1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logged in?

Discussion in 'Bits & Bytes' started by Arc, Dec 24, 2017.

  1. Arc

    Arc Full Member

    “Click&Clean” is a Chrome Browser extension that I’ve used for years. It does lots of things. One of its many privacy functions, (snicker), is it tells you if you are logged in to Google, Facebook or Twitter. As the app states regarding that particular feature that's specifically just for the three account sites states:

    “Are you logged in? What does this mean? This implies that any website can obtain quite a lot of information about you. If you see your profile picture above, then it doesn't take a magician's trick to determine your public profile and learn more about your interests - for example, by using Search by Image service.’

    ‘Therefore, we do not recommend you to surf on questionable websites while you are logged in to an account. Do not go to any other websites while banking on the internet!”

    I’ve always made it a point to periodically check and make sure I wasn’t logged in to Google, Facebook or Twitter unless I wanted to be. If I was I took steps to log out and verify with the extension. It has worked fine for a couple of years.

    Now, no matter what I do I cannot according to “Click&Clean” log out of Facebook. The app shows me always logged in. This remains true even if I clear all cache including all cookies, locally stored data and manually check my Facebook account to make sure I am logged out.

    Naturally, I make sure both the extension and the version of Chrome is always up to date. This issue has been going on for about four to six months. For me, it's proportionally more of an issue of curiosity than privacy.

    What’s the deal?
    Last edited: Dec 25, 2017
  2. Susan Addams

    Susan Addams Unregistered User

    No, Arc, you have it all wrong. Being logged in to any individual site merely means that you have an active cookie (a small text file on your computer) that is sent along with any request to THAT site only! Only the site that set the cookie gets to see it. This is an automatic process in your browser. If your settings permit, your browser will save the cookie for each site as long as you want. This does not imply there is any communications going, that happens only when you directly access the site. Other sites can't get it. (Well there is this cross domain shit I never studied, just don't enable that. It's a security risk.)

    There are also tracking cookies, but that is outside of the scope of this convo.

    I don't know Chrome but might be able to help you set up a good cookie management system. On FF and PM we have a cookie management system which has an exception list; GA is on mine so it is exceptional! LOL, but we knew that! I have my main cookies set to delete all cookies when I close my browser. But GA is exceptional so my browser treats it special and saves it, only exceptions get saved, the rest get shit canned tracking cookies and all.

    To address your main concern: the only thing being logged into GA does for you is whenever you return to GA you won't have to login. You're already logged in because the cookie on your computer says you are logged in. Remember every time you send anything to GA your browser sends the cookie info right along with your request. GA's software says, "Oh, that's Arc, he's okay" and your post goes through; you do not have to login again.

    This in no way compromises anything you said at GA to any other site you visit. The cookie communication goes only to the site specified in your cookie for that site.

    To sum it up your fears are unfounded. You are worrying about nothing. The problem you fear is non-existent.

    Now Biker knows more than I but I bet he will get his lazy ass out of bed and see this post and add a bit to what I said, but that is the essential story. Don't worry, be happy! :D
  3. MemphisMark

    MemphisMark Old School Conservative

    I avoid FB as much as possible on my PC. I specifically do not visit any other website other than FB on Chrome, or links I get from FB. I use FF for everything else.
  4. Susan Addams

    Susan Addams Unregistered User

    You need a better cookie blocking policy. You can gain some privacy but sometimes at a cost. For example, I don't let Google track me. It doesn't work perfectly or I wouldn't be able to use my Gmail account. But my browser loses the Google cookie whenever I fully close all the windows. Google tracking cookie gone. Go back online and as long as I don't use Google I'm off their radar. (I suspect that is inaccurate due to Google Analytics, which I use myself on my own sites.)

    Same for Facebook. Set your browser to not save FB cookies, it's in the privacy section. Just turn on "forget cookies when browser closed." Then don't visit FB and their cookie won't be there for your browser to send. But what you lose is that you can't stay logged in at FB, you have to manually login to visit the site.

    I've been planning to get a FB account but I'm going to get it on one of my HTPCs. I have heard they steal your address book. I have had invites from friends who said they never told FB to invite me. It was behind their back. My HTPCs have no email programs. Good luck with stealing my email contacts from an empty, non-configured email account. Then I can just surf FB from my TV. I don't surf from there usually so there is nothing to track.

    There are tricks they play: embedded pages, a little slice of a Google page on another site? I think that's how my analytics works. I have a snippet of code that accesses Google when you visit my page, tells me demographics on my visitors, tells Google that was you. Note this: I get readouts on UNIQUE VISITORS each day. Just how do they know those visitors are unique? IP address? Cookies? I don't know.

    Other things you can do are (1) if your IP address is dynamic or semi-static you can force a new IP by changing your router's outbound MAC address (cloning) and reboot. If you are static your only means is to pay a VPN service. Then you end up with the same bucket IP address shared by hundreds of people. Good luck tracking that! :p

    My web server mentor/friend has a router with built in VPS, he never goes on the Internet with his real IP address, never. He has good reason for that. He isn't warping the DMCA, he's totally threading it and stomping on it! Sort of like Julian Assange but in the world of porn. They'd love to find out who he is. (The porn IP owners.)
  5. Biker

    Biker Administrator Staff Member

    Sites no longer need cookies in order to track you. There are a myriad of ways to track someone now, many of which do not include dropping a HTTP cookie. There are also Flash Cookies (Local Shared Objects), a png picture with encrypted content, HTTP eTags, Web Cache, window.name caching, userData storage (IE only), HTML5 Session Storage, HTML5 Local Storage, HTML5 Global Storage (IE only) and HTML5 SQLite Database Storage. And that's just the tip of the iceberg, so to speak. There are also "evercookies" that are pretty much permanent, regardless of attempts at removing them.
    Arc likes this.
  6. Susan Addams

    Susan Addams Unregistered User

    I've already addressed the flash cookies.
  7. Arc

    Arc Full Member


    Also, (for the just give me the simple English additional info folks), extensions to browsers like Chrome can generate what otherwise to the layperson would be called site cookies including Facebook cookies.

Share This Page