Latest Articles

How Major Websites Are Failing to Keep Our Data Safe

High-profile computer hacks remain top of mind in the public’s perspective of how their data exists online, and it’s no stretch to say that most websites do not do a good enough job of protecting us. Perhaps, with blockchain technology, a better web can be built.

High-Profile and Unknown Attacks

Equifax was one of the biggest such hacks, affecting nearly 150 million people. And late last month, news hit that hackers had attacked Marriott Hotels’ reservation systems and have managed to access the data of around 500 million people in one of the biggest data breaches in history. (To understand the breadth of this hack by comparison, the current population of the U.S. stands at around 329 million.)

The publicity around these kinds of breaches is terrifying enough for those who care about who’s accessing their personal data online. However, it’s even more disconcerting to think that our data could be compromised on major websites and we aren’t even hearing about it.

For instance, Branch.io provides a mobile traffic attribution service used by many big-name websites including Pinterest, Tinder, Yelp and Airbnb, to name a few. A team of security researchers at VPNMentor were researching client-side security when they came across a vulnerability in Tinder’s security.

After some further research, they found that the vulnerable endpoint was not owned by Tinder but by Branch.io. The attribution software had set up a hidden subdomain (go.tinder.com) that had a cross-site scripting flaw. This vulnerability meant that hackers could easily insert malicious links. If users clicked on one of these links while logged into their Tinder account, then hackers could easily get access to the users’ profiles and data.

Although Branch.io quickly released a patch for the vulnerability, Tinder was not the only service affected — potentially all Branch.io clients using that software were affected. This means that the data of up to 685 million users were at risk from the vulnerability.

Although Branch.io has now fixed the issue, there is no way of knowing if hackers exploited this vulnerability or the extent of the damage if they did.

How Decentralization Can Help

Unfortunately, it's impossible to reverse the damage for data that may already have leaked. It’s also up to individual websites’ policies and procedures to fix the issue going forward. However, blockchains could offer some potential solutions, depending on how flexible our favorite sites are in their adoption of the technology.

If websites begin to accept cryptocurrencies more widely, they would have a far greater assurance of privacy over their payment data compared with using credit cards. Blockchain-based payment services would be more secure for customers making payments and could offer lower fees for sellers receiving and withdrawing their revenues.

Ripple could be a viable alternative. Other options include coins with a privacy focus, such as Dash, which would assure customers that nobody on the other end of the transaction can easily access their personal data.

Also, customers and sellers could start making purchases on secure, blockchain-based marketplaces wherever possible. Although there isn’t currently a blockchain retailing behemoth matching Amazon’s scale, there are alternatives. OpenBazaar, for example, is a peer-to-peer marketplace that uses smart contracts to hold payments in escrow in case of any nondelivery or other dispute. The platform supports a range of cryptocurrencies for both buyers and sellers.

Ultimately, major websites must take it upon themselves to act responsibly in securing customer data, even where they use third-party software. Blockchains provide multiple methods for companies to fulfill their user-privacy responsibilities better. As blockchain solutions become more prominent, if online companies continue ignoring this kind of issue, they may find themselves in hot water once customers realize what’s going on. In which case, the current online giants may find that their neglect hits them where it hurts most — share price.

2019 Investments in Crypto and Blockchain Startups at $850 Million

Source: Reuters

According to data compiled by Pitchbook for Reuters, venture capital investment in crypto and blockchain startups has reached $850 million so far this year.

EEA Launches 'Token Taxonomy Initiative'

The Enterprise Ethereum Alliance has announced a "Token Taxonomy Initiative" to develop universal definitions for tokens to encourage their interchangeability across blockchain platforms. Members of the initiative include Microsoft, R3, ConsenSys, IBM, EY, Accenture and Intel.

Gemini Adds Support for SegWit

Source: Gemini

Gemini Trust, a New York-based cryptocurrency exchange, has announced support for Segregated Witness (SegWit) addresses and transaction batching. As a result, customers can now use SegWit addresses for bitcoin deposits and withdrawals, ideally improving processing times and lowering bitcoin withdrawal fees.

Nestlé and Carrefour to Share Product Data With Consumers Via Blockchain

Source: Nestlé

Food producer Nestlé and retailer Carrefour will equip the packaging of a French instant mashed potato product with a QR code that provides blockchain-based data about its origins to consumers. The pilot was developed in conjunction with IBM Food Trust.