I browsed to CNN and was horrified to see my Facebook picture there with a "post a comment" box. How did CNN get my Facebook login information?
More specifically, how did CNN know I was logged into Facebook? It seems like CNN would have to have access to a cookie set by Facebook to do that.
This is the only sequence I can think of.
I browse to Facebook and log in.
I check the "Keep me logged in" box.
Facebook places an authorization cookie on my machine.
I browse to CNN.
CNN reads my Facebook cookie and sends the authorization code to a Facebook API.
The Facebook API verifies my login information and displays the comment box.
Is this what is happening? Or is there some other voodoo going on?
I've seen cross-site stuff like this with advertising, but that just displays information. I just assumed sites like LinkedIn sold my information to advertisers. Automatically logging me into a third-party site seems totally different.