Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bug Facebook The Internet Technology

Facebook Breaks Major Websites With Redirection Bug 179

johnsnails writes "Some of the biggest news sites in the world disappeared yesterday when Facebook took over the internet with a redirection bug. Visitors to sites such as The Washington Post, BuzzFeed, the Gawker network, NBC News and News.com.au were immediately transferred to a Facebook error page upon loading their intended site. It was fixed quickly, and Facebook provided this statement: 'For a short period of time, there was a bug that redirected people logging in with Facebook from third party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual.'"
This discussion has been archived. No new comments can be posted.

Facebook Breaks Major Websites With Redirection Bug

Comments Filter:
  • so... (Score:5, Insightful)

    by liamevo ( 1358257 ) on Friday February 08, 2013 @08:52AM (#42831337)

    can we please stop relying on third parties for things *you* should be providing to your users.

    • Re:so... (Score:5, Funny)

      by Seumas ( 6865 ) on Friday February 08, 2013 @08:57AM (#42831385)

      Hey, just because all of my forum stuff comes from Disqus, my word of mouth spreading comes from twitter, facebook, and google plus integrations, and my content comes from automatic AP feeds doesn't mean I don't provide anything myself! I . . . . uh . . . .

      • Re:so... (Score:5, Funny)

        by saveferrousoxide ( 2566033 ) on Friday February 08, 2013 @10:40AM (#42832599)
        I deal with the goddamn customers!
      • Re:so... (Score:5, Interesting)

        by CastrTroy ( 595695 ) on Friday February 08, 2013 @11:21AM (#42833195)
        I know a guy who does this. He pulls in about $50 a month with a site that basically runs itself. The only reason I don't do it is because the "ads" he ends up generating money off of are the kind that pay out when the visitor to his site installs a tool bar or some other nefarious thing. The only reason I wouldn't do that is that I don't think it's ethically correct to lure people into installing stuff they don't want on their computer. But I imagine that someone who's ambitious enough, and who sets up enough sites could generate quite a bit of money like this.
        • He pulls in about $50 a month with a site that basically runs itself.

          Not bad. A site that pays for its own development in 2 years is not something to sneeze at, it took Facebook a lot longer than that.

    • by eldavojohn ( 898314 ) * <eldavojohn@gSTRAWmail.com minus berry> on Friday February 08, 2013 @09:08AM (#42831509) Journal

      can we please stop relying on third parties for things *you* should be providing to your users.

      Clearly it has benefits and disadvantages. One of the disadvantages is displayed in this story. I could name a decent amount of benefits though: 1) you don't have to register again and again every time you want to use some site. 2) you don't suffer from password fatigue. 3) you don't have to worry about no talent ass clowns storing your username and password in plaintext (although you do have to worry about facebook being no talent ass clowns about that). 4) if I just want to stand up a quick little site that is nothing more than CRUD associated to users then all that login stuff can be offloaded to facebook or whomever. 5) from a large corporation standpoint, you can now get additional social data about your users from the facebook api (I know, this isn't necessarily an advantage for the end user and is best viewed as double edged).

      Are you opposed to openID too [wikipedia.org]?

      • by Rockoon ( 1252108 ) on Friday February 08, 2013 @09:25AM (#42831691)
        Indeed.

        I think many people are in support of third party authentication semantics for non-critical sites..

        Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)
        • by whargoul ( 932206 ) on Friday February 08, 2013 @09:59AM (#42832051) Homepage

          ...what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

          I use Twitter when the option is available only because they don't collect data on me like facebook does. If it's facebook only, I usually won't sign up.

          • by Pope ( 17780 )

            I use Twitter when the option is available only because they don't collect data on me like facebook does. If it's facebook only, I usually won't sign up.

            Of course Twitter collects as much data on you as they possibly can. How else are they making money?

        • by DragonWriter ( 970822 ) on Friday February 08, 2013 @10:40AM (#42832601)

          Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

          OpenID. Sure, a provider having a similar error could stop users of that provider from logging on to your site, but its not a single point of failure for the entire site, its a single point of failure for the user and all the sites they use it to log into.

      • Re: (Score:3, Insightful)

        by DogDude ( 805747 )
        from a large corporation standpoint, you can now get additional social data about your users from the facebook api (I know, this isn't necessarily an advantage for the end user and is best viewed as double edged).

        For an individual, there's only one edge: a sharp one. Who in their right mind would want every company/web site to know all of the intimate details of what they're doing on every other web site? Isn't it obvious to people that by signing in with a Facebook ID to web sites, that not only doe
        • If Facebook sold that information you'd have a point, but as it's not disclosed in any of their privacy literature that'd be a monstrous and legally actionable breach of their information protection obligations.

          • Re: (Score:3, Insightful)

            by DogDude ( 805747 )
            Hey kid, I've got a bridge to sell ya'....
          • Facebook is an advertising company. Their product is highly granular, per-user demographics and profiles. That product is based on information gathered from tracking their users' posts, relationships, browsing history and basically any info they can get their hands on (raw materials). The product is then sold to their customers; anyone who does a targeted media buy on their site, as well as advertisers and marketing firms.

            Without the raw materials, Facebook would not be a for-profit venture and their sto

        • Who in their right mind would want every company/web site to know all of the intimate details of what they're doing on every other web site?

          Most people would not want that.
          But most people don't care. First of all most people don't even know, or consider what is actually happened. Secondly it is convenient for most people. And thats pretty much why it will continue.

      • The problem yesterday had nothing to do with sites offloading authentication to Facebook. It was simply sites that have a little Facebook ad--like "what's popular on Facebook." I experienced this yesterday, just looking for a store location--there was a Facebook ad on the page that instantly redirected to Facebook.

    • Re:so... (Score:5, Insightful)

      by orthancstone ( 665890 ) on Friday February 08, 2013 @09:11AM (#42831533)
      On one hand, I'd prefer to see authentication in the hands of someone I consider more reliable (like Google) than someone programmer of questionable ability at (Insert Random Dying Newspaper here).

      On the other hand, a hearty "HA HA!" does feel appropriate here. They do get what they are asking for by being so deeply tied to a third party.
    • by deains ( 1726012 )

      Let's just get in touch every CDN in existence and get them to shut down everything they're doing then. Clearly centralising providers of commonly-used resources is an abysmally terrible idea.
       
      (Sarcasm, just in case you can't tell)

    • I've less quarrel with the concept of using a 3rd party to verify identity (that's what a driver's license does when we aren't on line) than with the notion of using the services of a "free" site that gets its revenue by tracking its users and selling that information to advertisers and the like. And do I want to stay logged in to something like Facebook when it is exposing my information (not all of which is bogus fiction) to anyone who has access to their API? And yes, Google is doing much of the same a
    • Exactly. After all, nobody that's ever written their own authentication code has ever screwed it up.
    • "... can we please stop relying on third parties for things *you* should be providing to your users."

      Actually, this probably didn't come from anything that is "provided" to customers.

      Typically, when you link your site to Facebook (especially if you're not careful), you include a piece of JavaScript that Facebook supplies. Essentially, it's user-tracking, which is NOT a service "provided" to site visitors, unless you happen to like that sort of thing.

      Sadly, many websites actually pull this JavaScript in realtime from Facebook itself, rather than hard-coding the JavaScript into their page.

      So at any

      • Facebook JS files are not open source; by "hardcoding them", you're actually committing copyright infringement.

        • "Facebook JS files are not open source; by "hardcoding them", you're actually committing copyright infringement."

          So? It's still the better way to go about it. The host company (like Google or Facebook) will never know. And if you don't? Look at the poor schmucks in TFA.

          Of course, if you do that it has to be updated periodically; the host company can't update it on your site, so you have to.

          But I am most definitely not in favor of making my websites hostage to other web services for their basic operation. That's just asking for trouble. As we can clearly see here.

          • Oh, and if you hardcode them, how do you expect them to be able to do XHR requests to their servers, in violation of the same origin policy [wikipedia.org]? There's no point in serving JS if you prevent it from working.

            • "Oh, and if you hardcode them, how do you expect them to be able to do XHR requests to their servers, in violation of the same origin policy? There's no point in serving JS if you prevent it from working."

              I've never used any that did that, and wouldn't use any that did that. That's a violation of MY policy.

  • Congrats (Score:5, Insightful)

    by Anonymous Coward on Friday February 08, 2013 @08:53AM (#42831347)

    If you let others insert scripts into your pages they can steal your visitors.

    Maybe it'll make sites think about who they script src from.

    • Re:Congrats (Score:5, Insightful)

      by FireFury03 ( 653718 ) <`gro.kusuxen' `ta' `todhsals'> on Friday February 08, 2013 @09:30AM (#42831725) Homepage

      If you let others insert scripts into your pages they can steal your visitors.

      Maybe it'll make sites think about who they script src from.

      One of the bad things I've noticed recently is that HSBC [hsbc.co.uk] is including objects from third party organisations in their ebanking login pages. I do wonder if any thought has gone into the security of such things, or if HSBC simply don't care (my experience of banks tells me that none of them have a single clue when it comes to internet security).

  • by Anonymous Coward

    ...people wonder i some of us block external crap on sites, not just ads.

  • by Seumas ( 6865 )

    Serves every one of these websites for being Facebook lemmings.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      They prefer to be called facebook serfs

  • The fanboy adblock lists include another list you can add which also blocks out all social media badges etc.

  • by fuzzyfuzzyfungus ( 1223518 ) on Friday February 08, 2013 @08:57AM (#42831391) Journal

    Not that it will; but let that be a lesson to you.

    • No NO NO you have to do it right

      [play sound: THX Big Note.wav] THUS ENDETH THE LESSON

      but anywho if i was one of those sites i would have my legal staff have a chat with Facebook about not having this happen again EVER.

    • Thanks teach! I have learned that people rarely learn the lesson. I think. Will this be on the final exam?

  • How is that possible? If I'm going to a site, I type in the URL into the address bar, or I click on a favorite, or click on a link returned by Google, or another search engine. The URL gets sent to a DNS server, which returns the IP address of the site, and then my browser starts making http requests directly from the site. Facebook is never involved. Unless Facebook has somehow poisoned the root DNS servers, I don't see how this is possible.
    • Re:Um... How? (Score:4, Interesting)

      by belthize ( 990217 ) on Friday February 08, 2013 @09:02AM (#42831437)

      I suspect horrible article is the main culprit. At a guess I suspect this is nothing more that Facebook's authentication service failing.

      Client is directed to Facebook for authentication, mechanism fails, Facebook tosses up error page. The implication that Facebook did anything wrong other than having buggy authentication is likely way of base.

      Full disclosure, don't have a facebook page, never visited a facebook page, have zero interest in facebook.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The key is "client is directed to Facebook". Sites include 3rd party scripts all the time, blindly executing whatever gets sent back. If that includes a simple assignment to window.location, there's your redirect.

    • Re:Um... How? (Score:4, Informative)

      by Culture20 ( 968837 ) on Friday February 08, 2013 @09:06AM (#42831479)
      These sites are including javascript from facebook. Check your noscript/requestpolicy lists on those pages and you'll be surprised how many external sites those pages include javascript and images from. This was bound to happen (and worse things have probably happened in secret).
      • Re:Um... How? (Score:4, Interesting)

        by Anonymous Coward on Friday February 08, 2013 @09:14AM (#42831579)

        The Steam browser is a nice example of facebook javascript gone wrong. Every page with a "like" script on it redirects to some facebook address as soon as the page finishes loading. The end result is that you see what you wanted to see, but the URL bar is always some sort of lenghty facebook redirect because Steam is trying to load it somehow but fails and leaves you on the page you wanted to visit anyway.

    • Re:Um... How? (Score:4, Insightful)

      by Anonymous Coward on Friday February 08, 2013 @09:06AM (#42831487)

      In short, "Web bugs", short bits of code that are included inline from another provider. Basically these sites had on their front page a "get shit from facebook" or some such badge displayed, that badge is not created by the site owner but is sourced inline from facebook, now if the thing they pull from facebook is broken and facebook presents a redirect to your browser in place of the web bug (badge, whatever) then your browser dutifully redirects.

      If facebook were malicious they could commandeer half of the web.

      • So all these webmasters put foreign code on their websites without doing any sort of sanity audit on it? Scary!
        • by chihowa ( 366380 )

          Worse than that. Many (most?) of them have you pull the foreign code from the foreign site directly. So even if they did audit it, the foreign site could change the code and their site would dutifully ask you to run it.

        • Slashdot itself loads a few JS files directly from third-party servers, particularly Google's (through Google Analytics).

    • I successfully made it to Papa John's web site to order pizza last night. When I got to the last page of checkout, I immediately got redirected to Facebook.

      Apparently they're including Facebook Javascript code on all their pages, and I happened to be in the middle of ordering a pizza when the bug hit.

      Why Javascript is allowed to redirect a web site these days without user intervention is beyond me. Most Javascript methods that open windows or navigate you require being triggered by a click event or other

      • I think a lot of web apps would break if Javascript couldn't mess with the window location / back button / tab history, etc. Think of things like Gmail and Google Docs. Unlike pop-ups and so on, it does actually have a useful purpose.

        • Back buttons would require a click. As long as they have to be tied in some way to a click the way pop-ups do. They aren't blocked, they just have to be proven as user-initiated.

  • facebook (Score:5, Funny)

    by hackula ( 2596247 ) on Friday February 08, 2013 @08:57AM (#42831399)
    The first successful test. Soon every site will redirect to facebook, then... the world!
    • Offer multibillion IPO
      2. Seize conttol of internet
      3. ???
      4. Well, monetizing for profit is still problematic

      • This pretty much sums up the number one problem with tech culture in the valley. Companies are optimized to raise money, not make money. Facebook has had years to switch the focus already but still cannot seem to do it. If your typical tech startup had 20 billion in the bank, the founders would say "Look how this will affect our valuation! We'll be able to get to round 98 of seed funding!"
    • The ultimate phishing attack.

  • by Anonymous Coward

    I was logged into Facebook when I got this redirect.

    However, the website I got it from is one I have never placed a Facebook "like" on or written a comment on with my profile.

    Does "a bug that redirected people logging in with Facebook from third party sites" mean that the site has my Facebook details?

    The URL was this:

    https://www.facebook.com/dialog/permissions.request?client_id=__15digitno__&response_type=token%2Csigned_request%2Ccode&display=none&domain=www.website.com&origin=1&redirect

    • by SJHillman ( 1966756 ) on Friday February 08, 2013 @09:11AM (#42831537)

      The third-party sites load a chunk of Facebook onto their site, so if you're logged into Facebook then you're logged into that chunk on the third-party site. The third-party site doesn't have your login or information - it's passed between you and the chunk of Facebook on that site. Or at least, that's how it's supposed to work.

      It's not the 90's anymore... you can load a page that's connected to dozens of different services that are almost completely independent of each other and the page you're on.

      • by Mitreya ( 579078 )

        It's not the 90's anymore... you can load a page that's connected to dozens of different services that are almost completely independent of each other and the page you're on.

        Yes, but do we have to?
        Most of those websites look crippled until the last of these dozen services finally loads 3 minutes later. Blockbuster.com used to hang (unresponsive) for about 30 seconds while the browser said "contacting adserve...fb.com".

        • Most of those websites look crippled until the last of these dozen services finally loads 3 minutes later.

          I know, right? Browsing the web with NotScript (Chrome extension) is a real eye-opener. Some sites simply load as a blank white screen until you whitelist scripts to run! It's especially good when you first open a site, it has three sources for scripts, then when you enable one, suddenly 15 more appear in the list. It's great being able to disable most of the junk people toss on sites from the get-go, but sometimes it's irritating to have to dig through the long chain of scripts just to make a web site func

      • It's not the 90's anymore... you can load a page that's connected to dozens of different services that are almost completely independent of each other and the page you're on.

        For some reason, that makes me a sad panda... :(

    • by Anonymous Coward

      You don't need to like or comment. You have been logged automatically (as in: they know where you've been). It's a feature!

    • sdk=joey?

      function getJoey()
      {
              return "Doh";
      }

  • by Anonymous Coward

    Recently we have seen very widespread "single point of failure" issues. Notably with Facebook and Apple who are both so pervasive in society. These firms are constantly doing major and complicated software updates and those updates are propagated either invisibly in the background or introduced through "voluntary" software updates where you don't get major new features unless you do the update and you have to simply live with whatever bugs or feature cripples come along with it.

    The fact so many people are

    • by SJHillman ( 1966756 ) on Friday February 08, 2013 @09:15AM (#42831581)

      I use Facebook, I admit it. However, I only use Facebook for Facebook. If I log in to another site, I don't use the "Connect with Facebook" option to log in. If the site only allows you to log in with Facebook, I leave. I've yet to find a mission critical site like banks, etc that use Facebook or another service. Therefore, I'm doing my part to save humanity from the single point of failure.

      • Unfortunately it sounds like this bug would have hit users such as yourself also. I think when leaving FB to visit another site it is best to log out.

        Multi-instance/multi-profile browsers would also be something nice. Especially those that limit what they report about the machine they are on (less fingerprint via installed fonts/cookies/html5 dbs/flash objects/etc)

      • by rizole ( 666389 )
        If you stay logged in to facebag they can still track you via the part of any webpage that loads a chunk of facebag inline. I load it ina seperate browser and use ghostery on my main browser to block third party shenanigans.
  • by hessian ( 467078 ) on Friday February 08, 2013 @09:06AM (#42831477) Homepage Journal

    I've come to the conclusion that social networking is screwed up because the people who use it most are the people who are least invested in reality.

    Every time I try to use Facebook, I get driven away by the behavior of its users. Not the Instagram dinner plate updates, or the personal drama, because I've already filtered out those people.

    It's the sensitivity. People take anything seriously. I posted an article showing that divorce really screws up kids. I got back a half-dozen replies, all from people who'd had divorces, defending their own decisions. When I said that it wasn't personal, they said they still felt attacked.

    There were other instances of similar behavior too. People hover around Facebook, looking for some reason to cause a scene. Why was this, I wondered.

    It seems to me that if you have found something worth doing in life, you're mostly doing it. That doesn't mean your job. If your job sucks, you've probably got a project on the side. You're not going to devote your time to screwing around, which is what most people on Facebook do.

    This means that social networking including Facebook selects out the people who have any direction in life, and leaves the resentful, bored, unemployed, disabled, upset, insane, teenage, etc. and concentrates them in large numbers. This is why so much of the response is crazy.

    I should amend the post title. I used to keep trying to use Facebook (and MySpace, Digg, Reddit, Friendster, Pinterest, etc.). But now, I don't. These aren't places where healthy people hang out.

    • by hodet ( 620484 )
      Facebook free for three months now. I just came to the realization that I was not interacting with all the people I care about in my life on Facebook. I was interacting with them in real life. The only interaction was with "fringe" friends or people you felt obligated to friend because they are "friends of friends" you met somewhere. "Hey great, Joe's wife took a picture of her Big Mac and fries and is enjoying a delicious shake." Ya, I'm outta here.
    • by Megane ( 129182 )

      Really, the only two-way stuff I use is:

      Slashdot, because of the good moderation system and good supply of topics that I want to see other people's comments about as much as the topic itself

      and 4chan (yes, seriously) because it's sort of a zero-point energy of random discussion with its default anonymity and constantly expiring threads (it's too much hardcore internet trolling and memes for the average person though) But stay away from /b/, nothing interesting happens there anymore.

      I avoid the twits and

    • Well done. I would add unhappy to your list of qualities that make up the bulk of social site users. Many of the people I know who are regular users remain in contact with old flames even though they are now like Al Bundy. Here's to hoping these extra opportunities to procreate don't result in the psychologically healthy being out-bred by this genotypical subset. Oh wait...
      • I would add unhappy to your list of qualities that make up the bulk of social site users. Many of the people I know who are regular users remain in contact with old flames even though they are now like Al Bundy. Here's to hoping these extra opportunities to procreate don't result in the psychologically healthy being out-bred by this genotypical subset.

        I've noticed this as well. People tend to try to "justify" their lives using lifestyle and/or perceived success. For example, a recent survey of Facebook fri

    • Every time I try to use Facebook, I get driven away by the behavior of its users. Not the Instagram dinner plate updates, or the personal drama, because I've already filtered out those people.

      It's the sensitivity. People take anything seriously. I posted an article showing that divorce really screws up kids. I got back a half-dozen replies, all from people who'd had divorces, defending their own decisions. When I said that it wasn't personal, they said they still felt attacked.

      You realize that the people "on Facebook" in this regard are your friends? You post an article, it's your friends who comment on it. What you're complaining about isn't Facebook's userbase in general, but that subset of it that you consider your friends. For what it's worth, I've had extended political and religious (basically the two most flamebait-y topics possible) discussions on Facebook where most people remained civil and presented reasoned arguments (and the few who didn't were just ignored). That's

  • Story Subject Fail (Score:5, Informative)

    by OzPeter ( 195038 ) on Friday February 08, 2013 @09:06AM (#42831485)

    Facebook did not "Break major websites". Instead Facebook users who were logged in to Facebook (and hence working under the auspices of Facebook) were screwed over when they went to third party sites. Sheesh .. even TFS explains that.

    Are we now starting to refer to the Internet as teh Facebook???

    • It broke the expected functionality of third-party websites. But I agree that Internet is not Facebook. At most, you might be able to claim Facebook broke a chunk of the WWW, but certainly not the Internet as only websites were affected. It's like saying a minor design flaw in a part used by many different car manufacturers completely disrupted our entire transportation infrastructure.

    • You seem to be under the impression that it was people visiting sites from links on Facebook that had an issue. If you visited any of the sites, directly, while logged into Facebook you were affected.

      • > If you visited any of the sites, directly, while logged into
        > Facebook you were affected.

        And therefor it affected only Facebook users. Neither the Web nor the Net was broken. Just Facebook.

    • by Bogtha ( 906264 )

      Instead Facebook users who were logged in to Facebook (and hence working under the auspices of Facebook)

      I think you've misunderstood. By "logged into Facebook", they don't mean they were actually looking at Facebook at the time. It means they had previously logged into Facebook at some point and their browser has a cookie saved which authenticates them to Facebook.

      These people were surfing the web normally. They weren't on Facebook. They got to a site that used Facebook for authentication, and th

    • Facebook did not "Break major websites".

      This.

      Facebook broke Facebook, and some third party sites were affected.

    • > Are we now starting to refer to the Internet as teh
      > Facebook???

      Well, you're already confounding the Web and the Net.

  • I'd be of the mind that it wasn't a bug, but intentional. But FB? They don't really need the page views....do they? Stock has taken a bit of a dip again since the graph thing came to light...though still high enough that I'm sitting pretty (bought when it was around 19.50 or so).

  • At first I thought I somehow angered facebook and caused my session to get corrupted! Each time I visited a few different news sites after a few seconds It would be redirected to the error page. I ended up having to clear my cache to prevent the annoying redirect. I find facebook is good as a time waster but I find it scary how many sites have access to my logins and can track and control content.
  • by Anonymous Coward

    Obviously Facebook is too big to fail, so every time they bork the internet we should give them a billion dollars.

    • by leuk_he ( 194174 )

      No internet company should be too big to fail. .... But we give them billions anyway. Google in advertising, Facebook as "like"people, Microsoft for your desktop OS. Apple because it is shiny.

  • I never use another site to log into a different site. Sure, Facebook is big today, but this is the internet, this is technology. Myspace? Geocities?

    What do you do when FB for whatever reason, suddenly stops? All those sites you used to use facebook to log in, you can't get in. You think FB is going to care when their stock is going for pennies?

    My suggestion, don't use other sites to handle your log in for you.

    My other suggestion: FB is a troll, quit feeding it.

    • I participate in comment discussion on the Gawker blogs - Lifehacker, particularly. They took away their own login system after they screwed it up so badly they gave away everyone's password. The community there is nice, but the site owners are stupid. I say, please let them use Facebook. When Facebook stops? They'll give me a way to transition to whatever they choose next.

      Of course, if I have a choice, I don't log in with Facebook.

      But I believe that Facebook Connect provides enough demographic info ba

  • Javascript has been putting in security restrictions for a while now. You can't open a new window without a user click. Most browsers now block automatic window popups.

    Why are we still allowing something as archaic as a Javascript redirect? We already have meta tags and HTTP header redirects. We don't need browser navigation without a click to exist in Javascript.

    Sure, you could blame Facebook - they did put out a bad script, but the fact that this is even possible is really on the browser makers.

  • I was getting this yesterday when reading an article on Mashible. I noticed that it stopped doing it by logging out of Facebook. Probably something I should be doing anyway to prevent them from tracking me all over the place

  • . . . nothing of value was lost.

  • Protecting yourself against weird things Facebook does is actually fairly simple. I sandbox FB in it's own browser. It's all I use Firefox for, that and the occasional browser compatibility test, but I reset cookies/cache/etc before and after. Combine that with a fake name and you're largely safe to post whatever you want. Won't fool, like, law enforcement or whatever if they look specifically at you, but it will confuse whatever automated ad/cross site dossier these companies are compiling on you. I tie it
  • I noticed this several times across a span of 9 hours, from first notice to last notice. I would hardly call that "quick".

In order to dial out, it is necessary to broaden one's dimension.

Working...