[mFixman]

The researchers ask people to opt in tracking a restricted amount of data, and then install an extension that has access to their entire Facebook accounts.

There is no way for Facebook or anyone else to prove that the current or a future version of the NYU's extension won't scrape more data than people agreed to.

[nemetroid]

> There is no way for Facebook or anyone else to prove that the current or a future version of the NYU's extension won't scrape more data than people agreed to.

How so? The extension is open source, anyone can audit it.

[MAGZine]

the plugins are just javascript, so verifying that is actually a trivial task. You just open the plugin and read the source. NYU could also provide the code, to make it even easier.

[mFixman]

You cannot verify that the researchers won't change the plugin to malware in the future.

[nulbyte]

You cannot verify that Facebook will not change its product to malware in the future. That it to say, at some point, you trust the software publisher in the same way you trust the service operator.

[Shared404]

> You cannot verify that Facebook will not change its product to malware in the future.

I apologize for wasting peoples time, but I can't resist taking the low hanging fruit here.

Facebook is malware.

[anchpop]

It's fine for you to trust the software publisher, that doesn't mean facebook should, especially when they're legally liable for data breaches that could result from it

[beagle3]

Wait a second. How does Facebook trust Firefox? Microsoft Edge? Safari? The other 20 extensions I have installed, three of which save a copy of every single page I visit?

They don’t. They don’t, at the least, care about anyone’s data - they just phrase it that way to sound legitimate because saying “we want no oversight whatsoever” sounds whiny, and it is. (And so does what they ARE claiming to anyone who understands the technical side).

[fredophile]

If facebook is concerned about data breaches from a browser plug-in why don't they just stop server the data to the browser? If the data is that valuable and easy to get it wouldn't be hard for someone to write malware that collects the data and phones home once in a while.