On Sun, 30 Oct 2011 01:12:51 -0700, Marco Schuster
<marco(a)harddisk.is-a-geek.org> wrote:
On Sat, Oct 29, 2011 at 4:22 PM, Daniel Friesen
<lists(a)nadir-seen-fire.com> wrote:
- It doesn't scale very well. If you do try
to add more vendors and
users
do enable most of them, you still end up loading from each enabled
vendor
slowing things down.
With the exception of the FB Like/Recommend button,
everything (even
the FB share link) is just an image paired with a HTML link. Maybe
other sites allow embedding their logos, so the only image which needs
to be loaded externally is the FB one.
No, both the Twitter and Google +1 share
features in that
socialshareprivacy are also embeds, not simple images paired with links.
In fact while FB has a static share and Twitter has it's static share and
intents, being the newest +1 hasn't implemented a static share feature
yet. Likely somewhat related to the separation of +1 and G+ which unlike
with the others +1ing something doesn't mean you're using G+.
- Frankly the
UI is pretty bad.
That's the price you have to pay for total privacy,
unfortunately.
No, there are other potential possibilities that don't include a
bad ui.
- Once you
enable a vendor we drop right back to a 3rd party script
being
injected into the page such that it can do malicious things.
Btw, if you're a 3rd party with a script in a page you can go pretty far
abusing XHR and history.pushState to make it look to a user like they're
browsing the website normally when in reality they're on the same page
with the script still running. Oh, and that includes making it look like
you're safely visiting the login page when in reality you didn't change
pages and the script is still running ready to catch passwords.
Do you have any
links with further info on this?
Marco
I don't know of any specific links you can look at, I realized it myself
after looking at pushState. It's probably known elsewhere but I figured it
out independently so I don't know of any more detailed articles or posts
on it off my head.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://daniel.friesen.name]