http://webkay.robinlinus.com/scripts/social-media.js that's a cool trick, thanks...

MacAsm · on Apr 2, 2016

What is this useful for?

educar · on Apr 2, 2016

It helps you figure if a user is signed into a social network. One might think this is not possible because cross-origin restrictions but this trick shows you how to bypass it.

hm8 · on Apr 3, 2016

Could you explain how this works? Er, I mean why only the re-direct to the favicon works?

eatsfoobars · on Apr 3, 2016

The login page will redirect to the favicon if the user is already logged in, or it will serve a regular HTML page if the user is not.

So, the script creates an (invisible) <img> element for every website which points to the login page (which might redirect to the favicon). If it receives an image, the user is already logged in and the onLoad() callback will fire. Otherwise, it will get an HTML page, so the onError() callback will fire.

It could work with any image on the website, not just the favicon.

Capira · on Apr 3, 2016

Though the redirect works only with images hosted on the same domain. The favicon was the only image I could find on twitter.com or facebook.com.

I reported this bug to every company listed there, but all of them said it is not relevant to their users' privacy.

hm8 · on Apr 6, 2016

Yeah, that's a very critical information. Thanks, guys!

dserodio · on Apr 11, 2016

This is showing that I'm logged in to Facebook but I don't have an account there anymore.