Twitter | Search | |
Steven Englehardt
Mixpanel (an analytics service) was inadvertently collecting user passwords for months. [1/7]Some context: The Autotrack feature, which caused the leaks, allows sites to "retroactively" collect analytics on user form inputs.
Reply Retweet Like More
Steven Englehardt Feb 5
Replying to @s_englehardt
[2/7]How does one retroactively collect form inputs? From what I can tell, Mixpanel saves all input data from the time of install and uses a heuristic to filter out "sensitive fields such as password or hidden fields". The password leak was caused by a failure in that heuristic.
Reply Retweet Like
Steven Englehardt Feb 5
Replying to @s_englehardt
[3/7]In this specific case, the React library was handling passwords in a way the heuristic didn't account for. Mixpanel's announcement also hints that similar leaks may have occurred from password manager extensions changing the DOM.
Reply Retweet Like
Steven Englehardt Feb 5
Replying to @s_englehardt
[4/7]This shouldn't be thought of as a bug! Instead, it adds to the evidence that the automated scraping of user data from a page is an inherently insecure process. There is no way a heuristic-based blacklist will be able to filter all possible sensitive information leaks.
Reply Retweet Like
Steven Englehardt Feb 5
Replying to @s_englehardt
[5/7]Mixpanel offers sites a way to further redact user inputs. This might seem to solve the issue, but it's directly at odds with the selling point of the product: to make it dead simple to gather form analytics at any time.
Reply Retweet Like
Steven Englehardt Feb 5
Replying to @s_englehardt
[6/7]The effort spent by a publisher to ensure no sensitive data is collected could just as well be spent explicitly choosing the form fields from which to collect data. The latter whitelist approach is also significantly less likely to lead to unexpected leaks.
Reply Retweet Like
Steven Englehardt Feb 5
Replying to @s_englehardt
[7/7]This is surprisingly similar to the leaks we found to be caused by session replay scripts (). These scripts also scrape user data from the DOM and use a blend of automated & manual redaction. As highlighted in the post, sensitive data leaks are common.
Reply Retweet Like
Ravi Sethia Feb 5
Replying to @s_englehardt
Felt, I was reading about your old leak article itself, sadly, analytics services as they get deeper are going to be privacy nightmare only!
Reply Retweet Like