Websites Can See If You Are Logged Into A Social Networking Site - gHacks Tech News

Websites Can See If You Are Logged Into A Social Networking Site

Can websites find out if you are logged into Facebook, Twitter or Google+? That's what Tom Anthony wanted to find out. If third party websites could, it could be used for different purposes, from user tracking to optimizing the websites services for the networks the user is logged in.

Facebook for instance provides an API for that that developers can use to find out if users who are connecting to their website are currently logged into the social networking site.

For Twitter and Google+, Tom had to find a different way that was cross-browser compatible as the service's Apis - or non existent API in the case of Google+ - did not allow to check a user's log in status directly.

The idea again was very simple: Request a file on those sites that require the user to be logged in to view it. A basic example of a similar principle would be a link to the upload a file page on those networks. Users who request to open these pages see a login prompt first, before they see the actual page they requested.

Tom basically requested to see an image on both Twitter and Google+ after login. You can see the JavaScript code examples on his blog that should make the method clearer.

If you just want to see if the script can detect whether you are logged into Google+, Facebook or Twitter, visit the status detector page here.

log-in

The script works in all popular browsers, in particular Firefox, Chrome, Internet Explorer 7 and up, Safari and Opera.

The script that Tom posted is merely a tool, that can be used for legit purposes, for instance to only display social buttons for sites the user is logged in, or illegitimate purposes that breach a user's privacy or target the user in malicious ways.

Users can protect themselves from being analyzed in this way by either logging out of the services when they leave the sites, or by installing browser extensions that block third party look-ups by default.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Paull(us) said on February 20, 2012 at 12:39 pm
    Reply

    The status detector page could not sea that I was using Facebook and Google, so main Mozilla Firefox add-on phishing protection, is doing there/his work properly.
    By the way how to do this I have learned on Ghacks.net.

  2. Robert Palmar said on February 20, 2012 at 8:41 pm
    Reply

    Out of curiosity, Martin, since I presume that is your screenshot,
    is NoScript which I know you use not preventing being seen
    or have you allowed Google and GooglePlus?

    1. Martin Brinkmann said on February 20, 2012 at 9:22 pm
      Reply

      I allowed the connections, that’s why it is showing it. It would have otherwise blocked the connections.

      1. Robert Palmar said on February 20, 2012 at 10:54 pm
        Reply

        Thanks. I thought that was probably the case.
        Google is not able to evade everything just yet.

  3. Jenita said on February 21, 2012 at 6:30 am
    Reply

    And, even though we set our settings in privacy mode, it is easy to crack our informations, right?

  4. Allen said on February 21, 2012 at 10:59 am
    Reply

    Websites like netfix pay to sites like FB and get the users personal info and without accessing the permission from the users.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.