I’m confused by this. You are positive the “second IP address” isn’t merely a different YouTube host then the first browser instance was being serviced by? That’s what it sounds like to me.
Nope, I was fresh and logged into my account in our site. As soon as I clicked submit to a Youtube link in a second tab all hell broke loose and my site detected an address change and immediately kicked me out while NoScript hit me with the cross site warning about Youtube BY NAME. I had absolutely nothing else happening from any other source. It was the action of loading the Youtube page that set it all off. >And my site would not have kicked me out unless it absolutely detected an address change to my account<. Except I checked my own IP address and it had not changed.
Like I say, I started from scratch with a clean cache and replicated it two more times. It was a bot server from Youtube with a different IP address hitchhiking into my account. There is no mistake.
Simultaneous warning from NoScript:
“You are about to load a page from timelessauthors.com
if you are a timelessauthors.com logged in user, information
about your identity might be acquired by youtube.com”
This isn’t my first rodeo with Youtube. Years ago they were accessing cameras and microphones. And all you had to do is land on their page. No login required to get hit with the requests.