The Citizens’ Advice Bureaux have just released a real-time view of what people are searching for on its site. It’s heartbreaking.
— Tom Loosemore (@tomskitomski) October 21, 2014
who supplies my electricity
why do some children become looked after
will i get back pay on pip
@edent Searches are like a series of tragic micro-stories. "hidden camera in the workplace", "when can i claim income support im pregnant"
— James Temperton (@jtemperton) October 21, 2014
It was, sadly, deeply insecure.
It’s falling foul of one of the most basic security flaws. It blindly echoes a user’s input without checking or sanitising it.
There’s another potential flaw here. Privacy. Hopefully no one is dumb enough to type in their full name, address, or National Insurance number.
Can a malicious user look at the searches and identify you? How specific is your issue?
Ask yourself this – how comfortable would you be with every single search you make being projected onto the side of a building?
A few minutes after reporting this, the security flaw was fixed.