Are global comment systems a privacy issue?
I see more and more these comment-based global comment systems across all browsers on every page. I haven't done my debugging and search homework before asking, so my question is this:
- You go to site A and leave a comment.
- You are now taken to Site B, which uses the same global commenting system. At the bottom of the page, you will be prompted with your name and details to add a comment to page B. You do not leave comments or view.
Does the global comment provider receive information that you've visited Page B even though you haven't left a comment?
I'll dig into the code as soon as I have time, but in the meantime, I would like to tell you about it.
a source to share
Yes, they certainly can. This is usually done in several ways. First, there is the Referer header. At least for Disqus they use a script url like http://subdomain.disqus.com/thread.js?url=main_page_url&trackback_url=null&trackbacks=null .
so even if you have the Referer header disabled, they can still tell you went to main_page_url. If you have scripting disabled, you cannot use this service. However, you can only disable Referer and enable scripts for that domain temporarily. NoScript can help with this.
a source to share
For a few people, it's like EFF.
For the rest of the world, it really doesn't count. Of course, there are some privacy groups on Facebook and so on.
The type of tracking you are asking for exists, but about 20 times more than what you are worried about. User tracking across multiple sites is done by a web service provider each whose content is linked to third party pages like google-analytics, digg / stubleupon / facebook widgets, gravatar images.
For example, the gravatar service, which can be considered quite simple, only in a connected way, without JavaScript. This service will be able to track every single surfing on all sites with gravitar images on them. They will also know all sites that one user has commented on. Even if the user hasn't registered their email with gravatar, they still have enough to make a profile about that user.
If you are writing any global web service that is included on other websites, the best option is not to mention privacy unless you need to - it will reduce privacy ...
Update, gravatar
While gravatar is not a commenting system, it is a subset of the functionality, but with the same privacy issues asked. Using JavaScript and including users in the account makes it easier to use.
a source to share