Through the internal letter of the blog park, there are many people who have privately messaged me, how did they get so much private information, and let me teach him how to spy on other people's privacy.
Here is a unified explanation. Our systems are developed based on the user authorization login mode , which is the way that the user ticks to agree to the service agreement + the user submits the account password verification code. If you do not have this scenario, there are not a large number of users willing to submit account passwords Or scan the code, that is useless.
1. First of all, we need to develop a login system for a three-party website. This is a very, very complicated and critical step. Basically, most of the development time is spent on this. After this pass, it is easy to get the user's private data. The tasks to be done later are much simpler. The specific difficulty is that, for example, WeChat, Taobao, Alipay, and JD.com are the top 10 websites in China. Even if the user submits the correct username and password, it is difficult to use the simulated interface to log in. The reasons for the difficulty include too many interface requests, too difficult analysis, and encryption. There are also non-interactive verification codes, account lockout due to multiple incorrect verifications, ip restrictions for a large number of users to authorize logins, exception detection thrown by third-party websites for remote logins, and so on. Therefore, this step is very complicated, and you need to be patient to analyze the interface and deal with some interactive situations and IP instability. After these are resolved, use microservices and asynchronous non-blocking methods to develop interfaces. If you can't log in, you can't get the data, so this step is both complex and critical.
2. Even if you develop this system, the user must be good, or it will be bad for him not to authorize the login, so that there will be users who are willing to expose their privacy and agree to authorize the login. Specifically to us, if you want to take a loan, you must let us know your information on major credit-related websites. If the user does not agree to authorize the login, then the loan cannot be obtained, so this is a scenario that is beneficial to the user.
3. Some people ask how to get other people's privacy without password? My way is not such a way, my way is a way that must be authorized by the user. Just thinking about it with my head can tell, if I can pull down other people's privacy without a password and directly log on to other people's Alipay WeChat, it would not be better for me to steal the account and transfer money, then why do I need to work hard.
Moreover, even if you find a loophole, you can spy on other people's privacy in large quantities without the need for a password. Without the consent of the user, it is against the constitution and you need to go to jail!