Websites Can See If You Are Logged Into A Social Networking Site

Martin Brinkmann
Feb 20, 2012
Updated • Jan 4, 2018
Companies, Facebook, Twitter

Can websites find out if you are logged into Facebook, Twitter or Google+? That's what Tom Anthony wanted to find out. If third party websites could, it could be used for different purposes, from user tracking to optimizing the websites services for the networks the user is logged in.

Facebook for instance provides an API for that that developers can use to find out if users who are connecting to their website are currently logged into the social networking site.

For Twitter and Google+, Tom had to find a different way that was cross-browser compatible as the service's Apis - or non existent API in the case of Google+ - did not allow to check a user's log in status directly.

The idea again was very simple: Request a file on those sites that require the user to be logged in to view it. A basic example of a similar principle would be a link to the upload a file page on those networks. Users who request to open these pages see a login prompt first, before they see the actual page they requested.

Tom basically requested to see an image on both Twitter and Google+ after login. You can see the JavaScript code examples on his blog that should make the method clearer.

If you just want to see if the script can detect whether you are logged into Google+, Facebook or Twitter, visit the status detector page here.

The script works in all popular browsers, in particular Firefox, Chrome, Internet Explorer 7 and up, Safari and Opera.

The script that Tom posted is merely a tool, that can be used for legit purposes, for instance to only display social buttons for sites the user is logged in, or illegitimate purposes that breach a user's privacy or target the user in malicious ways.

Users can protect themselves from being analyzed in this way by either logging out of the services when they leave the sites, or by installing browser extensions that block third party look-ups by default.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Allen said on February 21, 2012 at 10:59 am

    Websites like netfix pay to sites like FB and get the users personal info and without accessing the permission from the users.

  2. Jenita said on February 21, 2012 at 6:30 am

    And, even though we set our settings in privacy mode, it is easy to crack our informations, right?

  3. Robert Palmar said on February 20, 2012 at 8:41 pm

    Out of curiosity, Martin, since I presume that is your screenshot,
    is NoScript which I know you use not preventing being seen
    or have you allowed Google and GooglePlus?

    1. Martin Brinkmann said on February 20, 2012 at 9:22 pm

      I allowed the connections, that’s why it is showing it. It would have otherwise blocked the connections.

      1. Robert Palmar said on February 20, 2012 at 10:54 pm

        Thanks. I thought that was probably the case.
        Google is not able to evade everything just yet.

  4. Paull(us) said on February 20, 2012 at 12:39 pm

    The status detector page could not sea that I was using Facebook and Google, so main Mozilla Firefox add-on phishing protection, is doing there/his work properly.
    By the way how to do this I have learned on

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.