Gab.com website identifies and tracks Poal.co users

1.1K

•

Gab.com website reads the Poal.co cookie. This is a classic trick website owners user to identify which other websites users have visited.

Gab.com website identifies and tracks Poal.co users

https://poal.co/s/AskPoal/427342 Gab.com website reads the Poal.co cookie. This is a classic trick website owners user to identify which other websites users have visited. **Gab.com website identifies and tracks Poal.co users**

[–] [Sticky] • 2 pts

FYI Poal's cookie doesn't contain the username in clear, but only a session and remember_session hash.

link

[–] • 2 pts

Good lord. What's wrong with you? Knock it the fuck off and stop tracking any info you God damn kike.

parent
link

[–] • 2 pts

lol Are you the cookie monster?

parent
link

[–] • 1 pt

Nope. Just hate them tracking cookies. Evil tracking cookies.

parent
link

Load more (1 reply)

[–] • 0 pt

Shouldn't cookies only be readable (well, sent by your browser) to the originating domain?

link

[–] • 0 pt

You would think right? ...but that is not how it is. The doctrine has always been that cookies are generally public to anyone and you encrypt or hash the contents for security. This is because otherwise you would need some form of trusted authentication like ssl certs that can validate identity of the domain

parent
link

[–] • 0 pt

I can't think of a good reason to have a cross domain cookie. If foo.com is a partner of bar.com or whatever, and you have to login twice that seems reasonable.

Having the cookie be just a hash for a session id sounds smart.

I don't know much about website development. I know basic HTML, and I've had to interpret and modify bits of javascript before. That's about it.

parent
link

[–] • 0 pt

Do they think I'm cute?

link

(post is archived)