Connect with us

Technology

Facebook exposes ‘god mode’ token miscreants could use • The Register

Updated Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users’ Facebook data to potential theft.

“If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user’s Facebook data,” explained Francois Marier, a security engineer at Brave, in a GitHub Issues post. “The API used by the extension does not cause Facebook to show a permission prompt to the user before the application’s access token is issued.”

However, the developer of the extension, Loc Mai, told The Register that his extension is not harvesting information – as the extension’s privacy policy states. The extension currently has around 700,000 users.

“The extension does not collect the user’s data unless the user becomes a Premium user, and the only thing it collects is UID – which is unique to each person,” explained Mai.

Mai said the extension stores the token locally, under localStorage.touch. That presents a security risk but isn’t indicative of wrongdoing. L.O.C. continues to be available through the Chrome Web Store.

However, a malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher Zach Edwards describes as “god mode.”

God mode

In an email to The Register, Mai explained that Facebook’s Graph API requires a user’s access token to function. To obtain that token – so users of the extension can automate the processing of their own Facebook data, like downloading their messages – the extension sends a GET request to Creator Studio for Facebook. The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.

Mai elaborated on this in response to Brave’s GitHub post. “The access token is within the HTML of that page. Any Facebook user can really just go to view-source:https://business.facebook.com/creatorstudio/home and view the access token in there.”

Edwards told The Register, “Facebook faced nearly an identical scandal in 2018 when 50 million Facebook accounts were scraped due to a token exposure.” And yet Facebook appears to consider this data dispensing token to be a feature, not a bug.

Mai provided The Register with a copy of the April 9, 2019 email he used to report a token disclosure issue at a different endpoint that enabled the same sort of data access. The response from Facebook security was, “In this case, the issue you’ve described is actually just intended functionality and therefore doesn’t qualify for a bounty.”

“Facebook seems to have not learned their lesson from 2018 and is still exposing a plain text god mode token for every user, on a niche page that specific developers know about,” said Edwards. “Facebook calls this a feature, but when the first extension developer scrapes and steals data from countless pages and users, will that be when Facebook finally admits it’s a bug just like the 2018 problems?”

The Register asked Facebook about the situation and about whether, as Edwards suggests, the company intends to revoke all the tokens obtained from its Creator Studio endpoint. We’ve not heard back.

Mai said he made the extension to help friends who were thinking of quitting Facebook. The L.O.C. extension, which has more than 700,000 users, lets people download their Facebook conversations, change their post privacy settings, find and remove friends, and other functions.

Mai said he has been banned from Facebook and added the company has contacted him to accuse him of transferring or sharing user data without consent – “I have never done this” – and of buying, selling, or exchanging site privileges such as likes, shares, and other aspects of engagement tracked by Facebook and Instagram – which he also denied.

However, he said, he’d consider removing his extension “if Facebook was more reasonable with my Facebook account and Instagram account and if they provided me with better reasons why my extension is harmful for others.”

The Register asked Brave whether it intends to reconsider its ban of L.O.C. based on Mai’s explanation of what’s going on. A Brave spokesperson said, “We’re working with the extension author on some changes to the extension so that it can be unblocked in Brave.”.

Improper extensions still an issue

Edwards said Facebook’s Terms of Service falls short here because while the company insists people use its app platform, it doesn’t prevent people from using browser extensions.

And this gap that exposes user data is compounded by the way Chrome extensions currently work. As Edwards describes it, Chrome extensions can request permissions on one domain you control and on another you don’t, and then open a browser tab upon installation that creates an opportunity to scrape API tokens and session IDs for various different types of apps.

“Facebook just happens to have a legacy web permission hardcoded into a page on their ‘creator studio’ they built, which makes it possible for someone who controls one of these extensions to scrape hundreds of thousands of Facebook tokens, without ever signing up for the Facebook developer program and using the correct/native Facebook app/dev sharing features,” explained Edwards.

“Basically, Facebook can’t ‘ban’ an extension, even if Facebook knows the extension should not be allowed to request permissions on facebook.com and their own team thinks it’s malicious,” he added.

“And currently, Google doesn’t want to acknowledge that the [Chrome App Store] is overrun with developers requesting permissions on two domains, one they control and one they don’t. This is the practice that just needs to stop as fast as possible or be acknowledged publicly by Google so they can explain any future fixes to prevent these problems.”

Edwards said between the broad scope of Chrome extension permissions and the bewildering decision by Facebook to keep this “god mode” token embedded on a page for years after being altered to the problem, it’s a perfect storm for data theft. ®

Updated to add

After this story was published, a Meta spokesperson emailed to say, “We’re looking into these claims and will take action as appropriate to uphold our policies and protect people’s information.”



Source link

Global Affairs

How Entrepreneurial Mindset Is Necessary For Startup Triumph

Entrepreneurial Mindset & Startup Triumph

The Voice Of EU | In today’s dynamic world of startups, achieving exceptional growth isn’t a one-shot endeavor. It demands more than a stroke of luck or a hidden formula; it requires an unwavering entrepreneurial mindset, a steadfast commitment, and consistent, sustained effort.

How Entrepreneurial Mindset Is Necessary For Startup Triumph

Picture Credits: PS Vault

In the subsequent sections, I’ll dissect five crucial factors to high-performance growth psychology that can steer your startup towards unprecedented success.

1. The Primacy of Communication

In the quest for growth, it’s commonplace for companies to prioritize feature development over precise language. Yet, this approach is fundamentally misguided. Language should precede all else.

The words you choose to articulate your product and company not only define your identity but also establish user expectations. Your choice of language wields significant influence, shaping how users perceive and engage with your offering. For example, a ridesharing service becomes exponentially more appealing when it promises a ride in four minutes or less.

User-Centric Empathy

Successful Founders distinguish themselves by their ability to think beyond their product and focus on the users. It’s imperative to understand how users think and feel, considering the intricate web of their lives.

To truly stand out, you must ask, “What does my product mean to them, and how does it fit into their world?” Behind every thriving tech company lies a profound insight into human psychology, a key that resonates with users’ needs and desires.

Perpetual Motion

In a landscape dominated by industry giants, speed emerges as your greatest ally. Much like the ancient shrew that thrived through ceaseless motion, startups must embrace a similar philosophy, “be creative, be dynamic.”.

To navigate the whirlwind of rapid changes and outmaneuver larger competitors, you must be in perpetual motion. Swift experimentation, rapid iteration, and an unwavering forward momentum are the cornerstones of sustained growth.

The Embrace of Data

Commitment to measurement is the engine driving growth. Being truly data-driven is not merely a buzzword, but a fundamental philosophy. Devoting substantial engineering resources to measurement, up to half of your total, demonstrates a genuine love for data. It should be an integral part of your company culture, displayed prominently for all to see. Your daily stats should be a source of pride and a testament to your dedication to growth.

Resilience in the Face of Setbacks

Failure is a constant companion on the path to growth. Embracing a mindset that can endure these setbacks is crucial. Most initiatives will yield negative outcomes, and being able to move forward despite this is paramount.

It’s a psychology of resilience, encapsulated in the saying, ‘Success is going from failure to failure with no loss of enthusiasm‘. This grit and determination are the keys to achieving substantial growth.

Implementing Growth Psychology

To instill these growth-oriented mindsets in your team, consider the following steps:

1. Teach the mentality, particularly the willingness to endure repeated small failures.

2. Clarify that every member is directly responsible for growth, regardless of their official role.

3. Provide your team with the authority to drive product changes and allocate resources for growth.

4. Encourage your team to be more aggressive in pushing growth boundaries.

5. Keep taking big swings and be open to creative, high-risk strategies.

Ultimately, growth is a collective effort, but it hinges on the psychology of the CEO. Founders shape their startups through consistent actions and decisions.

Cultivating the right growth psychology can be the difference between sluggish progress and exponential success. It empowers your company with data-driven visibility, constant momentum, and the audacity to aim for 1000% growth.

If you’re in the latter camp, reach out to us to explore further opportunities for growth.


We Can’t Thank You Enough For Your Support!

— By Raza Qadri | Business, Science & Technology Contributor “The Voice Of EU

— For more information: Info@VoiceOfEU.com

— Anonymous news submissions: Press@VoiceOfEU.com


Continue Reading

Current

4 Ways AI Is Transforming Social Media Marketing

Rebecca Barnatt-Smith explains how marketers and content creators can use AI-powered predicative analytics, content personalisation and scheduling tools to create successful social media campaigns.

Is artificial intelligence (AI) the next big thing for social media marketers?

With over 4.26bn social media users to serve, AI is set to transform targeting and improve content personalisation for a more focused marketing future.

AI is not a new phenomenon in the marketing world. When surveyed, over 56pc of chief marketing officers (CMOs) said they use automated assistants for content personalisation and tracking consumer insights. AI-driven social strategies are just the next step in a fast-approaching digital future of campaigning.

However, could a push for AI-infused social campaigns pose ethical concerns for future marketers? From breaching consumer privacy to decision system bias, with great technology comes great responsibility.

Here we look at AI’s impact on social media marketing and discuss some of the best AI-infused platforms that are tipped to lead social strategies in 2023.

How can AI improve your social media?

Using AI, you can quickly segment large demographics into targeted groups, track viral trends and schedule personalised content responses in seconds.

If you want to compete against commerce giants and industry leaders, your social content should be consistent, compelling and customised to each and every consumer. Here are some insights into how AI can help.

Content personalisation

In 2023, 73pc of shoppers expect brands to offer them a personalised experience and content that speaks directly to their values. AI can enhance a brand’s personalisation potential in a number of ways.

Automatically harvesting behavioural and historical consumer data, AI-generated platforms can quickly learn about a user’s interests and predict what products or services they’d be most likely to interact with, resulting in a hyper-individualised experience that can boost engagement and increase the chances of conversion.

However, with 69pc of consumers now concerned about how their data is collected and used on mobile apps, it’s important to use content personalisation tools with caution.

“As consumers continue to learn and become more informed about their data rights and how their data is currently used, I expect we’ll see more and more calls from consumers to have their data protected,” claims Swish Goswami, CEO of browser extension platform Surf.

The key here is to keep your consumers in the loop. Give your followers a chance to choose what they share, and make sure the data you collect is transparent. Personalised ads, posts and targeting is a business game changer, as long as you have consent.

Automated content posting

Creating content for your brand is the driving force behind audience engagement.

While experts recommend that brands upload social media content daily, this process can be time-consuming. Using AI-driven social media tools, marketers can feel the pressure drain away, as automated assistants not only create original content formats but automatically schedule them too.

For example, AI-infused content planner Sprout Social can generate personalised tweets that reply to fans and followers in seconds. Instead of physically manning social channels and checking for replies, Sprout Social monitors a brand’s comment section before analysing the tone and sentiment of a reply. Sprout can then suggest an auto-response that aims to carry on the conversation between the brand and the consumer.

While automatic replies can pose ethical questions about a brand’s true identity, Sprout Social ensures that before an automatic reply is posted, the social media manager is able to review and edit the content. This guarantees that the brand’s voice still has a human tone when connecting with its audience.

Hubspot is also a nifty tool to have under your belt, especially if you’re struggling to develop new content ideas. By simply pasting a content link into Hubspot’s content generation feature, it uses AI to quickly analyse the metadata and create an original social post.

Social media advertising

Social platforms are the perfect vessels for advertising success. Whether you choose TikTok or Instagram, with the ability to post a pop-up on a user’s scroll-down feed, or a sponsored TikTok that blends seamlessly into a For You Page, social channels allow for a more organic future of ad placement.

However, with so many brands utilising social media, it can be hard to make your ad stand out from the crowd. Your ads must be full of compelling captions, quick links to your online store and contain a personalised hook for your target consumer.

Using AI, brands can optimise their ad performance on social channels. With the ability to analyse historic campaigns and current trends among industry leaders, AI-driven ad tools such as Sprinklr can make recommendations for smarter campaigns that drive better results.

Also, AI-infused ad strategies are more likely to be personalised to each user’s feed. AI tools like Phrase can generate customisable ad phrasing that adapts to target individual customers. This is a great way to ensure your ad captions remain fluid and speak directly to a diverse set of leads.

Predictive analytics

While it’s easier than ever to track social media performance, acting on your results can be tricky. AI-generated monitoring tools utilise the data harvested on content engagement, clicks and consumers, and turn these insights into predictions for new campaigns, content formats and new target groups to work on.

The key here is to take these predictions and turn them into content campaigns that frame the values of your brand. It’s also important to do your own research before jumping into an AI-generated content campaign, as just like humans, AI can have a decision system bias.

“AI is fallible and in a perfect world should be used critically, responsibly and democratically,” says Annie Brown, founder of the creative sharing platform Lips. “AI is only as fair and accurate as the algorithm, and the algorithm is only as fair or accurate as the human-generated information it gathers.”

For example, if the only data your AI tool collects is from a specific consumer group, it’s likely to inherit the same biases. Therefore, it’s important to perform your own content research if you want your brand voice to remain objective on social media.

However, with more data to inform their strategy, brands that use AI to influence their social campaigns are more likely to see higher conversion payoffs.

As social platforms continue to become more visual, AI can also enhance video and image analysis. For example, AI algorithms can now identify certain aspects of Instagram images and TikTok videos, making it easier to gather more data on a user’s interests and behaviours.

Visual analytics could help a brand improve its content styles as AI tools learn more about audience preferences and the formats going viral.

Could AI take social media marketing to the next level?

AI can enhance the experience a consumer has with a brand on social media. With predictive analytics at play, the content targeted users receive is more likely to speak directly to their values.

While there are still ethical concerns surrounding an AI-infused future of campaigning, there’s hope on the horizon for data-sharing transparency and the impact of algorithmic biases as both consumers and marketers take control of how data is gathered and shared.

As machine learning gets even smarter, the possibilities are endless for brands that want to get close to their leads. From automated responses to automatic content creation, the future of social media marketing is AI-driven.

By Rebecca Barnatt-Smith

Rebecca Barnatt-Smith is a freelance content writer and multi-media marketing executive at Solvid Digital, specialising in social media trends and widespread digitalisation in the marketing sector.


Continue Reading

Current

A New Era of Flight: Alef Aeronautics’ Flying Car Receives FAA Certification

Alef Aeronautics’ Flying Car Receives FAA Certification

By RAZA H. QADRI (ALI)

In a world where futuristic visions of flying cars have long captured our imaginations, a new era of flight is about to take off. On June 12, 2023, the Federal Aviation Administration (FAA) issued a Special Airworthiness Certificate to Alef Aeronautics, granting their flying car model the official approval to take to the skies.

This marks a pivotal moment in the history of advanced air mobility (AAM) and represents a significant step towards revolutionizing transportation as we know it.

The Concept and Creation of Model A

Alef Aeronautics, a California-based company, began working on the concept of their flying car in 2015, driven by a vision of safe and efficient urban air mobility. The result of their innovative efforts is the Model A, a road-legal passenger car designed to accommodate two occupants. The Model A boasts an impressive driving range of 200 miles (322 km) and a flight range of 110 miles (177 km), making it a viable option for short-to-medium distance travel.

The sleek and compact design of the Model A is intended to resemble a regular car, ensuring that it can seamlessly blend into everyday life. One of the standout features of this futuristic vehicle is its ability to achieve vertical take-off and transform into a biplane midflight. The doors of the Model A serve a dual purpose, cleverly converting into wings that allow for a smooth transition from ground to air. This innovative design not only promises a thrilling flying experience but also aims to dramatically change the way we commute.

Technological Challenges and Safety Concerns

While the Model A holds great promise for the future of transportation, numerous technological challenges remain to be overcome. Jim Dukhovny, the Chief Executive of Alef Aeronautics, acknowledges that some components required for the flying car’s design do not currently exist in the world. The development of highly specialized propeller motor systems is crucial to avoid differential stress and ensure the safety and stability of the flying car. Balancing size, weight, and price constraints presents further hurdles in making these vehicles accessible to the public while maintaining their safety standards.

'City of Future Mobility' by PS Art - Voice of EU
‘Future of Air Mobility’ by PS Art — ‘THE VOICE OF EU’

Despite these challenges, the Model A is poised to undergo manufacturing in 2025 or early 2026, with vehicles already available for pre-order. The current price tag stands at $300,000 (£246,000), but Alef Aeronautics aims to scale down the cost to $35,000 or £28,700 per vehicle in the future. However, ensuring a seamless transition from ground to air remains a complex issue that needs to be addressed to guarantee passenger safety during take-off and landing.

Regulation and Infrastructure

As the concept of flying cars inches closer to reality, the focus shifts towards ensuring a smooth integration of this new mode of transportation into urban landscapes. Urban air mobility operations will primarily be overseen by a country’s air navigation service provider (ANSP), such as the FAA in the United States. The ANSP holds full jurisdiction over the nation’s airspace operations and is responsible for certifying new aircraft types after rigorous safety reviews.

According to a blueprint report published by the FAA, the initial implementation of flying car operations will leverage existing regulatory frameworks and rules, such as visual flight rules and instrument flight rules, as a basis for enhanced aircraft performance and higher levels of autonomy. However, several concerns need to be addressed, including noise, pollution, security, sustainability, and cost. The issue of who will drive these flying cars and whether passengers will need a license also requires careful consideration.

Trajectory Planning and Noise Pollution

One of the significant concerns surrounding the advent of flying cars is the potential for collisions and noise pollution. With these vehicles traveling at high speeds, ensuring precise path and trajectory planning becomes essential to avoid accidents. However, to date, there are no provisions for flying car trajectory route planning, necessitating robust research and technology development to address this challenge.

Moreover, designing flying cars to be exceptionally quiet presents another obstacle, particularly when large-scale commercial operations could involve hundreds of take-offs and landings every hour. Electric propellers and other propulsion design elements can mitigate noise pollution, but strict government regulations may be necessary to control noise levels effectively. Drawing on metrics from traditional airplanes and helicopters, guidelines for air infrastructure can be adapted to curb noise pollution.

Equitable Access and the Future of Flying Cars

As the reality of flying cars draws nearer, ensuring equitable access to this mode of transportation becomes paramount. Initially, air taxis may primarily serve densely populated areas, offering a convenient and efficient solution for peak commute times in cities like central London or New York City. However, cost considerations may limit access, making these services accessible mainly to affluent travelers.

Addressing this concern, the Los Angeles Department of Transportation (LADOT) collaborated with Arup, a British firm specializing in design, engineering, and sustainability services, to develop a report on urban air mobility policy framework considerations. Emphasizing the importance of treating flying cars as a funded municipal service and a public good, this report suggests that once the proof of concept is established, rigorous testing has taken place, and safety risks are mitigated, advanced air mobility services should function as a community-wide asset, similar to libraries, schools , airports, or roads.

By viewing urban air mobility as an essential public service, cities can play a crucial role in establishing rules and regulations to ensure safe and equitable access to flying car services.

Los Angeles, A Potentially Early Adopter

With its legendary traffic congestion, Los Angeles has emerged as a city with significant potential for embracing flying cars as a solution to its transportation woes. The promise of faster, traffic-free commutes is undoubtedly enticing for Angelenos. However, it is essential to manage expectations, as urban air mobility will not entirely eliminate congestion. Instead, the focus should be on utilizing air taxis strategically in densely populated areas during peak hours to optimize their impact.

NASA and FAA’s Partnership

As the world gears up for the new era of flight, significant progress is being made through collaborative efforts. NASA, along with the FAA, university researchers, and industry leaders, has joined forces to develop software tools that model and predict AAM noise. This initiative aims to assist manufacturers in designing quieter vehicles to minimize noise pollution in urban environments. By exploring human response to low-level noise and understanding the threshold for “broadband noise,” NASA seeks to predict the combined sound generated by multiple flying cars in flight simultaneously.

The Road Ahead

The journey towards incorporating flying cars into our daily lives remains a complex and multifaceted process. Addressing technological challenges, ensuring safety during transitions from ground to air, and managing noise pollution are just some of the hurdles that must be overcome. Regulatory bodies and urban planners will play a pivotal role in defining the future of urban air mobility, establishing guidelines for air infrastructure, and implementing necessary rules to guarantee a safe and seamless experience for all.

While flying cars are often seen as the epitome of futuristic innovation, it is crucial to ground these advancements in practicality and feasibility. Economies of scale will likely play a significant role in making flying cars more affordable over time, eventually broadening their accessibility beyond the wealthiest travelers. As with any transformative technology, public acceptance and engagement will be essential to ensure the integration of flying cars as a valuable addition to our transportation ecosystem.

As the Model A prepares to take its maiden flight, it represents not only a significant milestone for Alef Aeronautics but also for the entire field of advanced air mobility. The dream of a future where flying cars dot the skies may soon be closer than ever before, bringing a new era of transportation and endless possibilities.

In conclusion, the FAA’s certification of Alef Aeronautics’ flying car marks a crucial turning point in the history of air mobility. While significant challenges and complexities lie ahead, the progress made by companies like Alef Aeronautics, along with the collaboration of regulatory bodies and industry leaders, pave the way for a future where flying cars become a reality in our cities. As we embrace this new era of flight, it is essential to strike a balance between innovation, safety, and sustainability, ensuring that the promises of flying cars are fully realized and integrated into our lives in a way that benefits all members of society. The skies of tomorrow hold the potential to unlock a new dimension of transportation, ushering in a world where flying cars soar alongside traditional vehicles, revolutionizing the way we move and connect. The journey has just begun, and with each step forward, we inch closer to a future that once seemed only possible in our wildest dreams.

Read more:


Raza Qadri (ALI), founder of USADCO and Yorkshire VBT, is a distinguished science, technology and business contributor renowned for his insightful perspectives on cutting-edge innovations and their practical impact on the business landscape.

We Can’t Thank You Enough For Your Support!

— For more information: Info@VoiceOfEU.com

— Anonymous news submissions: Press@VoiceOfEU.com


Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!