A UK-based web developer has figured out a simple way to tell if visitors to his site are logged in to Gmail, Facebook, Twitter, Digg and thousands of other websites. One method developed by Mike Cardwell of Nottingham makes use of status codes returned by many sites, which differ depending on whether a user is logged in or not …
This is what NoScript is for
Unneeded scripts are unneeded. Especially on Oppressive Sites.
I'll get my invisibility cloak.
Everyone on this tech site knows what sodding NoScript is. You don't have to brag about using it in the comments of every single article.
Free with every Opera hat!
Well said, every time an article about advertising or privacy or anything like that on the Internet comes up it's all "Adblock and No script, I'm invincible." It's tedious beyond belief.
"I'm vaguely competent at setting up firefox, bow down at my technical prowess."
So you already know about it - thanks for telling us all that you don't need the AC telling you.
But at some point we all heard about these things for the first time and they are worth knowing about so perhaps we can let people bring them up in relevant threads.
The touble is that it's always fanboys who bang on about things like their personal choice software. There is almost never, particularly in the case of adblock and noscript, a meaningful discussion of the relative merits of the systems used, it's just a case of "I'm better than those other guys because my personal choice of software says so." which despite the user being right or wrong just stinks of self confirmation bias.
Whilst I do not *rely* on El Reg's comments pages for my computer security, I have been directed to security-enhancing software and techniques by commenters here. Not all of us here are primarily employed in computers and security, and when I first started reading El Reg I was essentially clueless as to how to effectively secure my machines ("anti-virus and firewall? Must be safe")!
When it comes to security, things like NoScript work so disproportionately well (as far as I can tell from the literature) compared to their complexity that reminders that it exists fall into the category of information that cannot be said too often. You never know when someone will benefit from it.
I'm sure Eq and AC don't think that we should avoid a list of things they already know, so I don't know what their actual complaint is.
Isn't this why there are multiple browsers available?
Who surfs for pr0n in the same browser they work in?
Or one browser with multiple profiles
firefox -ProfileManager -no-remote
oh I see
It is the other way around, except for Twitter. But Twitter was written by apes so what do you expect?
Inquiring minds what to know
Does it work for El Reg?
Wonder if .gov.uk will make use of this
A 200 code indicates the user isn't logged in? At the risk of being wrong, isn't it the other way around?
"would you care if I could tell you're logged into one or more porn or warez sites?"
... not really. If I thought a site would get me in trouble then why would I sign up in the first place? I'm not an idiot.
I like Portable Firefox...
for browsing controversial sites.
It leaves no tell tale bits around after you leave.
Multiple browsers help
I have always been paranoid about dodgy (or corporate) sites snaffing cookies etc.. from mail or social (ugh) sites I might be logged into, so apart from no script, I also use multiple browsers. Chrome only for gmail, Opera for the occasional social login and FF + no script for general browsing.
letters and/or digits
Ahh, one of my favourites
Attention Marketing Droids at MFST
Internet Explorer* safer than Firefox!
As seen in The Register!!
Now extra exclamation marks!!!
* applicable only to later versions of IE
If you actually manage to get their attention they might fix that.
Not more Referer checks!
When will "professional" web developers learn that Referer checks are useless. In no case is client-side-generated data a good security measure--and in all cases, it's easy to fake. Token synchronizer ftw!
I don't care
I don't care what the asshole can determine from my session. HOWEVER this clown needs to go down for violating privacy via covert means. I believe this would be illegal.
Fuck this dude.
The information about your login state isn't sent back to the server. It remains within the page, on the client side only.
«Perhaps http://oppressive-regime.example.org/ ...»
Is there any other kind ? Not, at least, if we don't devote significant efforts to keeping our own respective regimes honest, without allowing ourselves to be distracted by their continually pointing of the finger at the other chap....
Not covert if we're being told about it, which we are.
But it COULD be covert.
I haven't visited the bloke's web site, but it's polite for somebody who has worked out how to make Internet Explorer or Firefox miaow like a cat and then spit a hairball in your face to set up a cover web page that says, "Click on this link to see me make your web browser miaow like a cat and then spit a hairball in your face", and not just go ahead and do it and -then- explain. I don't know which it is in this case.
what is this "title" you speak of?
Hey, I've got a crazy idea. How about just doing work related stuff when using a work owned resource? I don't particularly LIKE not being able to surf where I want during my lunch break or other times when I'm not on the company's dime, but I understand and accept it. I'm not going to jeopardize a well-paying career just to I can chuckle over youtube/etc on break. It IS, after all, the company's computer, the company's network, and the company's RISK.
The simpler option is to use my OWN laptop with my cellular tether or grabbing the open wireless signal from the building next door. When that's not available, I just wait until I get home or the pub/coffee shop after work. How fscking hard is that?
Big (Employer) Brother really is watching, and mostly with good (for them) reasons. Deal with it.
(I'm wearing my asbestos undies today, so you may flame when ready)
More evidence of the "no lifers" who populate the computer industry
This will not stop until all of us (including and especially the media) starts reporting this kind of thing properly. To Wit; "the mentally and ethically deficient half-wit 'cracker' (who in his spare time surely molests small children and farm animals)" .... And then fill in your description of the social or criminal 'crime' in your 'article'. Every time I hear a 'news reporter' using the phrase "the daring robber" in the garbage that they spew and claim to be 'news' or even report it neutrally? I want to scream. None of this stuff is cute and it is because of being treated in this light? That it persists. After all it's just "ones and zeros' wot? Our industry has done a magnificent job of globally disassociating our populations from connecting actions to reality (Cause and effect). I've watched it going on now since the late '70's. If some prowler crept into yer own bedroom and pulled your wife's underwear out of the drawer "just to let you know he's cracked your bedroom security" you wouldn't find it amusing or blow it off ... would you? No, if you didn't didn't catch idiot doing it in person and shoot him, you'd be on to the police as soon as you found out. WHY do we thing this sort of invasive behavior is any different???
But Mozilla is releasing in the next iteration a blocker for the idiocy this twit is piddling with. jccampb
You might, have a point, if the "logged in status" was sent back to the server. It's not, the page is simply modified on the client side. So, you have no point. Or rather, your point is based on lazy research and is wrong.
I use No Script and I'm invincible.