[twitter-dev] Re: Introducing the Follow Button
This is great, but I worry that this might easily be abused. The code for a follow button seems written in a way that allows the user to redress the link however they please. I see the main intent url as being easily extracted for no-js users; but this means someone could take that URL, redress it as a link someone would WANT to click on and fool people into clicking such a button to boost their own follower counts. Since this is more of a security issue rather than a bug or a problem as of yet, I figured why not just reply to this post rather than make a big heyday about what I perceive as a weakness. If it's already on the roadmap to improve this function as we go; or if the existing structure of twitter disallows such an easy exploit then you may safely disregard this post. Please note that I have NOT tested this; I'm not going to because it's better tested by the developers who know the code underlying that services these requests...and it may not come to be an issue. I just hope this button ISN'T a one-click follow for sake of security, because I fear there will be some VERY annoyed honest users once unscrupulous users begin to abuse this feature. On May 31, 3:07 pm, Arnaud Meunier arn...@twitter.com wrote: Hey developers, Today we're launching the Follow Button! Similar to the Tweet Button, it's a new widget that lets users easily follow a Twitter account from any web page. The Follow Button has a single click follow experience, simple implementation model, and is configurable to fit the needs of your website. Read our announcement on the Twitter blog, and use the resources below to set up your own Follow Button: - Create a Follow Button here:http://twitter.com/about/resources/followbutton - Detailed documentation:http://dev.twitter.com/pages/follow_button We’ve also added a Javascript layer to our Buttons and Web Intents that makes it possible for you to detect how users are interacting with these tools, and to hook them up to your own web analytics. More details on:http://dev.twitter.com/pages/intents-events We're excited to see how you guys will implement the Follow Button. Let us know what you think, or if you have any questions. Arnaud / @rno -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: Introducing the Follow Button
This is great, but I worry that this might easily be abused. The code for a follow button seems written in a way that allows the user to redress the link however they please. I see the main intent url as being easily extracted for no-js users; but this means someone could take that URL, redress it as a link someone would WANT to click on and fool people into clicking such a button to boost their own follower counts. Since this is more of a security issue rather than a bug or a problem as of yet, I figured why not just reply to this post rather than make a big heyday about what I perceive as a weakness. If it's already on the roadmap to improve this function as we go; or if the existing structure of twitter disallows such an easy exploit then you may safely disregard this post. Please note that I have NOT tested this; I'm not going to because it's better tested by the developers who know the code underlying that services these requests...and it may not come to be an issue. I just hope this button ISN'T a one-click follow for sake of security, because I fear there will be some VERY annoyed honest users once unscrupulous users begin to abuse this feature. On May 31, 3:07 pm, Arnaud Meunier arn...@twitter.com wrote: Hey developers, Today we're launching the Follow Button! Similar to the Tweet Button, it's a new widget that lets users easily follow a Twitter account from any web page. The Follow Button has a single click follow experience, simple implementation model, and is configurable to fit the needs of your website. Read our announcement on the Twitter blog, and use the resources below to set up your own Follow Button: - Create a Follow Button here:http://twitter.com/about/resources/followbutton - Detailed documentation:http://dev.twitter.com/pages/follow_button We’ve also added a Javascript layer to our Buttons and Web Intents that makes it possible for you to detect how users are interacting with these tools, and to hook them up to your own web analytics. More details on:http://dev.twitter.com/pages/intents-events We're excited to see how you guys will implement the Follow Button. Let us know what you think, or if you have any questions. Arnaud / @rno -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk