In 2020, I discovered a way to identify Glitch users visiting a webpage. This issue is now fixed.
This is actually something other than this demo Leave your name here just by visiting the project, which I developed a while after I reported the above user identity leak as a security issue.
… the Glitch team still took steps to fix this issue.
It was the recent CDN migration from
cdn.glitch.me that fixed this.
Even more recently and not even covered in the above article, it looks like there is additionally a stronger implementation of allowed asset types: Can't upload an .obj file?