Comments on: Mike Hanson, Douglas Crockford, and Facebook; A tale of security, privacy, and performance http://almaer.com/blog/mike-hanson-douglas-crockford-and-facebook-a-tale-of-security-privacy-and-performance blogging about life, the universe, and everything tech Sat, 08 Sep 2012 07:06:53 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: dion http://almaer.com/blog/mike-hanson-douglas-crockford-and-facebook-a-tale-of-security-privacy-and-performance/comment-page-1#comment-46488 dion Sat, 24 Apr 2010 18:58:20 +0000 http://almaer.com/blog/?p=2666#comment-46488 Chris, Thanks for the detailed and thought out comment. On the URL deceiving piece, I just think that the component could do more to alert the user. As a power user for example, I would be happy to hover over the like button for a second and get told what URL it is going to hit etc :) But, I totally understand that the case that matters isn't the power user case. We can still do more to help those users too. Cheers, Dion Chris,

Thanks for the detailed and thought out comment.

On the URL deceiving piece, I just think that the component could do more to alert the user. As a power user for example, I would be happy to hover over the like button for a second and get told what URL it is going to hit etc :)

But, I totally understand that the case that matters isn’t the power user case. We can still do more to help those users too.

Cheers,

Dion

]]> By: Chris Messina http://almaer.com/blog/mike-hanson-douglas-crockford-and-facebook-a-tale-of-security-privacy-and-performance/comment-page-1#comment-46487 Chris Messina Sat, 24 Apr 2010 18:34:00 +0000 http://almaer.com/blog/?p=2666#comment-46487 Interesting times, no? A couple of responses: I actually think it's a feature, rather than a bug, that you can put a Like button on your page that points to ANY link. This is no different than so many ShareThis, Post to Buzz, Digg This, and other buttons out in the wild. Furthermore, if, say, I'm running some campaign on a microsite for my beverage VocaVola, I'm going to want you to like the primary URL for my product, NOT the microsite. Yes, you can totally deceive users into doing the wrong thing, but in this case I think the benefits to well-intentioned people is FAR greater than the few abusers that might try to game the system (if Facebook gets wind of your evil tactics, they could just block you from hosting the iframe anyway). I'm also supportive of adding more social verbs to the browser (big surprise, right?). In fact, the Follow verb in my social agent mockups could serve a similar purpose: http://factoryjoe.com/blog/2010/03/16/the-social-agent-part-3-follow/ The problem is reaching critical mass — and beyond that — starting with identity in the browser. Facebook's Like button only works because most people already have Facebook accounts and are signed in most of the time. For similar functionality to work in the browser (and for the incentive to exist for publishers) you'd need to be able to Like or Follow things that then get sent to a public profile or activity stream (otherwise you're just bookmarking things locally, and no advertiser or marketer will care about that). So until we get identity in the browser, this stuff will continue happening on the server-to-server side. Finally, as for performance — I think you need to look at the sheer ease of integration for publishers. You include at minimum an iframe and you're done. Nothing else to worry about. Couldn't be simpler, and where you want the Like button, it goes — no need to need with with your HTML head at all. When it comes to adding these "social plugins" we really need to think about a novice audience and how much expertise they have. Facebook is powerful because of how simple they make integrating with them — dispensing with complexity and power user features to address the mass market. That approach is single-handedly the most dangerous threat to the open web in my mind — since to date, much of the open web's adherents love the nitty gritty details and power that comes from mastering complexity. Unless we can make our technologies more accessible, Facebook will continue to dominate an ever-increasing audience. Interesting times, no?

A couple of responses:

I actually think it’s a feature, rather than a bug, that you can put a Like button on your page that points to ANY link. This is no different than so many ShareThis, Post to Buzz, Digg This, and other buttons out in the wild. Furthermore, if, say, I’m running some campaign on a microsite for my beverage VocaVola, I’m going to want you to like the primary URL for my product, NOT the microsite.

Yes, you can totally deceive users into doing the wrong thing, but in this case I think the benefits to well-intentioned people is FAR greater than the few abusers that might try to game the system (if Facebook gets wind of your evil tactics, they could just block you from hosting the iframe anyway).

I’m also supportive of adding more social verbs to the browser (big surprise, right?). In fact, the Follow verb in my social agent mockups could serve a similar purpose:

http://factoryjoe.com/blog/2010/03/16/the-social-agent-part-3-follow/

The problem is reaching critical mass — and beyond that — starting with identity in the browser. Facebook’s Like button only works because most people already have Facebook accounts and are signed in most of the time. For similar functionality to work in the browser (and for the incentive to exist for publishers) you’d need to be able to Like or Follow things that then get sent to a public profile or activity stream (otherwise you’re just bookmarking things locally, and no advertiser or marketer will care about that).

So until we get identity in the browser, this stuff will continue happening on the server-to-server side.

Finally, as for performance — I think you need to look at the sheer ease of integration for publishers. You include at minimum an iframe and you’re done. Nothing else to worry about. Couldn’t be simpler, and where you want the Like button, it goes — no need to need with with your HTML head at all.

When it comes to adding these “social plugins” we really need to think about a novice audience and how much expertise they have. Facebook is powerful because of how simple they make integrating with them — dispensing with complexity and power user features to address the mass market.

That approach is single-handedly the most dangerous threat to the open web in my mind — since to date, much of the open web’s adherents love the nitty gritty details and power that comes from mastering complexity. Unless we can make our technologies more accessible, Facebook will continue to dominate an ever-increasing audience.

]]>