Clickjacking on Google YOLO leaks visitors' profile info, but Google won't fix

Discussion in 'privacy problems' started by mirimir, May 11, 2018.

  1. mirimir

    mirimir Registered Member

    Oct 1, 2011
    NOTE: This blog post does what it talks about. Or at least it did before Google blocked the site's API access. It's the "This website uses cookies to ensure you get the best experience on our website. Learn more" button that does the clickjacking.

    Google's reply to a VRP submission:
    That's why we don't trust login widgets, right?

    But Google did block the site's API access, so there's no email address shown. See for an example when it worked.
    Last edited: May 11, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.