For the past two years, Wish.com has been transmitting millions of email addresses, in base64 encoding, which is not encryption, we're told.
You've been told correctly - base64 encoding isn't encryption!
Short-video biz Quibi, airline JetBlue, shopping site Wish, and several other companies leaked million of people's email addresses to ad-tracking and analytics firms through HTTP request headers, it is claimed. According to findings published Wednesday by Zach Edwards, of digital strategy firm Victory Medium, these businesses …
And they definitely aren't. Just look at the responses. Companies are encrypting their addresses now. Yay. Except the response for someone who doesn't want to leak them would be to change the page source so referer [sic] headers either aren't sent or exclude that information. I can think of three different ways to do that that each can be implemented in about an hour. Nope, they'll encrypt them. They won't bother stating that they've already sent the keys to the provider; they figure we already know that.
Biting the hand that feeds IT © 1998–2021