What's That Widget Doing To Your Visitors?

From Techdirt: What's That Widget Doing To Your Visitors?.

It's become increasingly popular to stick various "widgets" on websites and blogs. These are tools or features provided by other providers, that can easily be placed on website with a little bit of javascript. One of the problems, though, is that you don't always know what these widgets are doing to your visitors. Of course, one of the most popular such widget is Google's AdSense code (which, yes, we use here as well). However, there were reports earlier this week that AdSense was prompting users to install some software for visitors using certain configurations. Google seems to have admitted that it was an accident that they've since fixed, but it's a good reminder that for sites that use many of these widgets, they potentially could be putting their visitors at risk without realizing it. Traditionally, people think of security as protecting their own computer, but perhaps site owners are going to start thinking of how to protect their visitors from security issues as well. It becomes tricky, because most people feel that certain sites that they visit are "safe," but it may be increasingly difficult to determine which sites are actually safe when you don't know who's providing all the various widgets -- or if those widgets have somehow been compromised.

To MySpace or not to MySpace

We've been wondering whether we should feed the MySpace beast. We decided it might be worth it, but not at this stage in our development. Looks like Grazr had the same thought:

Grazr, and myspace.

We were originally pursuing making Grazr work in myspace, but there are some indicators that myspace is going to become more and more closed to third party widgets. Since making Grazr work in an embedded way in myspace is non-trivial (involving some Flash work) we decided to shelve that effort for a while to see how the situation evolves.

TagBoard with added dodgy code

I suppose I was going to notice this sooner or later. I put in a TagBoard as a demo snippet earlier this week. I noticed that every time I came to Snipperoo blog, an advert would open up as a pop-under. Firefox is supposed to suppress these things, but there are ways around it.
I noticed that the blog also seemed to open up on the TagBoard entry, so I went to have a look at their code. Lo and behold, I found this in the snippet:

&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; Messages(<a target="_blank" onclick="return pop_up_smilies();" href="http://www.tag-board.com/smilies/smilies.htm">smilies</a>)

Well, I'm no coder, but that looked fairly toxic to me - so I cut it out and reloaded the site. Hey presto, no adverts.

Well, they do flag this on their site to be fair. And you can remove it by upgrading to Pro. Fair enough, though I do get the ad every time I load the page, not once a day as they suggest.

Why does my free board have popup ads?

                                                                                 

Tag-board has been generating popups on the free boards since December of 2003. They are set up in a rotation so that no person should receive more than 1 popup per day. We also monitor the contents of the ads shown, keeping them clean. The reason for the ads is to help pay for our servers to keep the boards free. We are sorry for the inconvience.

 

If you wish to get rid of the ads please upgrade to enhanced. Thank you.