Can websites find out if you are logged into Facebook, Twitter or Google+? That’s what Tom Anthony wanted to find out. If third party websites could, it could be used for different purposes, from user tracking to optimizing the websites services for the networks the user is logged in.
Facebook for instance provides an API for that that developers can use to find out if users who are connecting to their website are currently logged into the social networking site.
For Twitter and Google+, Tom had to find a different way that was cross-browser compatible as the service’s Apis – or non existent API in the case of Google+ – did not allow to check a user’s log in status directly.
The idea again was very simple: Request a file on those sites that require the user to be logged in to view it. A basic example of a similar principle would be a link to the upload a file page on those networks. Users who request to open these pages see a login prompt first, before they see the actual page they requested.
If you just want to see if the script can detect whether you are logged into Google+, Facebook or Twitter, visit the status detector page here.
The script works in all popular browsers, in particular Firefox, Chrome, Internet Explorer 7 and up, Safari and Opera.
The script that Tom posted is merely a tool, that can be used for legit purposes, for instance to only display social buttons for sites the user is logged in, or illegitimate purposes that breach a user’s privacy or target the user in malicious ways.
Users can protect themselves from being analyzed in this way by either logging out of the services when they leave the sites, or by installing browser extensions that block third party look-ups by default.