Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I browsed a blog which allows you to comment on blog posts using facebook (piehead.com, if you want to see what I am talking about)
I noticed at the bottom that my facebook profile picture and full name were on the “add comment” section, since I am logged into facebook using this browser in another tab.
My question – does this site know that I visited, even if I don’t comment/interact? Does the developer of the site have any knowledge of the information in the facebook comment “plugin”?
Thanks
Simple answer. No, your data is “protected”.
Advanced answer:
Facebook comments are realised using xfbml. The Facebook libraries do not offer a way to know any data about you without your interaction with the plugin.
They will most likely not do in the future as well. You can read about that in the facebook plicies.
From an evil webmasters perspective who is interested in your data or identities of people visiting his site, the first thought would probably be:
This facebook thingy is loaded by javascript, right? So I should be able to access the webpages dom and steal the data?
The answer is no. Facebook is taking precautions for that. The javascript libary loads an iframe where your data is displayed, but that is isolated from the rest by javascript same origin policiy.
There are some some Cross site scripting workarounds in place (they are based on the only shared variable across documents loaded from different domains. Its the location variable), and there may of course be some security holes. There indeed have been discovered some in the early days, but the connect library is open source, reviewed a thousand times and can be considered pretty safe.
There is however one “security hole” that enables a webmaster to tell whether you are logged in to facebook or at least take a good guess. But no information about your identity would be present. It would only be possible to cross reference you as a visitor and gain this knowledge about you. You can read about that here.