November 26, 2019
Related Articles (596)
The never-ending cycle of vulnerability discovery and remediation continues this week with an announcement from IBM concerning a “Droppedin” flaw in an SDK from Dropbox.
For a few days, Facebook was providing a user's phone number and address available, with the user's permission, via its Facebook Graph API. Likely fueled by distrust of Facebook's previous approaches to privacy, users and press reacted negatively to the concept. Based on this feedback, Facebook reversed its decision and neither phone or address is returned to applications at this time. Privacy is a big concern, especially for APIs, but Facebook took appropriate steps for gaining user permission. The reaction to Facebook's platform change was an overreaction, which points to a need for more granular privacy controls and a better method of granting access.
Mozilla Firefox 60, an upcoming version of the popular web browser that is expected to be released in May, will disable the W3C Proximity and Ambient Light APIs over fears that they could be abused by hackers and advertisers to, among other things, access browser data without user knowledge.