[tuankiet65]

Apparently the old Wordle URL redirects to the new NYT page, and it includes the statistics as a JSON in the URL so the new page know what's the old statistics is.

[oh_sigh]

Also makes it really easy to forward a user to a nytimes phishing site.

e.g.

"Hey - did you see the new wordle? https://www.powerlanguage.co.uk/wordle/?url=https://www.exam... "

[g_p]

Seems like hopefully an easy and obvious fix - no need for a fully open redirect here!

[krrishd]

Ah, I was wondering how it persisted the stats (which I presumed were stored via localStorage).

[pickledish]

Ah! Thank you for this, I was wondering how they preserved the statistics through a move to a whole different site (where the old local storage of course can’t be accessed)

[m00n]

The statistics worked for me too, just the streak was reset.

[jdorsey1]

This is clearly a violation of privacy because the url is unencrypted. NYT may face a billionaire lawsuit and his future is compromised.

[avl999]

The url is encrypted, the entire thing is over tls.

[jrochkind1]

I find the idea amusing that exposing people's wordle scores would result in billion dollar damages. My life was ruined because someone was able to find out 60% of my wins are on 6 guesses!