Access to CrowdTangle Deletion Framework API
source link: https://philippeharewood.com/access-to-crowdtangle-deletion-framework-api/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Access to CrowdTangle Deletion Framework API
There is a root GraphQL query that gives one access to numerous CrowdTangle API calls including one that lists the deleted objects for popular Facebook entities by date.
Regular users shouldn’t have access to CrowdTangle this way. The data was of the form
{"__typename":"CrowdTangleDeletionResult","id":"111111","parent_id":"22222","system":"fb"}
From my understanding, this was a result that contained a Facebook post. The parent_id supposedly points to the CrowdTangle/Facebook account owner/board. I downloaded ~40,000 results for the period of August 4th, 5th, 7th and 8th. This was a large enough sample size to convince myself that the parent_id was in some cases with a high level of confidence one of the following:
1. A recently deleted page (I cross checked with a simple Google search and Google cache)
2. A page with a high following that recently deleted posts in bulk
According to Facebook, this wasn’t enough to pass the bar for a bounty.
Please note that here the original impact described in this issue, being able to know the ids and parent_id of deleted object was falling below the bar for a monetary reward, but we will reward this report because we discovered security hardening opportunity that we implemented.
Timeline
Aug 7, 2021 – Report sent
Aug 17, 2021 – Fixed by Facebook
Recommend
-
74
Google Duo 24 adds account deletion, continues work on Google account linking [APK Teardown]
-
42
README.md SmokeDetector
-
67
Imgur: The magic of the Internet
-
35
Hello Dear Github: We Are: Bilibili Security Group.It is nice to be able to yse Github such a professional and effcient platform,and mpw we have a need to be very hopefully able to get Github's support a...
-
24
TL;NR: With linear probing, we can delete elements from an open addressing hash table without tombstones. Here are the C and the
-
19
Vulnerabilities that enable an unprivileged profile to make a service (that is running in the SYSTEM security context) delete an arbitrary directory/file are not a rare occurrence. These vulnerabilities are mostly ignored...
-
16
CMD for the inability to move files due to string deletion advertisements I'm trying to format my USB stick for use in my car as music databas...
-
6
Security Bulletin: Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Deletion Vulnerability P...
-
6
Complete cases: How to perform listwise deletion in SAS 7 SAS procedures usually han...
-
6
The founder of Facebook’s CrowdTangle tool is leaving CrowdTangle has been at the heart of an internal Facebook debate about transparency ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK