When That Twinning App Leaked Everyone’s Uploaded Selfies
“All of the uploaded photos are stored in a storage bucket hosted on Amazon Web Services. We know because the web address of the bucket is in the code on the Twinning tool’s website. Open that in your web browser, and we saw a real-time stream of uploaded photos.
We verified the findings by uploading a dummy photo of a certain file size at a specific time. Then, we scraped a list of filenames uploaded during that time period from the bucket’s web address, downloaded them and found our uploaded image by searching for that photo of a certain file size. (We didn’t download any more than necessary to preserve people’s privacy.)
But like any free app, quiz or some viral web tool, it’s worth reminding that you’re still putting your information out there — and you can’t always get it back. Worse, you almost never know how secure your data will be, or how it might end up being used — and abused — in the future.”
At the very center of Facebook’s Cambridge Analytica scandal, there was an app called "This Is Your Digital Life" - a seemingly innocent app that provided a dumb little quiz for users to take “for academic use”.
I was thinking about that last week as groves of people consented to give random no-name websites access to their Instagram account in an effort to see their best posts in 2018.
And now there is this story. I hope that we can grow past falling for these frivolous data traps.