科技回声

Checking the referrer (errr, "referer") header seems obvious to me, I wonder why they're not doing it.Sure, the referrer can be spoofed if you can set arbitrary headers, but you can't set headers on iframe requests anyway (and even XHR explicitly disallows setting Referer)

A related side-note: my organization blocks access to Facebook, the iframe with his like button was also blocked by the filter.

As the author points out, the easy fix is to let users know what they just liked, or ask them to confirm.Also I suspect this service is fairly self-regulating. Facebook users are generally careful about what they broadcast. The author gives the captcha trick used by porn sites as an example...how many people are going to broadcast their taste in porn?

You have to click the button again to remove the "Like" relationship. --- Wow, talk about confusing as hell...

another similar issue i've come across is when there are multiple like buttons on the same page. e.g., does one like this blog/site or just the article?not a terrible confusion or potentially too sinister, but a bit more attention than usual is required than the simple share.

"The new button trades off this security for convenience."Trend?

A related side-note: my organization blocks access to Facebook, the iframe with his like button was also blocked by the filter.

You have to click the button again to remove the "Like" relationship. --- Wow, talk about confusing as hell...

"The new button trades off this security for convenience."Trend?

Deceiving Users with the Facebook Like Button

6 条评论

Deceiving Users with the Facebook Like Button

6 条评论