Are global comment systems a privacy concern? [closed]

开发者_开发问答 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 9 years ago.

I more and more see these global login-once comment-everywhere systems on every page. I didn't do my homework of tinkering debugging and search before asking, so my question is as follows:

1. You login on site A and leave a comment.
2. Now you go on site B, which uses the same global comment system. At the bottom of the page a request form with your name and data appears for you to add a comment on B page. You don't leave any comment and browse away.

Does the global-comment provider get information about the fact that you visited page B, even if you don't leave any comment ?

I will dig into the code as soon as I have time, but in the meanwhile I would like to ask your insights on this regard.

---

Yes, they certainly can. This is typically made available several ways. First, there's the Referer header. For Disqus at least, they use script URLs like http://subdomain.disqus.com/thread.js?url=main_page_url&trackback_url=null&trackbacks=null .

so even if you have the Referer header disabled they can still tell you went to main_page_url. If you have scripting disabled, you can't use the service. However, you could disable the Referer and enable scripting for that domain only temporarily. NoScript can help with this.

---

For a few people it is, like the EFF.

For the rest of the world it's really not considered. Sure there are some Facebook privacy groups and alike.

The kind of tracking you are asking about exists but about 20 times the magnitude you are worrying about. Tracking a user between several sites is done by every web service provider whose contents are linked from third party pages, such as google-analytics, digg/stubleupon/facebook widgets, gravatar images.

For example the gravatar service which can be considered quite simple, only a linked image, no JavaScript. This service will be able to track every individual surfing all sites with gravatar images on them. They will also know all sites where a single user has commented. Even if a user hasn't registered their email with gravatar they still has enough to make a profile about that user.

If you are writing any kind of global web service that is included on others websites best bet is to not mention privacy, unless you have to - that will reduce the privacy concern.

Update, gravatar

Although gravatar is not a commenting system it is a subset of features but with the same privacy concerns that is being asked about. Using JavaScript and having users logging in makes it only easier not possible.