How Facebook Ticker exposing your information and behavior without your knowledge
Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent . He explain that this is not a code vulnerability, but here the whole issue is related to users privacy.
Nelson said on his blog "This tool - monitor others began to run when it introduced a new feature called Ticker. This new feature (Ticker) does not respect the privacy settings and it now Comments (updates), add friends, likes and can be seen by others (friend *) anyone without your permission. * You really know a friend tell me if it is real or fake profile - cloned?"
Nelson Give Proof of Concept with a very creative real life scenario. Check out a live demonstration, where a "novel" explains how the issue of privacy (you can use any browser to play it).
Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent . He explain that this is not a code vulnerability, but here the whole issue is related to users privacy.
Nelson said on his blog "This tool - monitor others began to run when it introduced a new feature called Ticker. This new feature (Ticker) does not respect the privacy settings and it now Comments (updates), add friends, likes and can be seen by others (friend *) anyone without your permission. * You really know a friend tell me if it is real or fake profile - cloned?"
Nelson Give Proof of Concept with a very creative real life scenario. Check out a live demonstration, where a "novel" explains how the issue of privacy (you can use any browser to play it).
Description: This is a scenario where your online behavior can be exposed without their knowledge through the new tool in Facebook called Ticker. I used four Facebook profiles to create this POC (proof of concept), where a woman was cheating on her husband on Facebook.
Synopsis: A couple are a Facebook user, each with its own profile. One day her husband found his wife adding her ex-boyfriend as a friend and started talking to him. After her husband's become really angry, removed his wife's ex-boyfriend's profile.
The wife also discovered that all comments (updates), added Likes and friends were available in your profile (Wall - Wall) and visible to everyone her friend. She then removed all the updates (updates) and blocked new updates to be published automatically on your profile (Wall). Thus, her husband, so it could not be updated of their shares of his wife.
After Facebook launched this new tool called Ticker, a friend of the couple (as have the two friends) saw that updates the wife of his friend appear in real time ticker, and told him his wife again added the ex-boyfriend and I was talking to him, writing in his posts and vice versa. The husband checked the profile of the wife, but found nothing there. His friend said that this new tool (Ticker) lets you see updates from anyone on your list of friends, as well as users that have been noted for his friends.
What is happening? As the husband could not see anything (updates it) in the profile of his wife, but your friend can see everything from this thing called Ticker?
Video Demonstration :
The issue is now public , because according to Nelson, he reported this privacy issue to Facebook Secutiry team a few months ago and until now he haven't get any positive response from facebook. He said "Considering I respect some code of ethics (that protect society, commonwealth and infrastructure.) I think it was going completely against users desires and worth to be shared with everyone."