Warning: Facebook coming to Parallax fourms?
Heater.
Posts: 21,230
I have just been alerted by jmg that there is a link to facebook on this forum page.
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1" type="text/javascript"></script>
What is that? I have no idea really but it seems to be about FaceBook's SDK, authentication etc
http://hayageek.com/facebook-javascript-sdk/https://github.com/facebookarchive/facebook-js-sdk
Readable source here:
https://connect.facebook.net/en_US/all/debug.js
Now this may be totally harmless, at least it is not used by any JS on the page yet. I use facebooks's excellent react.js UI library myself (although I build it myself from source on github). But it's a sign thatfacebook buttons may soon becoming to the forum.
Needless to say I'm not happy about this. The day I see a FB button here will be my last day here.
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1" type="text/javascript"></script>
What is that? I have no idea really but it seems to be about FaceBook's SDK, authentication etc
http://hayageek.com/facebook-javascript-sdk/https://github.com/facebookarchive/facebook-js-sdk
Readable source here:
https://connect.facebook.net/en_US/all/debug.js
Now this may be totally harmless, at least it is not used by any JS on the page yet. I use facebooks's excellent react.js UI library myself (although I build it myself from source on github). But it's a sign thatfacebook buttons may soon becoming to the forum.
Needless to say I'm not happy about this. The day I see a FB button here will be my last day here.
Comments
However, if the link is providing legitimate functionality, I still think it would be a good idea to copy the file(s) to the parallax server. This ensures that changes to the file by FB wont affect this site. Also, with that script reference, every page load is sending the page's URL to FB, who is most certainly logging it (at the very least).
I have not looked into that library yet so I have no idea what useful functionality it may have. It's primary purpose does seem to be to allow log in to be authenticated by FB though.
Whatever else it may bring does not seem to be used in anyway by the forum. Currently I have blocked it's download by pointing connect.facebook.net to localhost in my hosts file and every thing here seems to work as usual.
It really should be removed from the forum page.
All of the new forum tools have this feature.
We haven't even discussed the possible integration of Facebook, but we won't make any changes until the community is involved.
Ken Gracey
I am glad to hear that.
However Facebook is very good at tracking non-members and sucking up all kinds of details about them.http://tech.firstpost.com/news-analysis/facebook-finally-admits-to-tracking-non-users-208996.html
So the appearance of facebooks all.js naturally triggers suspicion.
The Facebook chief considers the users of his system as "Dumb f***s".https://en.wikiquote.org/wiki/Mark_Zuckerbergdo you really want Parallax to be associated with such an outfit?
All of the new forum tools have this feature.
We haven't even discussed the possible integration of Facebook, but we won't make any changes until the community is involved.
?? What 'feature', and why is this hook even there ?( Note: This is the only technical forum I have noticed this on. I assumed it was someone's bumbling accident, not a deliberate act )
All it did on my system was S L O W me down ?! (and waste expen$ive bandwidth on Mobile users).
Solution: Just remove it. You have more than enough problems, without adding more for free !!!
All of the new forum tools have this feature.
We haven't even discussed the possible integration of Facebook, but we won't make any changes until the community is involved.
Ken Gracey
I'll assume that I won't be forced back to Facebook either.. THANK YOU KEN!!
My cursory search around to find out what that all.js fetched from facebook is for show that it is all about authentication. That is providing a means for people to log in to this forum with their FB id.
Now then, how come that all.js script is not fetched when a user is logged out here. It is only fetched when you have logged in, when it knows something about you.
This makes no sense to me.
Conclusion: Fetching all.js should be removed from this forum. Especially as it seems to have no useful purpose, is a potential tracking system and slows down page load.
Posting in raw mode as that's the only way which works in Android 4.1 on this forum.
Of course if one worries about security it's already too late. Before you have the chance to replace Gravesecurityriskatar with your own image your cover is already blown.
@Tor
The blank avatar does have one functional drawback. One may need to click on the avatar to begin the sequence to send a private mail to someone. But it does seem that one may click on the name instead.
So I was considering going from an all white (which is effectively blank) to another solid color. I suppose any solid color will do, like all black.
++++++++++
Also, I am a bit vexed about the fact that private mail seems to have an election to add other people into the exchange that can occur unilaterally. So what one might say privately may end up being not so private. We may have had this feature before, but it wasn't so obvious.. if it did exist.
See:
http://forums.parallax.com/discussion/161413/warning-facebook-coming-to-parallax-fourms#latest
I have tested this out with two other people, and it is private.
@Loopy, surely a blank avatar image is just as good to click on as any other. If you know where it is of course
Having an outline might help indicate that a mouse click might work. Clicking on half my name when that is all that is displayed does work.
Of course, I doubt it anyone is going to send me a PM anyway. So I am just deluded about my overwhelming popularity.
You can see now that I claim to hail from Puddleby-on-the-marsh. Everyone knows it is famous for how little gets done there.