Occupation: Girl

Please close the door and switch on the fun without fail.

Previous Entry Share Next Entry
Two major issues: pingback and full names
wtf
cleolinda
Well, this is fantastic.

To recap: I cross-posted test comments to both Twitter and Facebook; screencaps and discussion are over here.

You do have to opt in to cross-post, because if you don't connect your LJ to either of those services, it won't know where to post. People have been seeing banners at the top of their journals mentioning this--but I didn't, maybe because I have a permanent account, and the code is treating the banner like an ad? So I hadn't seen that. But it says that if you've already done the Facebook Connect thing, you're going to have to go back in and reactivate it, which also sounds like an opt-in.

Problem: I connected my Cleolinda Jones account--i.e., a pseudonym with no sensitive personal information, which makes me a better guinea pig than most people. For Science! What LJ did not say anywhere in the FAQs was that it will then announce on your user info page (the page strangers are most likely to see, other than your latest entry), under "External Services," that you, Full Name, are on Facebook. The only reason we even found out was because maetang just happened to notice.




If I had used my personal Lauren Lastname account, I would have been screwed. If your full name being on the page that Unwelcome People are most likely see is a problem for you, REMOVE FACEBOOK CONNECT NOW.

Guess what? There's also ANOTHER PROBLEM. The pingback thing is automatically turned on, according to that banner. My understanding is that if it's on, it sends you emails that someone has linked to you and emails to someone else that you have linked to them. People link to me a lot. Not unreasonably, they have linked to that last entry with the "Here's what cross-posting looks like" screencaps. So I've gotten a couple dozen in the last twelve hours, as well as--weirdly--two-year-old links to Breaking Dawn recaps and Troy in Fifteen Minutes.

Obviously, it told me who linked to me. But four of them were to locked entries that I wasn't supposed to know existed.

It sends you a sentence fragment--in theory--of what they linked, and a link back to the entry in which they did it. At first, I was getting emails with quotes like, "...shows what crossposting looks like here." So, wondering what else the entries said (even though I could guess), I started clicking the links back. That's when I realized I was being linked to (but unable to access) locked entries. Multiple times.

Then I started getting longer and longer excerpts, much of which had nothing to do with me at all. I got a pingback from maetang, for example, on an entry where she talks about all of this business (linked and quoted with her permission). Here's what the bot emailed me, just to give you the visual impact of it. The part referring to me is in bold:

A bug whereby "/" in tags isn't working. This is an actual bug, and should be fixed. For now, you can manually correct the URL when you select any tags with a "/" in them, and it will still work. It's labourious, but can be done.

Of course it's particularly irritating for all of fandom, to suddenly discover they can't sort through their slash.

Meanwhile, there's also problems with the implementation of pingbacks. Some users in are saying that since it's been reintroduced, they got pingbacks even though they had previously turned those off. Others are saying they got pingbacks from F-locked posts. This is in direct oppostion to the LJ FAQ on how pingbacks are supposed to work:

Pingback notifications include the name and URL of the page that is linking to your entry as well as a brief quote from the text where your entry is linked. Pingback comments to your journal will be left as screened comments. Please note that pingbacks only work for public entries. Friends-Only or Private entries cannot receive pingbacks. [Emphasis mine.]


THE PLAIN STUPID

Not bugs, but just dumb effects of the implementation of the crossposting to Twitter/Facebook "feature".

If you connect your LJ to Facebook, your Facebook name will be listed on your LJ profile page, under "external services". helpfully tested what happens if you do crosspost comments (including long comments with a lot of text), and also has a screencap of her FB name appearing on her profile page. You can check out the screencaps here [...]

What if you had written a locked, very personal entry about something upsetting? But then, at the end, you had switched gears and said (to use the most recent example), "But reading cleolinda's Breaking Dawn recap really cheered me up"? And then it sent me five paragraphs about your personal business?

Or, what if, blithely assuming I couldn't read the entry because, you know, I'm not on that filter, you gave out your full name and mailing address for, say, Christmas cards?

Or, worse: what if you were writing an entry to vent about someone who pissed you off, and you linked to an entry of theirs as an example?

Yeah. You're probably going to want to turn that off.


And you know why I linked to my own recap up there? Because I'm curious to see if it'll send me a pingback to myself. And if it does: how much of this entry will it quote back at me?



Site Meter

cleolinda: Two (more) major Livejournal security issues and how to fix them: http://cleolinda.livejo


Re: cleolinda: Two (more) major Livejournal security issues and how to fix them: http://cleolinda.li

Unscreened as a point of interest. (Someone syndicated my Twitter so they could read it on their LJ friendslist rather than get a Twitter account.)

Edited at 2010-09-02 06:55 pm (UTC)

Wow. I was just going to leave the pingback on because it seemed relatively harmless.

Thanks for the info! I'll definitely be turning that feature off now.

Yeah, ditto here. OFF NOW KTHXNO.

Pssst! Your post is showing up TWICE. This Facebook thing must really have you flustered.

I'm so glad that I've never signed up for Facebook or Twitter.

Fucking Dreamwidth. Well, that answers my question as to whether their journal cross-posting function works. In fact, it works so well that it did it AFTER I TURNED IT OFF.

(I really, really do not want to have to go to Dreamwidth. At this point, I'm going to start mirroring this journal over there because I am really afraid everyone's going to flee LJ and tumbleweed will be blowing through. I DON'T WANT TO LEAVE, LIVEJOURNAL. GODDAMMIT, START ACTING RIGHT.)

(Deleted comment)
Thanks for the update. I hadn't turned off pingback because I figured "no one ever links to me anyway" but now that you've demonstrated the big problem with it, I'd disabled that 'feature.'

This, eugh. I guess livejournal hasn't realized that not all links are for the purpose of "see how great link x is".

Well... that's concerning.


I really appreciate your keeping up with this; it's getting a bit confusing for me and I've been following your updates since the issue began, so I can only imagine random LJ'er John Doe coming in and trying to figure the whole thing out.

A reassurance at this point (for me) is that lately I've been posting so infrequently and about topics only applicable/interesting to me that I'm low enough on the radar of people who'd be taking my posts/comments/etc. to post them elsewhere. (I hope)

Still, I want to reiterate that I'm really glad you're keeping everyone updated about this newest LJ feature.

Seconded. I really appreciate the tests you've conducted!

So far, most of the locked-entry pingbacks I am hearing about are when someone posts public at first but then locks the entry later.

helens78 has done an asston of testing: http://helens78.dreamwidth.org/860769.html

What the actual fuck.

I didn't really care about having the Pingback feature enabled (I'm low key enough that I never get linked anywhere and I really only post icons to my journal so there's never really an opportunity to link to someone's specific post) but after reading the results of all that testing I'm going to disable it on principle.

I really don't want to have to move to Dreamwidth, LJ. Stop giving me reasons to do so.

(Deleted comment)
(Deleted comment)
Oh, good.

Thank you for your constant vigilance on this.

I looked and Pingback was not automagically on for me since I disabled and overrode a bunch of stuff years ago. But always double check when changes roll out. Then again I use the old discontinued style sheets which don't support half of the new features.

This is making my brain all hurty.

And people wonder why I'm against all this "linking everything online together". This is why.

That's only because you have something to hide. Normal people have no problem living in a fishbowl and being watched 24/7, right?

(Deleted comment)
My brain hurts, too. I'm not linked to Facebook and pingbacks are disabled (checked everything twice), but my understanding is that people who are linking LJ to Facebook can crosspost from my journal, even from locked posts (?)

I don't like it. I don't want a kitty icon. It is perversely amusing to watch the comment count on LJ news continue to rise with no real response from staff. I've got money on 8,765 with a 20 point spread.

yep, they can cross-post replies without really meaning to, LJ is making it too easy

It is possible that those posts were unlocked at the time they linked to you and locked later.

I did a mass flock on my journal yesterday and got PMs from two people who got pingbacks from me for stuff that used to be public.

from the testing helens78 has done, it looks like any edit to a public post, even making it flocked or private without changing a single letter, will trigger a pingback. so it looks like for the anti-pingback-inclined, leaving all your posts as-is is actually safer than flocking the whole journal and running the risk of triggering a pingback from a link in an (originally) public post. the bugginess of the pingback code alone would make this code push a pretty epic fail on lj's part, even without all the unprivacy creepiness.

Well done, LJ, on making yourselves look like asshats once again.

?

Log in

No account? Create an account