Meta is seeking to take more action against data scraping with the expansion of its Bug Bounty program

Meta wants to expand its measures to detect potential misuse of user data by adding new rewards for data scraping elements to its Bug Bounty program.

Data scraping, which involves extracting user data from websites, has been a key element in various hacks and exposures of user data, and Meta itself suffers some of its biggest PR headaches due to unauthorized use of user data insights.

As Meta explains:

We know that an automated activity designed to collect people’s public and private data targets every website or service. We also know that this is an extremely hostile space where scrappers – whether they are malicious applications, websites or scripts – are constantly adapting their tactics to avoid detection in response to the defenses we are building and improving. As part of our larger security strategy to make scraping harder and more expensive for attackers, today we are starting to reward valid scrap bug reports on our platform.

The new program will see app researchers offer rewards to alert Meta to data scraping measures, ‘even if the data they are targeting is public’.

Which is interesting, because currently, as it currently stands, downloading public data from websites is not technically illegal, or at least there is a legal precedent for such that would allow third parties to extract public data without breaking the law. .

LinkedIn has been in the courts for several years in the fight against a company called Remove, who built the recruitment an insights tool based on abbreviated LinkedIn profile data.

LinkedIn first tried to block hiQ access to its user data back in 2017, and since then, through various lawsuits, hiQ has received several challenges that have allowed it to continue accessing public LinkedIn data, claiming that the information is indeed public, and therefore freely available.

LinkedIn has brought the case to the Supreme Court, and earlier this year was given the opportunity to once again challenge the hiQ decision. The case is still ongoing, but highlights the challenges in defining the ownership, ie the intention of the user, in relation to publicly available data.

For its part, Meta has made user data less and less accessible over time, and even more so after the Cambridge Analytica scandal, but interestingly, Meta notes here that even publicly available data scraping will be considered in its new bount program.

“In particular, we are looking to find errors that allow attackers to bypass scraping restrictions to access data on a larger scale than the product intended. Our goal is to quickly identify and counter scenarios that could make malicious actors less expensive scraping. ”

The real impetus here is in the activities of large-scale data collection and the fight against groups that seek to use user data for funds to which users have not explicitly agreed. Because again, as with Cambridge Analytica, this can cause major public relations problems for Meta and lead to more control over her practice.

Which is a good step, Meta should do everything it can to protect user data and ensure that hackers don’t steal your data and sell it on the dark web. But at the same time, it will be interesting to see how Meta implements this after being alerted to these programs via Bug Bounty.

Meta says it will now offer rewards for each discovery of publicly available user data sets:

“We will reward reports of unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII or sensitive data (e.g. email, phone number, physical address, religious or political affiliation). The reported dataset must be unique and not previously known or reported to Meti. Our goal is to learn from this effort so that over time we can expand the scope to smaller data sets.

Although in these situations, Meta will not offer direct monetary rewards to researchers, but will make donations to charity of the discoverer’s choice.

Why? Because, if Meta offered monetary rewards for discovering large sets of user data, it could also encourage hackers to create those data sets and then ask for money.

The target, however, will be a problem cash prizes for valid scraping bug reports, according to other Bug Bounty revelations.

This could be a good way to help Meta protect user data, and through it With 25,000 Bug Bounty reports in 2021, there is clearly a great deal of interest in participating, which could significantly expand the company’s network to detect such abuse.

This could play a big role in stopping the next big data leak on Facebook and helping the company improve its reputation in the long run.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button