WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2025 Poal.co

709

https://poal.co/s/AskPoal/427342

Gab.com website reads the Poal.co cookie. This is a classic trick website owners user to identify which other websites users have visited.

Gab.com website identifies and tracks Poal.co users

https://poal.co/s/AskPoal/427342 Gab.com website reads the Poal.co cookie. This is a classic trick website owners user to identify which other websites users have visited. **Gab.com website identifies and tracks Poal.co users**

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (20).
[–] 0 pt

Shouldn't cookies only be readable (well, sent by your browser) to the originating domain?

[–] 0 pt

You would think right? ...but that is not how it is. The doctrine has always been that cookies are generally public to anyone and you encrypt or hash the contents for security. This is because otherwise you would need some form of trusted authentication like ssl certs that can validate identity of the domain

[–] 0 pt

I can't think of a good reason to have a cross domain cookie. If foo.com is a partner of bar.com or whatever, and you have to login twice that seems reasonable.

Having the cookie be just a hash for a session id sounds smart.

I don't know much about website development. I know basic HTML, and I've had to interpret and modify bits of javascript before. That's about it.