It turns out this isn’t limited to cookies through browsers and overt tracking software.
There’s another software package that businesses use to track their users activities. Log4j
is used on computer servers to keep records of users’ activities so they can be reviewed later by security or software development teams.
Businesses are secretly tracking our activities as we interact with them digitally, not just quietly through cookies and tracking tools. Maybe not only those teams, either. It wouldn’t surprise me if marketing teams were using our data, and if other teams were putting together packages of our data to peddle to other companies.
It’s widespread, too.
The nonprofit Apache Software Foundation, a group that distributes the open-source tool at no cost, has said [Log4j] has been downloaded millions of times.
And just to add a floatie to that puddle, Log4j has a serious security flaw.
The flaw is particularly dangerous given the widespread use of Log4j on corporate networks and the ease with which hackers could exploit the vulnerability, security experts say.
Attackers could use the bug to break into computer networks to steal sensitive data, prepare for ransomware attacks, or create backdoors that will allow them to maintain access to corporate systems even after the flawed software has been patched.
That exposure isn’t limited to personal information, either, or to the nefarious uses to which businesses put out personal information. It ranges up to the technologies of businesses, including defense contractors.