Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Openurmind; dayglored

I use Firefox with Privacy Badger and Ghostery to keep me mostly clean, but an API would be able to get around them, I suspect.

If Google is using an API would they get the information from /AppData/Local or AppData/Roaming to get around any security and track me?

This seems to be more than tracking my movement around the web.

Is there an IP address or range of addresses I could block as a simple way to thwart their intentions?


39 posted on 08/04/2024 4:49:34 PM PDT by texas booster (Join FreeRepublic's Folding@Home team (Team # 36120) Cure Alzheimer's!)
[ Post Reply | Private Reply | To 35 | View Replies ]

To: texas booster

“If Google is using an API would they get the information from /AppData/Local or AppData/Roaming to get around any security and track me?

This seems to be more than tracking my movement around the web.”

Yes, this is a real time direct API that actually carries it’s own physical IP address. Once it is active in your browser it is logging credentials and IP addresses on the fly until it is cleared from the cache. So you can’t be on youtube and still safely be logged into any other sites at the same time.

As far as /AppData/Local or AppData/Roaming I’m not sure exactly how that works, But it is tracking everything you are doing in real time and it is a high security threat for sites you are logged into or logging into. Let me explain a little better how I found it.

I was logged into our site with a fresh browser up and almost zero data cached. Only the minima data from ours. I copy and pasted a Youtube link from ours into a new tab. My Noscrip blocked all the scripts there so I had to “allow” just the one main JS or the page will not let you play the video. As soon as I went back to ours and refreshed it I got warnings from both Firefox and NoScript that Youtube was breaching logins and our site kicked me out at the same time.

We are using phpBB and it has an IP checker security feature that works on the fly. If your dynamic IP changes even while logged in using it then it kicks you out and makes you log back in again with fresh credentials to make sure it is really you the user. But here was the problem, my IP had not changed, it was the same, it was detecting a second physical address over riding mine. This should not have happened at all. The only answer can be a second user (bot) and second physical IP address.

So I cleared everything and repeated it two more times. Same thing, they have a direct API that is trying to ride in with users and logging credentials. And once it is loaded it is there until you go clear your cache. So it is not safe using your browser on any other site you log into after just visiting Youtube. I have a screenshot of the NoScript warning and it specifically says the security issue is directly from Youtube.

This has never happened before and is new. Most sites do not have that particular IP security feature phpBB has, so they have no clue it is happening. and it is hidden of course so users are clueless too. But this is serious and a cure needs to be found right away. It makes me personally not even want to go to YouTube anymore at all. It is a security risk to our domain and site let alone the privacy breach of our users.

This could allow Google and/or Google affiliates to have direct access into our site as bad actors using known trusted user’s credentials. It is just as bad for the websites as it is for the users.


44 posted on 08/04/2024 5:35:36 PM PDT by Openurmind (The ultimate test of a moral society is the kind of world it leaves to its children. ~ D. Bonhoeffer)
[ Post Reply | Private Reply | To 39 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson