Social Network Login Status Detector Demo

Tom Anthony (@TomAnthonySEO) created this interesting demonstration of how a website you visit can easily detect which social networks you are actively logged into.  This isn’t a horrible security issue, but it is something that you should be aware of if you care about having some third party “see” which social networks you are using.

In a nutshell, what the technology does is to request that an image be loaded from Facebook, or Google, or whatever.  If the load is successful, then you are logged in to that site.  If the load fails, then you weren’t logged in and the server has redirected you to the login page instead of serving up the image.

This isn’t really a “fixable” exploit.  The obvious way to fix this would be for the servers of all the social network “targets” to always serve up image requests regardless whether you are logged in or not.  Clearly, that won’t work as then it would be easy to hack their image stores from an anonymous account.  As far as I can see, the only way to “fix” this would be for servers to only redirect to a login page for non-image requests, and just serve up a broken image icon of some type to mask the image when the user isn’t logged in.  Of course, the image being served up would have to masquerade as the image requested so the browser would find it difficult to detect.  Also, making such changes to servers requires that somebody on that end actually cares about this privacy issue.

I did come up with an interesting “white hat” use for this technology though… If you put it on your company intranet page, assuming employees need to be on there a lot while working, you can detect and log employees that are logged into social networking.  If you have (or think you have) content blocks in place for social websites, this can be a tool to find out who is circumventing your blocks.

Operating systems over time

I’ve been involved with computers since 1978, so I’ve seen the evolution of operating systems and user interfaces.  It occurred to me today that there are three “phases” that have happened (or are happening).  I have some transportation analogies for this:

Unicycle ( unix, dos, cp/m ) – like a unicycle, these operating systems could pivot on a dime, they were small, and cool.  They weren’t very easy to use though, and took considerable skill on the part of the rider (operator).

Car ( Windows XP, Mac ) – like a car, these operating systems were much easier to use than the Unicycle.  They were fast and useful.  While they couldn’t quite pivot like a Unicycle, they were still very flexible.

Train ( Windows 8 ) – Even easier to use than the car, but it only goes forward and backward on the track.  The attempt to dumb down the user interface so it can be supported on all devices and screen sizes necessarily limits flexibility.