back to article Man knows when you're signed in to GMail, Twitter, Digg

A UK-based web developer has figured out a simple way to tell if visitors to his site are logged in to Gmail, Facebook, Twitter, Digg and thousands of other websites. One method developed by Mike Cardwell of Nottingham makes use of status codes returned by many sites, which differ depending on whether a user is logged in or not …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    This is what NoScript is for

    Unneeded scripts are unneeded. Especially on Oppressive Sites.

    I'll get my invisibility cloak.

    1. Anonymous Coward
      Stop

      Bloody hell

      Everyone on this tech site knows what sodding NoScript is. You don't have to brag about using it in the comments of every single article.

      1. Anonymous Coward
        Anonymous Coward

        @EQ

        Well said, every time an article about advertising or privacy or anything like that on the Internet comes up it's all "Adblock and No script, I'm invincible." It's tedious beyond belief.

        "I'm vaguely competent at setting up firefox, bow down at my technical prowess."

        1. Jolyon

          Mostly harmless

          So you already know about it - thanks for telling us all that you don't need the AC telling you.

          But at some point we all heard about these things for the first time and they are worth knowing about so perhaps we can let people bring them up in relevant threads.

          1. Anonymous Coward
            Anonymous Coward

            @Jolyon

            The touble is that it's always fanboys who bang on about things like their personal choice software. There is almost never, particularly in the case of adblock and noscript, a meaningful discussion of the relative merits of the systems used, it's just a case of "I'm better than those other guys because my personal choice of software says so." which despite the user being right or wrong just stinks of self confirmation bias.

      2. Intractable Potsherd
        Unhappy

        Perhaps ...

        Whilst I do not *rely* on El Reg's comments pages for my computer security, I have been directed to security-enhancing software and techniques by commenters here. Not all of us here are primarily employed in computers and security, and when I first started reading El Reg I was essentially clueless as to how to effectively secure my machines ("anti-virus and firewall? Must be safe")!

        When it comes to security, things like NoScript work so disproportionately well (as far as I can tell from the literature) compared to their complexity that reminders that it exists fall into the category of information that cannot be said too often. You never know when someone will benefit from it.

        I'm sure Eq and AC don't think that we should avoid a list of things they already know, so I don't know what their actual complaint is.

    2. hplasm
      Happy

      Invisibilty cloak-

      Free with every Opera hat!

  2. Dazed and Confused

    Multiple browsers

    Isn't this why there are multiple browsers available?

    Who surfs for pr0n in the same browser they work in?

    1. purplefloyd

      Or one browser with multiple profiles

      firefox -ProfileManager -no-remote

  3. Anonymous Coward
    Anonymous Coward

    oh I see

    It is the other way around, except for Twitter. But Twitter was written by apes so what do you expect?

  4. Version 1.0 Silver badge
    Happy

    Inquiring minds what to know

    Does it work for El Reg?

  5. bexley

    Shit

    Wonder if .gov.uk will make use of this

  6. Anonymous Coward
    Anonymous Coward

    question.

    A 200 code indicates the user isn't logged in? At the risk of being wrong, isn't it the other way around?

    "would you care if I could tell you're logged into one or more porn or warez sites?"

    ... not really. If I thought a site would get me in trouble then why would I sign up in the first place? I'm not an idiot.

  7. JaitcH
    Happy

    I like Portable Firefox...

    for browsing controversial sites.

    It leaves no tell tale bits around after you leave.

  8. Anonymous Coward
    Anonymous Coward

    Multiple browsers help

    I have always been paranoid about dodgy (or corporate) sites snaffing cookies etc.. from mail or social (ugh) sites I might be logged into, so apart from no script, I also use multiple browsers. Chrome only for gmail, Opera for the occasional social login and FF + no script for general browsing.

  9. Anonymous Coward
    Joke

    letters and/or digits

    http://controversial-website.example.com/

    Ahh, one of my favourites

  10. deadlockvictim
    Troll

    Attention Marketing Droids at MFST

    Internet Explorer* safer than Firefox!

    As seen in The Register!!

    Now extra exclamation marks!!!

    * applicable only to later versions of IE

    1. Anonymous Coward
      Coat

      Shhh!

      If you actually manage to get their attention they might fix that.

  11. Anonymous Coward
    Gates Horns

    Not more Referer checks!

    When will "professional" web developers learn that Referer checks are useless. In no case is client-side-generated data a good security measure--and in all cases, it's easy to fake. Token synchronizer ftw!

  12. Anonymous Coward
    Flame

    I don't care

    I don't care what the asshole can determine from my session. HOWEVER this clown needs to go down for violating privacy via covert means. I believe this would be illegal.

    Fuck this dude.

    1. Anonymous Coward
      Anonymous Coward

      Wrong

      The information about your login state isn't sent back to the server. It remains within the page, on the client side only.

  13. mhenriday
    Big Brother

    «Perhaps http://oppressive-regime.example.org/ ...»

    Is there any other kind ? Not, at least, if we don't devote significant efforts to keeping our own respective regimes honest, without allowing ourselves to be distracted by their continually pointing of the finger at the other chap....

    Henri

  14. Robert Carnegie Silver badge

    Not covert if we're being told about it, which we are.

    But it COULD be covert.

    I haven't visited the bloke's web site, but it's polite for somebody who has worked out how to make Internet Explorer or Firefox miaow like a cat and then spit a hairball in your face to set up a cover web page that says, "Click on this link to see me make your web browser miaow like a cat and then spit a hairball in your face", and not just go ahead and do it and -then- explain. I don't know which it is in this case.

  15. Ugotta B. Kiddingme
    Thumb Down

    what is this "title" you speak of?

    Hey, I've got a crazy idea. How about just doing work related stuff when using a work owned resource? I don't particularly LIKE not being able to surf where I want during my lunch break or other times when I'm not on the company's dime, but I understand and accept it. I'm not going to jeopardize a well-paying career just to I can chuckle over youtube/etc on break. It IS, after all, the company's computer, the company's network, and the company's RISK.

    The simpler option is to use my OWN laptop with my cellular tether or grabbing the open wireless signal from the building next door. When that's not available, I just wait until I get home or the pub/coffee shop after work. How fscking hard is that?

    Big (Employer) Brother really is watching, and mostly with good (for them) reasons. Deal with it.

    (I'm wearing my asbestos undies today, so you may flame when ready)

  16. jccampb

    More evidence of the "no lifers" who populate the computer industry

    This will not stop until all of us (including and especially the media) starts reporting this kind of thing properly. To Wit; "the mentally and ethically deficient half-wit 'cracker' (who in his spare time surely molests small children and farm animals)" .... And then fill in your description of the social or criminal 'crime' in your 'article'. Every time I hear a 'news reporter' using the phrase "the daring robber" in the garbage that they spew and claim to be 'news' or even report it neutrally? I want to scream. None of this stuff is cute and it is because of being treated in this light? That it persists. After all it's just "ones and zeros' wot? Our industry has done a magnificent job of globally disassociating our populations from connecting actions to reality (Cause and effect). I've watched it going on now since the late '70's. If some prowler crept into yer own bedroom and pulled your wife's underwear out of the drawer "just to let you know he's cracked your bedroom security" you wouldn't find it amusing or blow it off ... would you? No, if you didn't didn't catch idiot doing it in person and shoot him, you'd be on to the police as soon as you found out. WHY do we thing this sort of invasive behavior is any different???

    But Mozilla is releasing in the next iteration a blocker for the idiocy this twit is piddling with. jccampb

    1. Anonymous Coward
      Anonymous Coward

      Wrong

      You might, have a point, if the "logged in status" was sent back to the server. It's not, the page is simply modified on the client side. So, you have no point. Or rather, your point is based on lazy research and is wrong.

  17. mmm mmm

    @EQ

    I use No Script and I'm invincible.

This topic is closed for new posts.

Other stories you might like