For anyone interested in privacy and security it’s been difficult in the past couple of days to avoid the congressional hearing and Mark Zuckerberg’s testimony on the Cambridge Analytica data story. In between some of the amusing back-and-forths as Zuckerberg tried to explain basic concepts of how “the internets” works to people with zero technical comprehension, and beyond the hype of the media circus around the hearing, there feels like a fundamental shift in the way certain online activities will be perceived.
At the core of this story is the use of apps on Facebook, and the use of Facebook credentials to login to other services – either embedded on the site or elsewhere. Users were invited to login into “This Is Your Digital Life” to learn interesting things that could be shown from their online data… and of course immediately provided all their data to that system as part of the process.
This post looks at the news story from the perspective of REFEDS and CSIRT work, and how research and education has been working to ensure services offered by us do not fall into the same trap.