Category Archives: Social networking

Allow more JavaScript, maintain privacy

I’ve long regarded JavaScript in the browser to be one of the biggest security holes in web-browsing, and at the same time the Internet works less and less well without it. In 2008 Joel Spolsky made the observation that for some people the Internet is just broken:

Spolsky:   Does anybody really turn off JavaScript nowadays, and like successfully surf the Internets?

Atwood:   Yeah, I was going through my blog…

Spolsky:   It seems like half of all sites would be broken.

Which is not wrong.  Things have changed in the last five years, and now the Internet is even more broken if you’re not willing to do whatever random things the site you’re looking at tells you to, and whatever other random sites that site links off to tell you to, plus whatever their JavaScript in turn tells you to. This bugs me because it marginalizes the vulnerable (the visually impaired, specifically), and is also a gaping security hole.  And the performance drain!

Normally I rock with JavaScript disabling tools and part of my tin-foil-hat approach to the Internet, but I’m now seeing that the Internet is increasingly dependent on fat clients. I’ve seen blogging sites that come up empty, because they can’t lay out their content without client-side scripting and refuse to fall back gracefully.

So, I need finer granularity of control.  Part one is RequestPolicy for FireFox, similar to which (but not as fine-grained) is Cross-Domain Request Filter for Chrome.

The extensive tracking performed by Google, Facebook, Twitter et al gives me the willys. These particular organisations can be blocked by ShareMeNot, but the galling thing is that the ShareMeNot download page demands JavaScript to display a screenshot and a clickable graphical button – which could easily been implemented as an image with a href. What the hell is wrong with kids these days?

Anyway, here’s the base configuration for my browsers these days:

FireFox Chrome Reason
HTTPSEverywhere HTTPSEverywhere Avoid inadvertent privacy leakage
Self Destructing Cookies “Third party cookies and site data” is blocked via the browser’s Settings, manual approval of individual third party cookies. Avoid tracking; StackOverflow (for example) completely breaks without cookies
RequestPolicy Cross-Domain Request Filter for Chrome Browser security and performance, avoid tracking
NoScript NotScripts Browser security and performance, avoid tracking
AdBlock Edge Adblock Plus Ad blocking
DoNotTrackMe DoNotTrackMe Avoid tracking – use social media when you want, not all the time
Firegloves (no longer available), could replace with Blender or Blend In I’ve have had layout issues when using Firegloves and couldn’t turn it off site-by-site

Google engineer’s rant about Google Plus

A fascinating rant about why Google Plus isn’t working (as well as some interesting stuff about Amazon), from a Google insider.

Google+ is a knee-jerk reaction, a study in short-term thinking, predicated on the incorrect notion that Facebook is successful because they built a great product. But that’s not why they are successful. Facebook is successful because they built an entire constellation of products by allowing other people to do the work. So Facebook is different for everyone. Some people spend all their time on Mafia Wars. Some spend all their time on Farmville. There are hundreds or maybe thousands of different high-quality time sinks available, so there’s something there for everyone.

The full rant.

Analysis from Ed Bott:

And there’s the problem with Google+ in a nutshell. It’s a clone of Facebook, built by engineers for people who think like engineers. I now realize what it was I couldn’t put my finger on: this service started out as a list of features. But it didn’t start out with a vision. In fact, I’ve never heard anyone articulate, from a customer’s point of view, why Google+ came into existence in the first place.

I think they’re both probably right… and it’s why I suspect Google Plus won’t get the critical mass to become the replacement for Facebook or Twitter anytime soon.

How not to run a corporate web site

I’ve noticed that Transport For London do this irritating thing: they move (“archive”) their corporate media releases content each month.

So this:
http://www.tfl.gov.uk/corporate/media/newscentre/19678.aspx

– which has been quoted widely as the press release for the Royal Wedding Oyster Card, for instance on the popular Going Underground blog — gets moved to:

http://www.tfl.gov.uk/corporate/media/newscentre/archive/19678.aspx

The old link returns a 404.

WHY? It just seems utterly pointless.

The other thing they do is fail to show, or even link to pictures on their media release pages, even in cases like this where the picture is of prime interest, as the story is “Mayor unveils design of the royal wedding Oyster card”. Instead they make you ring the TFL press office.

Perhaps they haven’t noted the rise of social media, where the messages you put out can be spread by bloggers, Tweeters, Facebookers — none of whom will have the time or motivation to ring your press office to get hold of a photo.

If you hide the official information too much, people will end up relying on the unofficial information out there. Less detail, less reliability, and you’ve got less control of the message you want to put out.

Seems an odd way of doing things in the 21st century.

(I only had this rant because I was looking for a picture of the special Royal Wedding Oyster Card.)

Advertisers impersonating Facebook ON Facebook

This “Mailbook” advert appeared on Scrabble, just below the normal Facebook toolbar.

"Mailbook" ad seen on Facebook

Seems dodgy to me. It’s a quite misleading way to try and get you to click on the ad.

Surprised Facebook would allow something that appears so similar to their own navigation.

Maybe they haven’t spotted it yet. I wonder if the icons are pixel-for-pixel copies?

Damn you Facebook

I just want to look at a photo a friend has posted. No doubt the app in question makes it very easy for my friend to post the photo, but it’s difficult for me to see it without handing over a bunch of control to the app.

Facebook Photo of the Day app permissions

Now, I know it’s not Facebook’s fault specifically, but c’mon, why do I need to give an application access to my Profile and details of my friends just to look at a photo? I don’t want to do that.

Surely they could change the FB API around so it’s easier to have simple interaction with an application (eg to just look at the photo, not post my own) without handing over this kind of permission?

But then the app wouldn’t spread so fast virally, would it.

The fact that this kind of stuff is so typical is not exactly training users to be careful about minding their privacy online.

Fortunately in this case, it appears that the app is just re-broadcasting a photo from the user’s existing collection of photos, so I’ve been able to hunt it down and look at it there.

Of course, it’s in the FB photos standard lowish resolution, no bigger copy available, but that’s another story.

Facebook’s invisible “About Me”

Facebook has new simplified privacy options.

Including one for About Me, which it claims “refers to the About Me description in your profile”.

Facebook security

“About Me”? I don’t remember that.

So I went looking in my profile. It was nowhere to be found. I thought maybe somewhere on the Info tab. Nup, couldn’t see it.

Eventually with some clues from someone on Twitter pointing me to it, I discovered it’s invisible unless you’ve set it to say something. Very helpful.

So to find it, it’s under: Profile / Info tab / Personal Information, then if you can’t see About Me, click the Edit button for Personal Information. Only then will it appear.

And just to confuse things, the “Write something about yourself” box underneath your photo in your Profile is different.

Facebook security issues

So here’s the thing. The other day I was looking at Facebook, at the Wall of a friend of mine, Jason.

And for a few minutes there, Facebook decided I was logged-on as Jason.

Except I wasn’t. I didn’t have any permissions to look at his private stuff, nor change things, but every time I clicked on the Profile button it showed me his Wall, not mine.

Facebook thought I was logged on as Jason

When I clicked Home, it thought I was me again. Clicking back to Profile, Jason again. I just couldn’t get to my own Profile.

In the bottom-right it said I had a bunch of notifications. But it wouldn’t let me see them; they must have been his.

Then I clicked logoff, and became me again.

I had a look at a couple of other friends’ Walls, it didn’t do it. But back on Jason’s, it got stuck again. I let him know, of course.

Makes me glad it didn’t just assume I was him and let me do and see anything he could. All I ever saw (apart from the number of notifications he had) was stuff I could see anyway as his friend.

All very odd.

tr.im goes west

After some problems in the last week or two tracking stats (often they’d show zero hits), URL shortening service tr.im shut down suddenly this morning around 8am AEST, citing lack of investment:

tr.im is now in the process of discontinuing service, effective immediately.
Statistics can no longer be considered reliable, or reliably available going forward.
However, all tr.im links will continue to redirect, and will do so until at least December 31, 2009.
Your tweets with tr.im URLs in them will not be affected.
We regret that it came to this, but all of our efforts to avoid it failed.
No business we approached wanted to purchase tr.im for even a minor amount.
There is no way for us to monetize URL shortening — users won’t pay for it — and we just can’t justify further development since Twitter has all but annointed bit.ly the market winner.
There is simply no point for us to continue operating tr.im, and pay for its upkeep.
We apologize for the disruption and inconvenience this may cause you.

Personally I liked tr.im, but with its demise the quest for the ultimate URL-shortening service continues. Search Engine Land has a good list from April.

I’ve signed-up for bit.ly, and it looks okay, though already I can see one annoyance: it tracks everything by US time, with no apparent options to change that.

And I guess I’ve got about 4 months to manually go through the best of my Tweets and save the expanded tr.im URLs — something I started doing last week to prevent any future problems with stuff I’d written being lost.

Interestingly at least one of my older URLs from tinyurl.com (which has a very good record, having been around for 7 years) looks to have been corrupted: http://tinyurl.com/34sov somehow points to http://51744jqgt36.jqgt36/JQGT36 instead of http://dilbertblog.typepad.com/the_dilbert_blog/2007/10/so-you-think-yo.html Odd.

Another example: http://tinyurl.com/263hx would have linked to some media article I think; now it goes to a Polish photo web site.

Update Tuesday: More interesting reading on tr.im

Update Wednesday: tr.im is back… for now.

Do you want to appear in adverts on Facebook?

Want to appear in adverts to your friends on Facebook?

I don’t. I don’t see why an advertiser should be able to imply that I use or recommend their product. And I had been wondering why people I know started showing up in ads like this:

Stupid Facebook ad

Note that all three suggested dates are wrong. Pretty stupid.

Anyway, you can stop your profile image appearing in adverts by going to this Facebook settings page.

Or if that doesn’t work, go to Settings / Privacy / News feed and wall / Facebook Ads. Nicely obscure, isn’t it.

Facebook advert options

(via Rae… who also pointed me over to this article about recent changes by Facebook in this area.)

I hate relative time

As I’ve mentioned in passing before, I hate relative time on updates.

Twitter is the obvious one here. “About 8 hours ago”. “About 9 hours ago.” WTF use is that? Why not just tell me the time it happened, so I don’t have to mentally work it out?

It’s particularly useless if I want to compare the time of that Tweet to something outside Twitter.

Likewise the ABC Online News “4 hours 37 minutes ago” … jeez, just give me the publish time.

It’s doubly-annoying when presented on web pages, which may or may not get read immediately, and sometimes sit there for a while without being refreshed or updated. I come back half-an-hour later… “About 3 minutes ago”… oh really? When was that? 3 minutes before I last refreshed the page? Again, useless information.

The annoying thing is some programmer has actually jumped through hoops to display the time like this.

PLEASE, just give me the option of showing the ACTUAL time, not the relative time.

Now, does anybody know of a good Windows Twitter client that will show me actual times?

(OK, some people on Twitter reckoned Tweetdeck is one to try.)