[TriLUG] Website drive-by shooting

Brian McCullough bdmc at buadh-brath.com
Fri Apr 11 14:59:08 EDT 2014


On Fri, Apr 11, 2014 at 02:35:41PM -0400, Michael Peters wrote:
> On Fri, Apr 11, 2014 at 2:41 PM, Brian McCullough <bdmc at buadh-brath.com> wrote:
> > On Fri, Apr 11, 2014 at 02:22:12PM -0400, Ken MacKenzie wrote:
> >> Cookies... like say the Facebook one...
> >
> > Bill and I talked about this last night, and he suggested something like
> > that.
> >
> > I gather that ( perhaps ) the web site is reading Facebook's cookies?
> 
> Just to clarify, other sites can't read Facebook's cookies. All they

Which is what I understood.


> can do is make API calls to facebook on your behalf. Now Facebook
> could be returning all kinds of data about you to that site. But
> that's because Facebook is being shifty, not because your cookies are
> being read by some random site.

OK, please clarify.

If "I" am a Facebook user, and I visit "website X," without identifying
myself, what do they ask, and what does Facebook respond?





More information about the TriLUG mailing list