http://www.hackerfactor.com/blog/index. ... Fraud.html
Fake News. What to believe?
The number of privacy issues here is stunning:
The folks at SurfSafe know every web page I visit, when I visit it, and every picture on every web page.
If any of the URLs contain personal information, such as access tokens or keys or names, then they get that, too. Since I tested against my FotoForensics web site, I watched the logs for their accesses. They definitely keep and use all URL parameters when retrieving pictures.
If any of the URLs point to personal pictures -- things that you don't want other people to see -- then that's too bad. SurfSafe retrieves the pictures and adds them to their collection of known sources. Remember: lots of URLs are not publicly known but are still publicly accessible if you have the right URL-based parameters. For example, Facebook pictures can be marked as private. But the URLs are accessible if you have all of the URL parameters. This means that SurfSafe can access your private Facebook pictures as soon as you visit your private Facebook page.
As you'll notice from my screenshots, I accessed my site using HTTPS. HTTPS is supposed to be secure, but it's not secure from local browser extensions. SurfSafe grabs your secure URL and passes it to their third-party service.
Determining the factual accuracy of a news report is a non-trivial task. Everyone wants a solution, but there are no quick answers. There are a few groups that try to validate news (e.g., Snopes, Politifact, some folks at the Poynter Institute, and even some fact checkers at specific media outlets). Unfortunately, properly vetting news requires trusted and experienced people who can actually fact-check content, and there are not enough of these people right now.
Sadly, some groups try to take advantage of this void and fill it with bogus analysis tools. SurfSafe is not a solution for identifying fake news.
The only thing worse than fake Fake-News detectors are news outlets that want us to trust them, but promote "new tools" without vetting them first. (I'm talking to you, Wired, BoingBoing, and Mac Observer.)