gmg-special-projects-desk / pymk-inspector Goto Github PK

It took me some time to realize why no all suggestions were without mutual friends. Thought the parser had problems, when it only assumed a setting that not all might share.

Would be good to add to the instructions, that a specific language is expected (I'm now on english (US), don't know if the others would work). Would be even better if a check is made (i.e. headline is "People You May Know") and inform the user that the set language is not supported.

• Privacy Policy

ensure the UI is updated when data is updated.

The friend requests page appears to have a referral code, fcref=jwl. This is likely some form of tracking of FB's end. It could lead to correlation of users of the pymk tool though. Remove if unnecessary.

Some recommended friends are appearing multiple times (e.g., in my data, Michael Montez, Jessica Moulite, Jane K. Stoever.)

We recommend acquiring a cert and enabling code signing if you plan to distribute binaries. See electron-build code signing.

If you're using the search function and it doesn't match anything, it shows you all the people rather than none.

Uses keytar which stores the password on the OS's keychain. (GOOD)

No action required, just some praise.

These are a set of options that can be passed to BrowserWindow through Automatonic's Browser. These have really good secure defaults. The only explicit change would be to set sandbox to true. Everything else should be set by default.

• Automantonic sets nodeIntegration to false by deafault (GOOD). Consider setting explicitly.
• Set sandbox to true to sandbox the renderer.
• Set contextIsolation to true to prevent FB from potentially interfering with the preload script (however, there is no preload script).
• webSecurity has a secure default. Consider setting to explicitly to true.
• allowRunningInsecureContent has a secure default. Consider setting explicitly to false.

Test to ensure hardening options do not break functionality.

The login window closes before multi-factor authentication can be approved

Consider encrypting user data on disk. The key could be derived from the user's Facebook password using (in order of consideration) Argon2, PBKDF2, scrypt, or bcrypt. If you held the data in memory, then when it was serialized to disk you could encrypt it with AES in CBC mode. On load, you could read from disk, decrypt, and then load to memory.

This could be a considerable undertaking given a lack of support in level-js and linvodb3 but we thought it worth mentioning if time permits.

Have to delete settings to change the frequency

no mutual, most common etc.

Hello,

I am interested in doing my own visualization of the collected data, but can not find any database in the App folder.
Where is the data stored? How do I get access?

Thank you in advance,
_pitscher

Mine is stuck as "Most recent session was 6 days ago" even though it's run 3 times today

While unlikely that Facebook would serve malicious data to the users, a best practice would be to validate the URLs passed to shell.openExternal(url).

It would be nice if we could get a few people to be guinea pigs in future experiments!

For that footer:

"Did you find someone noteworthy? Or do you want to be part of an experiment run by Gizmodo?Contact us at [email protected]"

utils.js in initBackgroundScrape sets config without a creds child object. config is then passed to runScrape which accesses config.creds.username.

IPC fg-scrape sets arg to creds. Perhaps the background scrape will have problems if the user is logged out? After logging the session out through facebook, the scraper failed to login on the cronjob.

"This tools is"
tools-->tool

And "share your story with the [email protected]."
dump the "the"

Uninstalling the application does not delete the stored user data.

• Did not scrape on the first try, I had some pending friend requests perhaps these interfered.
• Once it ran successfully I still saw an empty view (It looks like the scraper hasn't run yet. ...). Review view updates on action completions to ensure the UI is updated when data is updated.
• Successful background runs don't appear in the run log.