
"Social event planning app Partiful, which calls itself "Facebook events for hot people," has firmly replaced Facebook as the go-to platform for sending party invitations. But what Partiful also has in common with Facebook is that it's collecting a tsunami of user data, and Partiful could have done better at keeping that data secure. On Partiful, hosts can create online invitations with a retro, maximalist vibe, allowing guests to RSVP to events with the ease of ordering a salad on a touch-screen."
"Given some of the speculation around the app, TechCrunch set up a new account and tested Partiful. We soon found that the app was not stripping the location data of user-uploaded images, including public profile photos. TechCrunch found it was possible for anyone, using only the developer tools in a web browser, to access raw user profile photos stored in Partiful's backend database hosted on Google Firebase. If the user's photo contained the precise real-world location of where it was taken, anyone else could have also viewed the precise coordinates of where that photo was taken."
Partiful has replaced Facebook events as a popular party-invitation platform while accumulating large amounts of user data and building a Facebook-like social graph that maps contacts, activities, locations, and phone numbers. Some users expressed concern because founders and staff previously worked at Palantir, prompting at least one boycott. Testing revealed the app did not strip location metadata from uploaded images, and raw profile photos were accessible from a backend hosted on Google Firebase. Photos containing embedded GPS coordinates could expose precise real-world locations. Almost all digital photos contain metadata such as file size and creation time.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]