Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
89% of Android Users Didn't Consent to Facebook Data Collection
Threaded  |  Newest First  |  Oldest First
Pyker42
100%
0%
Pyker42,
User Rank: Strategist
4/10/2018 | 10:56:30 AM
Comment
I think that should read 89% of Android Users didn't know they consented to Facebook data collection.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
4/10/2018 | 12:43:26 PM
Re: Comment
Important point.  In general, TOS have been very unfair to consumers.  It's not enough to include wording such as "Read the Terms of Service and Privacy Statements carefully before...".  For starters, how many consumers have the ability to evaluate what's written, as the contract law professionals who wrote it? Also, the more comprehensive the TOS agreement, the less likely consumers are inclined to read through it, or comprehend what of it pertains to them. 

 

Another factor is that a number of such services are, de facto, compulsory: events, webinars, conferences, etc., which are available exclusively through such services.  Does it matter what the TOS says, or if it's read, if there is no real choice but to accept? 
Pyker42
50%
50%
Pyker42,
User Rank: Strategist
4/11/2018 | 11:17:19 AM
Re: Comment
While I agree that TOS and EULA contracts are heavily weighted to favor the companies issuing them, that doesn't negate the fact that most users never read eaither before proceeding. Android is especially easy with permissions. Every new app gives you general categories with specific permissions granted to that app. There is blame to be put on companies like Facebook, Google, Apple, Microsoft, etc. But there is equal blame to be put on the people who use those services without realizing the implications of the data rights they are granting these companies. I agree that such services are ubiquitous and hard to eschew all together. That doesn't absolve people of their personal responibility to conciously think about what they are doing, what they are using, and what information they are sharing.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
4/11/2018 | 12:15:19 PM
Informed consent
@Pyker42  Yes, ISVs are burdened with TOS and EULAs, as well.  Perhaps standardized agreement forms, at the  vetted distribution-store level, would help.  Part of the agreement would be that all permissions would be off by default - leaving the end user to enable each explicitly.  At the very least, the user would be made aware that all of the functionality they crave comes at a price; and that it's up to them to determine if it's worth it.  A benefit would be that while users would still have the responsibility to read the ToS/EULA/privacy notice, they'd only have to read ONE for any app they install from that store-vendor.  While that wouldn't cover the likes of Facebook, it could help the app publishers and end users.  


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-43698
PUBLISHED: 2021-11-29
An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.
CVE-2021-24918
PUBLISHED: 2021-11-29
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.
CVE-2021-24927
PUBLISHED: 2021-11-29
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
CVE-2017-20008
PUBLISHED: 2021-11-29
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-24745
PUBLISHED: 2021-11-29
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.