Monday, April 26, 2010

How much can I learn about you while you browse CNN?

Generally, I get my news from three sources: BBC, CNN, and Digg (oh well, not all news :-P). Today, I had a very nasty surprise when I went to CNN.

A list of my friend's facebook statuses and "groups" people had liked related to the content on the CNN homepage. Every time I refreshed the page, the groups and statuses changed. This disturbs me for two reasons that I hope don't sound absolutely crazy.

The first reason: If a person is listening over your network with something like wireshark, he now has a list of people you know just after a few page clicks. He can look these people up on facebook and get a lot of information on you just with that. Maybe a mandatory HTTPS:// on any site consuming the facebook api in the way is the way to go?

The second reason: Does this adhere to the privacy settings I set? or does this adhere to the friends who can see me when logged in? If my statuses are being sent onto a web site like that, that would make me incredibly uncomfortable.

I have gone to great lengths to make sure what I put on face book stays on facebook. These gadgets are poking up everywhere, and simple javascript exploits could gather this data, let alone trojans, activex controls, or rogue BHO's.

Am I just being too paranoid?

And just FYI: If you ever need any info on people, it's scary how much info you can get from facebook not even being their friend.

EDIT: Ok, I did some research using wireshark. I was successfully able to capture my Facebook integer ID that they used before we all had 'usernames' and find myself. Not only that, but it was my whole facebook cookie.