A Bug In Joe Biden's Campaign App Gave Anyone Access To Millions of Voter Files (techcrunch.com) 83
schwit1 shares a report from TechCrunch: A privacy bug in Democratic presidential candidate Joe Biden's official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found. The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone's contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user's contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans.
When a match is found, the app displays the voter's name, age and birthday, and which recent election they voted in. This, the app says, helps users find people you know and encourage them to get involved." While much of this data can already be public, the bug made it easy for anyone to access any voter's information by using the app. The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone's information by creating a contact on his phone with the voter's name. The Biden campaign fixed the bug and pushed out an app update on Friday.
"We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed," Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. "We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so."
When a match is found, the app displays the voter's name, age and birthday, and which recent election they voted in. This, the app says, helps users find people you know and encourage them to get involved." While much of this data can already be public, the bug made it easy for anyone to access any voter's information by using the app. The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone's information by creating a contact on his phone with the voter's name. The Biden campaign fixed the bug and pushed out an app update on Friday.
"We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed," Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. "We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so."
Which should raise the question, (Score:5, Insightful)
Re: (Score:1)
Re: Which should raise the question, (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: Which should raise the question, (Score:2)
Re: (Score:2)
Re: (Score:1)
Biden with deep ties? Unlike the GOP-led Senate Intel report, that said that yes, Trumpolini DID have Russian contacts, and that they *did* help him?
GTFO, America-hating traitor.
Re: (Score:2)
Yeah it's not like you can't get someone's date of birth fairly easily, but...
This is a good "learning moment" for anyone involved in contracting an app developer. App companies don't know crap about appropriate privacy. You have to review what they did. Do not assume they have anything resembling common sense.
(If you're very lucky, you'll actually get a functional App. Maybe even on time. From what I've seen that's less than half the time, though.)
Re: (Score:2)
Its *scary* what I've had to deal with as a developer in the past. Customers giving me APIs with literally no authentication but able to read off credit cards which where stored locally FOR SOME REASON. I'd complain and say "hey, ah you realise that you've back doored the credit card db and your not actually supposed to store credit cards anyway?". They'd always just brush it off with something like "Nobody will find it, its a non standard port!" or something. As a freelancer I'd always resign at that point
Re: (Score:2)
Good on you for sticking to your guns... I hope that doesn't set you back too much financially. For every one of you there seem to be 10 contractors that can barely manage to drool on their keyboards long enough to produce an actual app, so those who swoop in after you resign probably lead the customer in circles for months on end.
Fortunately for me (not a dev, but I face similar circumstances where it's painfully obvious next to nobody else in my position is handling data securely) my employer lets me spe
Re: (Score:2)
God its not like it matters much. Im utterly hopeless at estimation so I have a tendency of having to put in lots of unpaid labor just so I can make good on my word and get shit done. I suck at business so whats a few lost contracts. If I was a bit less honest (or a bettter estimator) Id be rolling in fat stacks by now. Instead im just living hand to mouth
Re: (Score:1, Troll)
Biden pulled in hundreds of millions of dollars.
A full 50 percent of it from UNEMPLOYED donors too. Talk about a gigantic loophole. In a pandemic with people out of work, that many people had spare cash to donate to a campaign? Normally you have to enter your employer when making a political contribution. But strangely enough, half of the donors in Biden's recent $348 million (or whatever it was) record month was literally untraceable because donors claimed they were unemployed.
Foreign election money anyone?
Re: (Score:1, Troll)
This is likely. There are many nations that want Trump gone - China, Russia, Iran are just a few. The Obama / Biden administration was giving Iran billions of dollars, much of it in cash, so why not send back a few hundred million of that to get Biden re-elected? Unless they already spent it all funding terrorists to kill us...
Re: (Score:2)
China is obvious, I don't know about Iran, but Russia?
I thought Trump remaining president was ideal for Russia.
Re:Which should raise the question, (Score:5, Informative)
No. Not at all. US investigations revealed that Russia actively attempted to interfere in the 2016 election to try to get Trump elected. There is sufficient reason to believe that they are doing so again for the 2020 election
That depends on what you mean by the Trump/Russa thing. Did Russia interfere in the election? Yes. Did Russia want Trump to win? Yes. Did Trump actually conspire with Russia to get elected? No evidence has actually ever surfaced to substantiate this.
You're aware, presumably, that this president wanted Russia to rejoin the G7 and become the G8? You're aware, presumably, that when evidence of Russia's interference in the 2016 election was produced by US intelligence, that Trump chose to believe Russia over the USA's own investigations. You're aware, presumably, that rather than trying to hold Russia accountable for violations of its nuclear proliferation treaty with Russia through the use of sanctions, that Trump instead decided to withdraw the USA from the treaty that has been in place since Reagan, allowing Russia to continue to do what it wants entirely unimpeded? No, there is no evidence - AT ALL - that Trump has ever been hard on Russia. Even *ONCE*.
Trump may or may not have colluded with Russia... I do not know, and I would not accuse him of doing so. If he did not, however, he has through his presidency remained a "useful idiot" for Russia.
Re: (Score:2)
No, Russia and China want Trump to stay. For Putin, Trump is a perfect puppet. Melania Trump has been granted things very few non-Russians get in Russia. You don't this to woo the oppo
Re: Which should raise the question, (Score:1)
ActBlue. Anyone who donated to BLM was making a donation directly to the Biden campaign.
Re: (Score:2)
Biden pulled in hundreds of millions of dollars.
A full 50 percent of it from UNEMPLOYED donors too. Talk about a gigantic loophole. In a pandemic with people out of work, that many people had spare cash to donate to a campaign? Normally you have to enter your employer when making a political contribution. But strangely enough, half of the donors in Biden's recent $348 million (or whatever it was) record month was literally untraceable because donors claimed they were unemployed.
That is really odd. It is almost as if there were something happening in the country where millions of people were suddenly unemployed. It is crazy to even think that something like that is happening. Those donation had to be falsified to hide where the money is actually coming from. I'm glad your around to catch all these nefarious donations to the Democratic candidate.
Re: (Score:2)
Re: (Score:2)
That certainly used to be the case with election department jobs... even had a congressman bemoan that to me. I think they are starting to take that one a little more seriously these days.
Re: (Score:2)
Re: (Score:2, Insightful)
Now efforts can be made to de-register them.
Re: (Score:2)
For most states its available to the public, otherwise academics, political parties, candidates (even that guy you've never heard of). https://www.ncsl.org/research/... [ncsl.org]
This almost a non-story in reality.
Re: (Score:2)
Also, the Biden campaign didn't have access to the data (well not directly anyway). They were using a third party (TargetSmart) to supply the data to the app.
Is this:
The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone's information by creating a contact on his phone with the voter's name.
really a bug? The app is supposed to pull up the data of anyone in your contact so if you add a contact shouldn't that new contact's information be available? Now maybe the actual bug is that too much information is being shown for all contacts that you look up but the summary makes it look like the quoted statement is the bug that was found. T
Ewww (Score:2)
Even without the bug, the whole concept is horribly intrusive. Yuck.
Re: Ewww (Score:1)
Re: (Score:1, Troll)
It is data mining, they are after two bits of information, who is registered to vote and the second bit, but does not vote. So the corporate DNC CAN POSTAL VOTE FOR THEM AND WIN.
A data analysis of incoming postal votes should be made. Those who did not vote for over two elections cycles and all of a sudden made a postal vote. A sampling of ten thousands should be taken and asked if they actually did make that postal vote or the alternate it is printed out and posted, a mass printing and posting. Those pos
Re: (Score:2, Flamebait)
Man you guys are desperate, trying to build an entire alternate reality just to keep the Golden Boy in office. When we watched that idiot dubya get elected with massive poll suppression, we at least valued the peaceful transition of power enough not to try to foment a revolution.
Re: (Score:2)
At least the DNC isn't telling their supporters to submit mail-in votes and also go to a polling station and do in-person voting. https://www.cbsnews.com/news/t... [cbsnews.com]
They fixed the app or the backend? (Score:1)
Re:They fixed the app or the backend? (Score:5, Interesting)
Re: (Score:2)
Scale matters.
Re: (Score:1)
There's a difference between someone being interested enough to make the effort to access public records and an app actively encouraging people to get voting history of their family and friends so they can harass them. This does feel like it's crossing a line despite the data being public and freely available.
Re: They fixed the app or the backend? (Score:2)
I agree with you. But the severity of the crime should at least be compared to other similar practices, even those not privacy related.
Take apps like dine and dash(I think is ehat its called), that use publically available menus of restaurants and make them available in their app. They didnt work up partnerships with every restaurant, and yet those restaurants potentially lose face because a driver let the food get cold before delivering.
Not suggesting they are the same in severity, just highlighting tha
Re: (Score:2)
So is this same data available to both parties?
Do both parties take advantage of these public lists to "harass" strangers to vote?
Is this "crossing a line despite the data being public and freely available" also?
Re: Don't you mean "Kamala Harris's Campaign?" (Score:1)
Re: (Score:1)
Pretty much this. Even if Biden doesn't succumb to old age in office or get replaced on 25th Amendment grounds, his decline makes it likely that others will be making many of his decisions for him. Indeed, this may be one reason why the power brokers (in both gov't and media) wanted him as the nominee in the first place.
And if someone has evidence of Old Joe being more than the creepy uncle already caught on countless videos, then he's fair blackmail game too.
Re:Don't you mean "Kamala Harris's Campaign?" (Score:4, Informative)
And as a long time constituent of hers, I can say without any hesitation that Kamala Harris is a carpetbagger. She is a party soldier who will do whatever her party masters tell her to do, and her party masters are the ones who run California.
Do not vote to be more like California.
Re: Don't you mean "Kamala Harris's Campaign?" (Score:4, Insightful)
Anyone who argues for voting Trump over Biden based on age or senility is a troll or drinking the Faux News koolaide. Biden is only 3 years older than Trump, is much healthier, and shows orders of magnitude more mental acumen than the "stable genius" who brags about his ability to recite "person, man, woman, camera, TV".
Maybe they are BOTH senile (Score:2)
Indeed. The quantity of odd public errors T has made does not help sell him as the "less senile" candidate. This includes slurring words, walking funny, wobbling, hating ramps/stairs, mispronouncing after multiple tries, having toilet paper stuck to legs, and having trouble drinking water.
Anyhow, I don't think Joe programmed this app himself, so why is senility being raised?
Re: (Score:2)
Re: (Score:1)
I couldn't believe it when The Tinted One stated, "Who knew healthcare was so complicated?" And then, "The buck stops with everybody".
By now nothing he says surprises. Even SNL can't out silly him. He could do ANYTHING on 5th Avenue and still have a 42% popularity rating.
Re: (Score:2)
You and deranged Trump can ogle underaged girls in pageant dressing rooms wile waiting for your water bottles.
Re: (Score:1)
You've been mislead. Biden has to have a teleprompter to tell him what to say for his questions. All his questions are staged, so is everything else. Even then he reads notes that are to him and weren't supposed to be read.
Still in denial? Pull up Biden's 2008 debate on youtube. Not hard to find. Watch it for a while. Now pull up his last debate, also not hard to find. You'll see it's not the same man. Not even close. He's much worse now.
Re: (Score:2)
Trump cannot even read off a teleprompter. Still in denial? Pull up literally any official speech and watch how much he bungles it. It's not hard to find, but it does mean looking at more than foxnews.com
Re: (Score:1)
Trump cannot even read off a teleprompter. Still in denial? Pull up literally any official speech and watch how much he bungles it. It's not hard to find, but it does mean looking at more than foxnews.com
Did you know he's solving the middle east problem? Something nobody else has been able to do for over 50 years. It's because he didn't listen to the "experts" and went around the palistinians. This is exactly what we've been asking for. A man like him for decades.
Get past the lies you're believing. He's not a racist, he's not a fascist, he's probably the best President we've had since Lincoln.
Re: (Score:2)
He's not solving it. Normalizing relations for one country while ignoring all the other factions that cause the Middle East to be unstable just leads to more escalation. And he almost started a war with Iran by assassinating one of their generals on Iraqi soil (and killing or injuring 50 US service members in the process). How the hell is that "solving the middle east problem". The rest of the world has stopped supporting us on our Iranian policy because he tore up the treaty simply because his irrational h
Re: (Score:2)
You do realize that the Trump campaign is falsely accusing Biden of every fault Trump is guilty of in order to preemptively downplay Trump's culpability, right? The entire point is so when Trump is rightfully accused of failings, they can claim equivalency which it's not even in the ballpark of being the same:
Age - check
Senility - check
Health - check
Sexual harassment - check
Corrupt family nepotism - check
Public speaking skills - check
Racism - check
Not mandating masks - check
Bungling the COVID response - che
Re: (Score:1)
You do realize that the Trump campaign is falsely accusing Biden of every fault Trump is guilty of in order to preemptively downplay Trump's culpability, right? The entire point is so when Trump is rightfully accused of failings, they can claim equivalency which it's not even in the ballpark of being the same:
Age - check
Senility - check
Nope. Trump is clearly way more mentally competent. Look at another source of news that'll show you the way Biden really is. Want to see for yourself? Look at the 2008 debates with Biden and compare that with his last debate. The difference at least to me was incredible. He's a shadow of what he used to be. If he debates this time you'll see Trump take him apart.
Health - check
Sexual harassment - check
Nope. Biden IS a sexual harasser. No doubt about it. Tarra Reid filed the proper paperwork at the time, however he's Joe Biden so they didn't do an
Re: (Score:2)
You are delusional, and repeating yourself. Repeating yourself doesn't make your false claim any more true.
Re: (Score:2)
You mean the bipartisan veto-proof bill that he had nothing to do with except for a photo op when signing? Wow, let me drop to my knees in praise because he knows how to lift a fucking pen and smile for a camera. That was hardly landmark legislation that defines a Presidency, yet it's consistently the best thing that Trump supporters can come up with when challenged over his multitude of failings. It's well established that this White House
Re: (Score:3, Insightful)
Joe's advanced age and cognitive decline makes this really a race between Trump and Kamala Harris, not Joe. Even Joe refers to himself as a "transition candidate."
Donald Trump is only four years younger than Joe Biden. Also he has a famously bad diet, doesn't believe in exercise and wont listen to his doctors. Not only that, he can barely read from a teleprompter, has difficulty walking down shallow ramps and once received a standing ovation from his supporters when he demonstrated that he was able to drink water from a glass with only one hand.
Biden has demonstrated a relatively small number of gaffes and vocal slips, many due to the known fact that he has a stutter
Comment removed (Score:5, Insightful)
Re:Don't you mean "Kamala Harris's Campaign?" (Score:4, Informative)
I don't think it really matters if anyone has a problem with Trump and Biden having a national debate since they are already scheduled to have 3 of them (Sept. 20, Oct. 15 and Oct 22).
Re: (Score:2)
Anybody who's heard them both talk and thinks Trump is the more mentally and/or physically fit person between them has themselves entered advanced cognitive decline.
Re: (Score:2)
If we are going to go with the "advanced age and cognitive decline" of the two presidential candidates on the ticket as a dis-qualifier it should just be called the race between Kamala Harris and Mike Pence. I don't think Trump is any more likely to survive another four years than Biden would.
Nobody can do it. Nobody (Score:1)
Re: (Score:1)
Between this, H's (in)famous emails, and the launch of O-care, Dems have a lousy tech reputation. At this rate, they'll promote coal as the future of energy.
Re: (Score:2)
Between this, H's (in)famous emails, and the launch of O-care, Dems have a lousy tech reputation. At this rate, they'll promote coal as the future of energy.
https://www.energy.gov/article... [energy.gov]
Re: (Score:1)
Research is not deployment.
Re: (Score:1)
Why can't he be blamed? He literally invited Russia to hack https://www.nytimes.com/2018/0... [nytimes.com]
You dont think he's the type to direct his agencies to "allow things to happen"? Whether it's true or not he's made it so that people think they can hack Democrats and be praised instead of prosecuted.
Also, if I recall correctly, Trump blamed Bush for Katrina and 911 did he not?
"Uploads the user's contacts" (Score:5, Insightful)
Frankly, any user who uploads a contact list to anything without the specific permission of everybody on that list is a piece of shit... and should probably be subject to every kind of fine and penalty that you'd apply to a corporation that sent people's data to random places with no permission or discloser. Why does a random business associate or "friend" get a pass for doing things that a Web site would get headlines by doing? ... and the functionality pattern "match all of your contacts against this or that kind of list" is pretty fucking creepy in itself. It could be done done locally, using various cryptography to assure that only the user learned which contacts matched, and the user didn't learn anything about anybody who wasn't already a contact... and it would still be unacceptable.
"Contacts" is not even a kind of access that a mobile app should be able to request.
Is it a bug? (Score:2)
Or is it a feature?
1980s (Score:3)
Back in the 1980s I was an elite hacker and obtained a printed compilation of everyone in my town's name, address, and phone number.
Re: (Score:2)
Re: (Score:2)
Hush...don't spoil the narrative (Score:1)
Not one post in the first few screens... (Score:2)
that said, good on his campaign, that they were notified, and fixed it, and pushed out the fix ASAP?
Now, if only for-profit companies would be half that fast.