STORY UPDATED: check for updates below.
Can the website Oilsjt Analytica really guess your name just based on the answers you give to a few questions? Many internet users were stumped today by the website that seems to be a parody on Cambridge Analytica, the firm embroiled in a Facebook data harvesting scandal. It was launched via Twitter only a few hours ago:
(Translation: "After Cambridge, Aalst could not stay behind: #OilstAnalytica knows more about you than you would believe. Test for yourself...")
So, does this little website built by Belgian security researcher Inti De Ceukelaire have a huge store of data about everybody in the world? Is it possible to correlate your answers with what Facebook knows about you to figure out your name?
The whole spiel about answering questions is just a distraction. In reality after the last question the site quietly loads a widget from Facebook that websites normally can include to send the link of an article to friends via messenger. If you happen to be logged in to Facebook at the time (which most people are) the widget will display your name. In my case it would look something like this:
Note that the website the widget is displayed on cannot actually access the data in the widget, it gets sent directly to your browser because it is included in an iframe (sort of a separate browser window inside a webpage that sits isolated from the site it is included in).
By using some clever layout tricks (inverting the colors and moving the widget up and to the left to hide the avatar image and first line) the Oilst Analytica website tricks you into believing it guessed your name. Clever!
Note: the Oilst Analytica logo is a parody of the Cambridge Analytica logo (which shows the shape of a brain).
The spoof logo has the shape of an onion, which represents the nickname of the inhabitants of the Belgian town Aalst (famous for its carnival) from where the creator of the website hails.
2018-03-30T22:12:43Z 2018-03-30T22:12:43ZIt seems Facebook has now blocked posting links to the site, even though the site itself is still up and the trick it uses to show the name still works.