
How to Detect the Social Sites Your Visitors Use - soundsop
http://www.azarask.in/blog/post/socialhistoryjs/
======
johns
This article has good intentions, but I worry about people using this method
with a list of popular bank domains to figure out where you bank online. Then
the web site operator uses the password used by the user (who uses the same
one everywhere) to work their way into an account. Unlikely scenario, but it
shows that even the slightest data privacy breach can be used for evil.

~~~
jhancock
More likely examples are hacking into sites that don't use two factor auth,
like your domain registrar or web mail accounts.

If you are using any form of online banking without two factor auth, find
another bank!!! Even paypal offers a security token these days.

~~~
mattmaroon
How exactly would they do that?

~~~
khafra
Is your question "how exactly would the site usage monitoring hacker steal
your bank account?" or "how would a bank use two-factor authentication over
the internet?"

For the former, if we assume a malicious website administrator collecting
usage details, he'll use the email address and other information revealed
during the sign-up to spear-phish the unwary user with malware targeted at
their particular bank. Such malware is available at any wretched hive of scum
and villainy at reasonable prices.

If your question's the latter, solutions include a battery-powered token that
produces different numbers at 60 second intervals, a temporary PIN sent by SMS
to a registered phone, and others.

~~~
mattmaroon
It was the first. I missed the original part where the commenter you were
replying to was assuming your site has a login and people use the same
password there that they do with their email or bank accounts.

Wouldn't it be much easier to simply suggest people have different passwords
for their banks, rather than having devices for each one? The SMS thing is
cool though, PayPal does that now I think.

------
FiReaNG3L
This is nothing new but is still very cool; it has potential applications
beyond detecting social sites; detect visitors that have visited competitors,
for example.

I think I'll implement it on <http://esciencenews.com> for the social share
section (which has digg, reddit, stumble, etc) because the amount of
submissions I see from those buttons is super low and I guess meaningless for
99% of users.

~~~
martey
_This is nothing new..._

That is correct - this was submitted here 6 months ago:
<http://news.ycombinator.com/item?id=202278>

------
srn
A fine reminder to clear your history after any "personal" browsing. On the
other hand, I seem to be able to disable this by disabling the browser history
entirely.

