Comments (1)
nopeitsnothing
commented on July 4, 2024
You should also mention things like Facebook OAuth and login security. This process grants 3rd party apps the ability to use your session tokens to takeover your account. This is common and many people assume "I've been hacked!!!1!". In reality, the app has stolen your session, and can use this to do any number of things. It can masquerade as you. It can gather details that can help pivot to fraud, in some cases.
Facebook login is a huge danger because it offers convenience over privacy and security.
For example, see their own documentation of the process:
- exposure to malware and spammers
- leaking tokens in your dev environment, if you use it for your own app
- token hijacking
- stale tokens tend to be vulnerable
- cross-site request forgery (CSRF)
- malicious redirects (malware delivery)
The list goes on. This is just for Facebook OAuth, but it applies to any OAuth entity.
When a malicious app (or "PUP", potentially unwanted program) gains a foothold, it can use that access to not only escalate its own permissions but exfiltrate data from your app or your account on the intended destination. It can then gather phone numbers, addresses, etc. in an attempt to get control of your email and phone (SIM swap) to prevent fraud alerts from reaching you.
Be careful with OAuth.
"multiple accounts are managed by a single login" seems like an oversimplification, because it applies to both the pros and cons of OAuth, and because it leaves you open to the above risks.
from privacyguides.org.
Related Issues (20)
- Shelter link broken HOT 1
- Safari incorrect information related to SIP HOT 7
- Broken link to translation service HOT 1
- Typo on Why Privacy Matters page
- Entire list item on tools.md should be clickable, not just the title HOT 1
- Forward Email not included HOT 2
- Update the Qubes OS "qube" terminology HOT 3
- Remove LibreOffice for Android and iOS/iPadOS links HOT 6
- IVPN is phasing out port forwarding, update your page accordingly HOT 2
- MacOS Sonoma Drops Support for Mail.app Plug-ins HOT 3
- Cake Pay shut down HOT 1
- 'Irrevocable' privileges of Google Play services misrepresented HOT 6
- Outdated Information HOT 1
- Skiff Mail has custom domains for free
- mullvad vpn
- Brave's Web3 settings are on one line instead of multiple with check boxes
- Dark image not working (NL/DNS/rethink) HOT 1
- AnonAddy is now addy.io HOT 2
- Number of free aliases with AnnonAddy's free plan HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacyguides.org.