How did CNN get my Facebook login information? [closed]

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 10 years ago.

Improve this question

I browsed to CNN and 开发者_开发百科was horrified to see my Facebook picture there with a "post a comment" box. How did CNN get my Facebook login information?

More specifically, how did CNN know I was logged into Facebook? It seems like CNN would have to have access to a cookie set by Facebook to do that.

This is the only sequence I can think of.

I browse to Facebook and log in.

I check the "Keep me logged in" box.

Facebook places an authorization cookie on my machine.

I browse to CNN.

CNN reads my Facebook cookie and sends the authorization code to a Facebook API.

The Facebook API verifies my login information and displays the comment box.

Is this what is happening? Or is there some other voodoo going on?

I've seen cross-site stuff like this with advertising, but that just displays information. I just assumed sites like LinkedIn sold my information to advertisers. Automatically logging me into a third-party site seems totally different.

---

It's an iframe. The iframe has access to your facebook cookies, but the containing site does not.

---

a better explination at http://my.opera.com/quakerdoomer/blog/2010/05/26/enforcing-disclosures-the-present-social-networking-e-identities-helplessness