Better, don't put private information behind a publicly accessible link. E.g. that google doc has its own access control, don't set it to "share with anyone who has the link".
Links are leaky, think about Referer, JS to access history, DNS request, ...
Right. Don't put anything on an email, or on Facebook, that you wouldn't want the world to know. After all, it's all stored somewhere and is readable there (except if it is end to end encrypted and encrypted while at rest).
Didn't both Google and Microsoft get nailed by this with their online maps? Specifically by using short urls with no access control for distributing routes?
Minor correction if we go by my own anecdotal evidence:
> When is a link scraped and stored in Facebook’s database?
> From my testing I assume that a link is stored in Facebook’s database from the moment someone actually clicks it on Facebook. This does not apply to links shared through Facebook which no one clicks on.
Watching server logs at the time I paste the link, the link is scraped immediately. Before you even hit send immediately. I imagine they do this so that they can populate the little preview window if you've pasted something that has an og:image or other rich media. If you paste it, it's instant, otherwise if you're manually typing the link it seems to wait for you to type a space character.
Pure speculation, but it's possible you are both correct. They definitely scrape the link for a preview when you paste (or if someone's already shared it, maybe just re-use the info from a previous scrape) but probably it's not stored in their database (and thus available through the Graph API) until after it's been shared. (Or clicked on?)
Just as a general rule, I tell my kids that anything posted anywhere on the internet should be considered public. If you aren't comfortable with that, don't post it.
At some point, FaceBook, gmail, or some other instant messaging platform will be hacked and its data leaked, probably ruining lives of thousands of people.
I like iMessage for that reason -- Apple doesn't see my messages. I don't know what's happening with my email on Google's servers, or my instant messages with friends on chat apps for example, but I assume the data is stored for a long time, even if you delete it.
Just today there's news about a dating website being hacked and private messages leaked - https://news.ycombinator.com/item?id=12008234 That's with a smaller site, it's only time before one of the big boys are leaked.
13 comments
[ 2.6 ms ] story [ 40.5 ms ] threadLinks are leaky, think about Referer, JS to access history, DNS request, ...
> When is a link scraped and stored in Facebook’s database?
> From my testing I assume that a link is stored in Facebook’s database from the moment someone actually clicks it on Facebook. This does not apply to links shared through Facebook which no one clicks on.
Watching server logs at the time I paste the link, the link is scraped immediately. Before you even hit send immediately. I imagine they do this so that they can populate the little preview window if you've pasted something that has an og:image or other rich media. If you paste it, it's instant, otherwise if you're manually typing the link it seems to wait for you to type a space character.
I like iMessage for that reason -- Apple doesn't see my messages. I don't know what's happening with my email on Google's servers, or my instant messages with friends on chat apps for example, but I assume the data is stored for a long time, even if you delete it.
Just today there's news about a dating website being hacked and private messages leaked - https://news.ycombinator.com/item?id=12008234 That's with a smaller site, it's only time before one of the big boys are leaked.