Third-party cookies not being blocked

Thissucks

I opened an X page, and it asked me to login with a Google account other than the ones with which I logged into my phone. I'm only logged into that account on Gmail inside Vanadium. So somehow that information gets communicated across websites. The same thing happened when I visited Reddit.

I have third party cookies blocked but what can this be other than that? How can I maintain my privacy?

Dumdum

Thissucks
Your Google account is kept under Settings > Passwords, passkeys and accounts for apps to use.

Johnnyloans

Thissucks So somehow that information gets communicated across websites.

I went to x.com > tapped sign in with google > it sent me to "accounts.google.com" so now it shows my google accounts on Google.com

Another possibility that isnt applicable to the twitter login:
They CNAME linked a URL the company owns to their business partner.

For example, docs.example.website actually connects to google docs and it shows my company branding.

Thissucks

Dumdum My point is that that's a different Google account. The login that it presents is one I only used inside Vanadium to login to Gmail.

Thissucks

Johnnyloans I didn't click sign in. It was a javascript pop-up that appears on x.com itself that fills in my Google account credentials with the only remaining step being to click the sign in button.

Johnnyloans

Thissucks

Oh, the google sign in pop up on the top right, at least on desktop.

That is not a cookie. It is getting pictures, buttons, assets from google.com

Same thing as copying a bit of code to get the current weather from another site and put it into my webpage. It downloads part of the website elsewhere.

Thissucks

Johnnyloans So is that information being shared with the site I'm visiting (X / Reddit)?

ClickClickDrone

As Johnny says, these aren't 3rd party cookies;
Instead, these sites likely do this by using Google's "Login with Google" API, which contacts Google via JavaScript XMLHTTPRequest or fetch, bypassing the need for cookies, as now Google's tracking code is inserted directly into the site.

NOTE: This is just an educated guess from someone who has experience as a web developer.