Answers”
It all started with the emergence of thoughts about viscera, the well-known (at least in Russia), the site vk.com. Namely, how to extract the information I need about the female part of one public in order to see the best photos in their profile on one page.
The idea is simple as a door - “ either pull or push ” (“either act or hammer”). Through the site's api, we request an array of subscribers of the group “Overheard in * the name of the university *”, of course, of the female sex and a certain age. We are going through all their photos, choosing only the one that has the largest number of likes. We add the resulting link to the image to the created .html, framing it into a link to the owner's page. And then in a circle. Writing a python script took about two hours. With minimal knowledge of this language and zero vk.api.
This occupation provoked me in earnest and after an hour of looking at the results of the first script, I sat down to read the api documentation. I was interested in how the anonymity of news published on the wall of the group that speaks about the security of everything and everything that users write is determined. Fortunately, the developers have taken care of the convenience of testing the methods in the documentation. This is a tempting little window that, in response to a person’s id, can give you all his information. I constantly jumped from method to method and loudly knocked on the keyboard, already on the machine dialing on it the identifiers of my page and the page of the public “Overheard in *”.
')
When pain came to my fingertips, and every screen update seemed to throw sand in my eyes, I realized that the study was prolonged. Closing one by one tabs in the browser, each of which had one of the methods, the eye caught on the output of the simplest function wall.getById and the presence of the extend parameter, which:
1 - returns user and group objects needed to display records.
“What kind of user objects” - I exclaimed in the night, waking up a roommate. Without thinking, I copy the first record id from the wall of my group and paste it into the dough mold. To which I get a logical answer that I am the author of the post.
profiles: [{ id: ..., first_name: '...', last_name: '..', sex: 2, screen_name: '...', photo_50: 'https://pp.vk.me/...6/03x2dhL_vJw.jpg', photo_100: 'https://pp.vk.me/...5/pS255B-FOptk.jpg', online: 1 }], groups: [{ id: ..., name: '....', screen_name: '...', is_closed: 0, type: 'page', is_admin: 1, admin_level: 3, is_member: 1, photo_50: 'https://pp.vk.me/...8/t4GsEl0iFqM.jpg', photo_100: 'https://pp.vk.me/...7/bXGTWCaRZ7M.jpg', photo_200: 'https://pp.vk.me/...6/8SV1UFhZI9A.jpg' }] The following identifier has already been taken from the wall of the “anonymous” group “Overheard in *”. And the first test gave the user id. It only remained to find out what kind of administrator it may be, who approved the entry sent through “Submit a news story” or it is generally the author of the post.
Three dozen consecutive requests made it possible to finally make sure that the authors of “anonymous” posts in the “anonymous” groups are in the public domain and do not interfere with writing a simple js-script that would automatically give out the author of the post with standard for vk styles.
What I just did not know about the people around me at the university. The feeling of euphoria from the fact that I have access to such information quickly changed to disgust.
Without hesitation, I decided to write in support, but due to my inexperience in bug tracking I sent a request to the usual technical support, and not to the technical one. Thus, I did not receive a proper response, and the bug was closed in an hour, during which I suffered, but I continued to read posts and see their authors.
I do not know how much it all hung in the public domain before I found this “bug”. If you think logically, then this request could easily work incorrectly since the last update of api. And this is not so little. During this time one could have done a lot of things. Now I’m sure that there can be no anonymity in VK. Give fake accounts with fake friends and fake emotions.
I’ll add a preface to my next post. I was banned the other day in VK, but the trouble is that I am not a spammer, not a fake, and I don’t use means for promotion. I flew the following:
Ban for posting on the wall of my group, which at that time had 23 subscribers. The tag is absolutely free. I decided to immediately go to support VC for explanations. To which they began to ask questions in response to my questions. Still waiting for a response. But they are already apparently thinking how could a recording from a small public get to someone in the section “My Answers”
Source: https://habr.com/ru/post/366799/
All Articles