Meta baya daina sanya yatsa a kaina kuma yana ci gaba da bin diddigin masu amfani 

Darkcrizt

4 minti

Manufar, iyayen kamfanin Facebook da Instagram, bai daina amfani da duk makamai ba da suke ganin tasiri don cimma burin ku na "keɓantawa". kuma yanzu an sake keɓe shi don ayyukan bin diddigin masu amfani akan gidan yanar gizo ta hanyar shigar da lamba a cikin burauzar da ke cikin aikace-aikacen su.

Wannan al'amari ya jawo hankalin jama'a ta hanyar Felix Kraus, mai binciken sirri. A cikin cimma wannan ƙarshe, Felix Krause ƙera kayan aiki mai iya ganowa idan an shigar da lambar JavaScript a shafin da ke buɗewa a cikin ginanniyar burauzar a cikin Instagram, Facebook, da Messenger apps lokacin da mai amfani ya danna hanyar haɗin yanar gizon da ke ɗauke da su zuwa wani shafi a wajen app ɗin.

Bayan bude manhajar Telegram sai ka danna hanyar da zata bude shafi na uku, ba a gano allurar code ba. Koyaya, lokacin maimaita irin wannan gogewar tare da Instagram, Messenger, Facebook akan iOS da Android, kayan aikin ya ba da izinin shigar da layuka da yawa na lambar JavaScript da aka yiwa allurar bayan buɗe shafin a cikin burauzar da aka gina a cikin waɗannan aikace-aikacen.

A cewar mai binciken, fayil ɗin JavaScript na waje wanda app ɗin Instagram ke allura shine (connect.facebook.net/en_US/pcm.js), wanda shine lambar don ƙirƙirar gada don sadarwa tare da aikace-aikacen mai watsa shiri.

Karin bayani, Mai binciken ya gano abubuwa kamar haka:

Instagram yana ƙara sabon mai sauraron taron don samun cikakkun bayanai a duk lokacin da mai amfani ya zaɓi rubutu akan gidan yanar gizon. Wannan, haɗe tare da sauraron hotunan kariyar kwamfuta, yana ba Instagram cikakken bayyani na takamaiman bayanin da aka zaɓa kuma aka raba. app ɗin Instagram yana bincika wani abu tare da id iab-pcm-sdk wanda wataƙila yana nufin "A cikin App Browser".
Idan ba a sami wani abu mai id iab-pcm-sdk ba, Instagram ya ƙirƙiri sabon ɓangaren rubutun kuma ya saita tushen sa zuwa https://connect.facebook.net/en_US/pcm.js
Sannan yana nemo sashin rubutun farko akan gidan yanar gizon ku don saka fayil ɗin PCm na JavaScript kafin nan
Instagram kuma yana neman iframes a gidan yanar gizon, amma ba a sami wani bayani kan abin da yake yi ba.

Daga can, Krause yayi bayanin cewa allurar rubutun al'ada cikin gidajen yanar gizo na ɓangare na uku na iya, ko da babu wata shaida da ta tabbatar da cewa kamfanin yana yin haka. ba da damar Meta don saka idanu duk hulɗar mai amfani, kamar mu'amala tare da kowane maɓalli da hanyar haɗin gwiwa, zaɓin rubutu, hotunan kariyar allo, da duk nau'ikan bayanai kamar kalmomin shiga, adireshi, da lambobin katin kuɗi. Har ila yau, babu wata hanya ta musaki mai binciken al'ada da aka gina a cikin ƙa'idodin da ake tambaya.

Bayan buga wannan binciken. Meta zai mayar da martani yana mai cewa allurar wannan lambar zata taimaka wajen ƙara abubuwan da suka faru, kamar sayayyar kan layi, kafin a yi amfani da su don tallan da aka yi niyya da matakan da za a bi don dandalin Facebook. An bayar da rahoton cewa, kamfanin ya kara da cewa "don sayayya da aka yi ta hanyar burauzar app, muna neman izinin mai amfani don adana bayanan biyan kuɗi don dalilai na atomatik."

Amma ga mai binciken, babu wani dalili na halal don haɗa mai bincike cikin aikace-aikacen Meta da kuma tilasta masu amfani su ci gaba da kasancewa a cikin wannan burauzar lokacin da suke son bincika wasu rukunin yanar gizon da ba su da alaƙa da ayyukan kamfanin.

Bugu da ƙari, wannan al'ada ta shigar da lamba cikin shafukan wasu gidajen yanar gizo zai haifar da haɗari a matakai da yawa:

  • Sirri da nazari: Aikace-aikacen mai watsa shiri na iya bin ainihin duk abin da ke faruwa akan gidan yanar gizon, kamar kowane taɓawa, bugun maɓalli, halayen gungurawa, menene abun ciki da aka kwafi da liƙa, da bayanan da ake kallo azaman siyayya ta kan layi.
  • Satar bayanan mai amfani, adiresoshin jiki, maɓallan API, da sauransu.
  • Tallace-tallace da Magana: Aikace-aikacen mai watsa shiri na iya shigar da tallace-tallace a cikin gidan yanar gizon, ko ƙetare maɓallin API ɗin talla don sata kudaden shiga daga aikace-aikacen mai watsa shiri, ko soke duk URLs don haɗa da lambar mikawa.
  • Tsaro: Masu bincike sun shafe shekaru suna inganta tsaro na kwarewar gidan yanar gizon mai amfani, kamar nuna matsayi na ɓoye HTTPS, gargaɗin mai amfani game da gidajen yanar gizon da ba a ɓoye ba, da dai sauransu.
  • Shigar ƙarin lambar JavaScript zuwa gidan yanar gizon ɓangare na uku na iya haifar da al'amurran da za su iya karya gidan yanar gizon
  • Babu kari na mai lilo da masu toshe abun ciki mai amfani.
  • Haɗin kai mai zurfi baya aiki da kyau a mafi yawan lokuta.
  • Ba shi da sauƙi a raba hanyar haɗin gwiwa ta wasu dandamali (misali imel, AirDrop, da sauransu)

Finalmente Idan kuna da sha'awar sanin game da shi, zaka iya tuntuba cikakkun bayanai a cikin mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.