back to article Backblaze on the back foot after 'inadvertently' beaming customer data to Facebook

Backup specialist Backblaze has fixed an issue where a Facebook advertising pixel was "inadvertently" included on signed-in web pages – but users are concerned private filenames and sizes were also sent to the social media giant. The problem was spotted by Blackblaze customer Ben Cox who protested on Twitter: "WTF? @backblaze' …

  1. Dan 55 Silver badge
    Flame

    No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

    And that goes especially for banks which seem not to understand this simple concept.

    1. b0llchit Silver badge
      Big Brother

      Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

      But, you have to understand... Facebook, Google and any 3rd party need to make money too. The customer is here to provide for Facebook, Google and any 3rd party. How else can we redistribute wealth properly? Facebook, Google and any 3rd party are here to pay taxes for our communities and strengthen the local bonds in our social environment. Please do not forget that.

      /s

    2. Vometia Munro

      Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

      Patient Access is another culprit that invites the likes of Google somewhere it really shouldn't be. I haven't spent any time seeing how intrusive it is but the frequent appearance of the "select all crosswalks" menace is enough of a worry IMHO.

      Well, that and having to add so much of it's annoying spam to uBlock. Patient Access a dreadful, shoddy piece of crap even without all the intrusive annoyances and I wish I had the option to use something else. :|

    3. Alan Brown Silver badge

      Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

      and yet, most council, medical and government web pages in the UK do exactly that

      1. JassMan

        Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

        Gov.uk pages including Sunday's census which used Google Tag Manager. The ONS had an independant security audit done by Bridewell who claim that all our data and privacy are totally secure. Yeah, right!

        Can we start up a class action to get our data back?

        1. Fogcat

          Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

          I have had dealings and meetings with ONS about census data in the past (admittedly a long time ago now) and they always impressed me with their focus on not revealing any individually identifiable information. I'd trust them infinitely more that Facebook!

    4. cd

      Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

      I convinced my major credit union to drop recaptcha by declaring that I do not have any business relationship with Google and do not want to confide my personal practices with them.

      I used an article here about an alternative captcha and they ended up adopting it for a while.

      I am sympathetic to the need of blocking bad actors, but too often Google or Fb provide something "easy" as a solution that has ramifications for their customer. I view that choice as an indicator of whether sales or engineering is dominant and act accordingly.

      1. low_resolution_foxxes

        Re: No customer dashboard should ever fire off a connection to Facebook, Google, or any 3rd party

        I see this all the time. Useless marketing droids obsessing over the website click rate (we do not sell or get any business from our website) but they get all NSA about their Facebook and Google gender/age/IP stalking website tracking of our customers.

  2. Anonymous Coward
    Anonymous Coward

    Such an overzealous web team

    "However, it was inadvertently configured to run detected while running on signed-in pages"

    Here, fixed it for you.

    There is no small profit, and no matter if you pay or not, you're the product.

  3. don't you hate it when you lose your account

    So tiered

    Of these shits getting away with this crap.

    1. Anonymous Coward
      Anonymous Coward

      Re: So tiered

      Preach brother

  4. druck Silver badge

    Blocked

    At least you know now why Google tag manager and Facebook scripts should always be blocked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blocked

      Facebook domains, meet hosts file. Hosts file, meet Facebook domains.

      1. Alan Brown Silver badge

        Re: Blocked

        FB have _HUNDREDS_ of domains for this purpose

        1. cd
          1. Claverhouse

            Re: Blocked

            Thanks.

            I use Steve Black's [ standard ] Hosts file, but can cut and paste...

            1. Claverhouse

              Re: Blocked

              Also added the Cloudflare block from Mr. Dugan's list since I have a particular loathing for them.

              .

              .

              Mr. Black's Extensions are problematical...

              The porn one includes my favourite Manga site --- which certainly has a lot of unsavoury stuff; but which I deal with for myself which one of the best blacklists in existence [ like torture or yaoi or tentacles etc. etc. ] but which it is foolish to ban.

              The gambling one includes the National Lottery (UK ).

              Whilst the fakenews one, as with so many woke directions, merely censors stuff someone else decides they dislike, and stops free information.

          2. Anonymous Coward
            Big Brother

            Re: Blocked

            RyanBR aka Fanboy, has a similar list entitled Anti-Facebook in the uBlock Origin Annoyances list section.

  5. Anonymous Coward
    Anonymous Coward

    These BS practices are more common than you think, and its not just the search engines and social media companies, pretty much all software houses are doing this BS

    What is it with these creepy tech companies, always wanting to fucking spy on you, its just creepy AF

    STOP IT!

    1. Anonymous Coward
      Anonymous Coward

      It's because they are not really Tech companies. They are Marketing companies.

      Marketing people think they have a right to extract all and any information about you.

  6. Mike 137 Silver badge

    "it was inadvertently configured to run on signed-in pages."

    Inadvertently? How does anyone who's paying any attention at all include a tracker on a web page "inadvertently"?

    Either there's some flummery here or, more likely, they're employing utter morons as web developers.

    1. Anonymous Coward
      Anonymous Coward

      Re: "it was inadvertently configured to run on signed-in pages."

      ... perhaps, at best, and with more "benefit of the doubt" than they deserve: s/inadvertently/unthinkingly/

  7. Arthur the cat Silver badge

    Keep the bastards out

    Paid for services should run from a domain that is entirely separate from the company's main marketing site, and should not include anything from other domains.

  8. Doctor Syntax Silver badge

    "what kind of data was inadvertently transmitted to Facebook."

    Inadvertently? Negligently might be closer.

    1. Anonymous Coward
      Big Brother

      Inadvertently, Negligently,

      Let's just call it what it was, Purposefully.

  9. FlippingGerman

    Hey

    Hey Backblaze, what the fuck? Stop it, and own up to what was happening. I was a happy customer, now I'm an unhappy customer, if you keep it up I won't be a customer.

  10. Sampler

    One of the selling points..

    ..of backblaze is the encryption, you need to input your encryption key to view your files, so not even backblaze knows what you've uploaded (according to their marketing).

    This, then, would fly in the face of that assertion and promise to the customer of holding their data securely. So, class action?

    1. Anonymous Coward
      Anonymous Coward

      Re: One of the selling points..

      The FILES are encrypted, but the file NAMES aren't - you can see them in the web interface.

      Personally, I encrypt my more important files BEFORE uploading them to Backblaze. The filenames that are there are total gibberish to me, as they're generated via Duplicity.

  11. ayay

    what's the scrappy option now?

    I remember Backblaze was the scrappy newcomer, cheap and effective, using consumer grade hard drivers and running all sorts of data collection to see how cost-effective that was.

    Then, they stopped doing the consumer grade stuff. Maybe the enterprise gear is more cost effective? Or are they going full corporatey?

    That answers the question. I wonder who's the new scrappy guy that has to prove his worth currently, because Backblaze is one of the boys now.

    1. Captain Obvious

      Re: what's the scrappy option now?

      Enterprise Seagates are WAY cheaper than IronWolf and Barracuda!

      I ONLY use these EXOS drives AND they have a five-year warranty!

      This is why they switched due to cost not due to enterprise vs consumer.

  12. YetAnotherJoeBlow

    Always the same...

    They got caught.

    1) feign ignorance (the easiest step)

    2) waffle

    3) cop it and do it a different way

    4) get caught again

    5) arrogance - tell everyone to read the TOCs

    6) goto step 2

    1. Shalghar Bronze badge

      Re: Always the same...

      Wasn´t there some kind of "we care deeply about our customers privacy" yadda yadda "We have adressed the issue and improved our security." pop fizzle "Only a few customers were affected..." something somewhere in between ?

  13. sgp

    Idiot Marketeers 101

    "a new Facebook campaign was created that started firing a Facebook advertising pixel, intended to only run on marketing web pages"

    That's your problem right there. Sleep with the dog, wake up with fleas.

    1. Shalghar Bronze badge

      Re: Idiot Marketeers 101

      So why exactly would "marketing web pages" need to transfer filenames of the victim (either the inputting/uploading or the hosting victim) ?

      File size might be to test how long a page loads but i never saw any ADnoyance ridden web presence doing that kind of granular optimisation, nor caring for such things.

      Seems more like sleep with the dog, catch fleas, worms and rabies in a big family friendly all-we-can-steal promotion packet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like