robinlinus / socialmedia-leak Goto Github PK
View Code? Open in Web Editor NEWA demo of cross-origin login detection for most major web platforms
Home Page: https://robinlinus.github.io/socialmedia-leak/
License: MIT License
A demo of cross-origin login detection for most major web platforms
Home Page: https://robinlinus.github.io/socialmedia-leak/
License: MIT License
Can you please add Yelp in your list
in my browser i have logged facebook and github both but it is not working.
I have Privacy Badger enabled but I still see Hackernews, Slack, and Dropbox detected (i.e. me being logged in to them). What does this mean?
Firefox tracking protection (in private mode or as an experiment here) helps. At least Twitter is not recognized here.
However it recognizes GitHub, unfortunately.
The link to Privacy Badger on your website is as follows: https://www.google.de/search?q=privacy+badger
People using this link will end up on the German Google Results page showing German results and resulting in links to the Firefox and Chrome extensions to be in German as well.
For example, clicking on the link to the Privacy Badger Extension for Google Chrome from the Google Results page, leads to https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp?hl=de (notice the ?hl=de
on the end).
To improve usability for non-German visitors, I suggest you use the google.com domain which should redirect the user to the correct regional version of Google.
https://github.com/RobinLinus/socialmedia-leak/blob/master/demo.js#L32
๐
You'll get the same response logged in or out now. Thanks for identifying!
Tested with Google (including YouTube), Twitter and Github.
If I allow third-party cookies, it shows that I'm logged in there (which is correct), but if I block third-party cookies it shows none of them. So this might be a way to work-around this too.
I use a combination of:
so basically the site doesn't work for me (which is good!) xD
That being said, it's interesting to experiment to see which tools are blocking what tracking methods. I feel like there's a lot of redundancy here - sometimes I can't even figure out what is blocking a specific tracker!
Reddit now show an intermediate html before serving the requested resource.... not sure if was done by accident ๐ค๐ค but any way, you get html for fav.ico whether logged in or not.
First thing everybody should do after installing a browser:
Block third party cookies.
Could be mentioned on your website.
It doesn't detect them
When I open Chrome in Incognito Mode, it shows me that I'm logged in to the following services (even though I'm not):
Twitter
Facebook
Google Plus
Reddit
Flickr
When I open Chrome normally, it shows me that I'm logged in to the following services (even though I'm not):
Flickr
It also shows me that I'm not logged in to the following services (even though I am):
Netflix
?
Maybe they fixed the issue, but Amazon/Netflix do not show up as logged in, even though I am.
would it also be possible to derive for example the Jungian archetypes, the myer-briggs equivalence-class or the big five from such data like you could do 2 Years ago on facebook: http://www.huffingtonpost.com/2014/06/12/facebook-five-labs_n_5485489.html
" 2016/10/07: Instagram removed the favicon from their root domain. They"
They.. what?
I'm not sure if anyone else has this issue, but I have this issue when using Chrome with uMatrix vs when opening up an incognito tab.
Indeed.com is not leaking logged in status.
Would like to see if Yelp has this weakness or not and notify them.
So far, this doesn't seem to work:
{
domain: "https://www.yelp.com",
redirect: "/login?return_url=https://www.yelp.com/favicon.ico?hl=en",
name: "Yelp"
}
hi, after facebook update they changed urls path, i tried set path to
https://www.facebook.com/login/?next=https://www.facebook.com/favicon.ico#_=_
but it not working, can you help?
if logged in to fb
if not logged in to fb
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.