After the recent exposés by French security researcher Robert Baptiste who goes by the alias Elliot Alderson of Aadhaar related security issues and the UIDAI's consistent denials trivializing them, Baptiste predictably appears to have done what he had suggested. While he has not made a Twitter bot for tweeting about Aadhaar cards in the public domain as initially claimed, he has released on github, the source code for a very basic url scraper based on scrapy that provides a list of urls to Aadhaar cards based on the query text provided. A quick look at the code shows that it can search google, bing and baidu for provided keywords and create a list of urls returned in the results that gets saved as urls.txt in the same directory. "I just reworked this crawler," said Alderson. "This crawler has been made by someone else long time ago. It allow the user to search and parse the result of his search query. I just add some specificity to find Aadhaar cards. This code is easy to write and can be done by anyone, it just automates the google search query and the result parsing." "Maybe it will help UIDAI to see how many websites are leaking Aadhaar cards" Alderson added. Medianama's take This, naturally raises concerns around privacy for the individuals whose Aadhaar cards have been put into the public domain by various irresponsible websites. However, given the UIDAI's ongoing inability to take security issues raised seriously and limiting themselves to claiming security on the…
