An Interest In:
Web News this Week
- March 2, 2024
- March 1, 2024
- February 29, 2024
- February 28, 2024
- February 27, 2024
- February 26, 2024
- February 25, 2024
Companies reveal mountains of sensitive commercial data in their APIs
Many companies use private APIs to manage their A/B tests of experimental products and approaches; by grabbing the calls that mobile apps make to these APIs, Jon Luca was able to figure out all kinds of sensitive information about companies' future plans, from the way Lyft steers customers towards credit cards that are cheaper to process and its use of "Tactical Price Adjustments" to fight customers who price-compare with Uber; to Airbnb's future China plans; to Pintrest's gendered content differentiation and so on.
There's lots more: Amazon's upcoming augmented reality offerings; to Tinder's incomplete erasure of a now-deprecated feature that let you view a prospect's Instagram.
Luca has promised a followup in the months to come.
Read the restMost companies arent obfuscating or minimizing their experiment names, which leads to information leakage. This could prove dangerous in the future - if a company is slowly rolling out a new feature, it could give their competitors an advantage.
This is a common occurrence in the industry - nearly every company is siloing off their growth engineering department, which leads to siloed off experiment routes. This in turn makes it almost trivial to figure out what theyre working on, and make educated guesses at the 6 month roadmap of most tech services.
Some future companies Id like to try and check out are Snapchat, Ebay, all the Google products and services, and LinkedIn.
Theres a lot more apps and services that this methodology works with. Feel free to reach out if youre interested in finding any given companies experimentation campaigns.
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/ie91P62_vI8/variable-names-considered-harm.html