[Cc-webedit] facebook fan box widget

Jim Dog theinnercityhippy at riseup.net
Mon Nov 16 19:54:57 GMT 2009 

Hi

at work so can't write a detailed thing at the mo, but can ring you tomorrow and explain better if you like?

The basic problem with this isn't that it's facebook (i do have a problem with that but concede that people want to do it which is different to this objection- i'll bring that up with some proposals for solutions at a later date).

The problem with an embedded box relates to the way the users web browser handles that information. Here's a really brief summary-

a user types www.climatecamp.org.uk into their browser. This sends a request for the front page to our server, which then sends the html code for our front page back to the browser, which translates it into words and pictures for it to display on the users screen.

In this instance, that html code includes the code you posted to the list for the facebook embed box. Since the information that it requires is not hosted on our server, the users browser then automatically sends a separate request to the facebook server for the information it requires in order to display the missing information. This then gets sent back and put in the correct place by the users computer so it all looks like it is part of the same page, despite coming from two separate places.

The request that is sent to the facebook server contains a lot of personal information about the user, including their ip address which is uniquely identifying to them (same as a home address), time, date and referring url (in this case climatecamp.org.uk). This makes it very simple for anyone to see every single visitor that our site has had, despite the fact that we keep no access logs for our server so that people can visit us anonymously if they wish without fear of the authorities seizing our server and getting details of anyone sympathetic to what we do (we are a direct action movement remember).

This is all done invisibly, without the possible consent of the visitor and there will be no way to visit our site without giving away our personal details to the largest corporation on earth, and one in particular known to have close links to the us security services (so by default ours too). In short we are forcing that upon people and not allowing them to opt in or out. This is a pretty outrageous abuse of trust if we go ahead with this which is why i say that if we do i'll have no more part of it (though i know it's pretty minor part anyhow), and to be honest the right thing to do in that situation would be to let people know not to visit or use the site if they care at all for remaining anonymous or not generating revenue for microsoft. This should be made very clear in a pop up warning of some kind before the front page loads if you go ahead with this anyway.

As i said, ringing me tomorrows probably a good idea, but i prefer the conversation to be open and transparent.

In solidarity

jimdog




-original message-
Subject: Re: [Cc-webedit] facebook fan box widget
From: Jonathan Stevenson <jjjstevenson at fastmail.fm>
Date: 16/11/2009 5:07 PM

To be honest I'm not aware of the security implications as I'm involved 
in this group from the persective of communicating what we're doing to 
the world not as a techie - could you elaborate?

Also I definitely don't want to make you leave the group. But also I 
think Neil has a point. We use Facebook and Twitter at the moment and 
until a non-corporate application does what they do I think we're stuck 
with them. Should we ask to be removed from all the major search engines 
on the same basis?  I'd prefer to support the development of 
non-corporate alternatives while making use of things that generate web 
traffic at the moment. I think that's the common ground we've found 
across the set of people who've been involved so far, though I realise 
that's not the result of a long and proper discussion in person, so 
maybe we should work out when we can have that about this.

Anyway, the main thing that looks good about the facebook box thing is 
that it shows you some people who are involved in what we're doing, 
which at the moment the blog doesn't as it's usually an anonymised 
person with no picture etc. If Crabgrass or whatever did this kind of 
thing that humanises being involved in Climate Camp then I'd be in 
favour of embedding that instead. And a randomly generated list of six 
'fans' of the Facebook groups is quite a good way to address security 
concerns I'd say. So I'm approaching it from that perspective not from 
wanting to help Facebook sell my data to the CIA.

J


Jim Dog wrote:
> Hi
>
> i've refined the code a little to make it more suitable:
>
> <script type="text/javascript" 
> src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_GB"></script><script 
> type="text/javascript">FB.init("2d8b4fab7bd2a9baf4f71f558e317eea");</script><fb:fan 
> profile_id="13788209740" stream="1" connections="10" 
> width="300"></fb:fan><div style="font-size:8px; padding-left:10px"><a 
> href="http://www.facebook.com/climatecamp">Generate advertising revenue for one of the worlds biggest polluters and least ethical companies in the name of climate camp - click here</a> </div>
>
> in all seriousness, are people aware of the security implications of embedding a link like this in the site. Pulling out a feed is one thing but this is way way too far, to the point where i'd be prepared to block it (as in my admittedly minor involvement would come to an amicable end if this goes ahead). Remember the anti capitalist remit agreed by concensus at blackheath? We can do better than this ;-)
>
> in solidarity
>
> an insanely busy jimdog
> _______________________________________________
> Cc-webedit mailing list
> Cc-webedit at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/cc-webedit
>
>
> _______________________________________________
> Cc-webedit mailing list
> Cc-webedit at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/cc-webedit
>   


_______________________________________________
Cc-webedit mailing list
Cc-webedit at lists.aktivix.org
https://lists.aktivix.org/mailman/listinfo/cc-webedit

More information about the Cc-webedit mailing list