Technically, according to the ToS of Facebook and Twitter at least, you can't use their share button icons unless you use their unmodified sharing script code. In practice, nobody cares, and lots of sites link directly to those share links.
This got some media attention in germany when heise.de first put this out. Facebook immediately threatend them to terminate their app-id / violating tos etc.
But later on they backpaddled and made an offical statement that you are allowed to use an modified like button that does not resemble the orginal like button (icon).
I worked at an ad company that was very keen on social sharing. Having played with both the bookmarklet-style links you've cited as well as the official share buttons, I've found the official buttons are better supported. I feel like one day, Facebook is just going to deprecate sharer.php and make everyone use the Like button. Tracking aside, the Like button has a much better UX, whereas sharer.php has been barely maintained in spite of all the changes to Facebook proper in the last few years. I don't think you can even suggest a link title anymore.
Anecdotally, users seem to trust native button more. If it looks like you made your own PNG and linked it to Facebook, they can't trust that you aren't going to try to do something shady to their Facebook account (or open a popup). If you use Facebook's button, it's a familiar experience without providing the publisher's site the opportunity to play man-in-the-middle.
User perception matters. Facebook's button seems to be perceived as more user-friendly than the unknown button on someone else's site, even if the unfamiliar button was designed to be less hostile than Like.
> Facebook's button seems to be perceived as more user-friendly than the unknown button on someone else's site, even if the unfamiliar button was designed to be less hostile than Like.
I expect that Schneier's blog is one of the best places to start reversing that common (and understandable) perception. Given the pervasive nature of fraudulent sites focusing on Facebook, one can't blame the users--but shifting their frame of mind from "fraud is bad!" to "tracking/other invasions of privacy are bad!" is overdue.
One (big) benefit of running a custom solution with just links rather than the official buttons is that loading links is fast. I've been trying to find some social buttons that don't have a significant impact on load time. I think I might ask my business partner to write a wordpress plugin that loads custom links/buttons.
He is way behind here, and we could have used his advocacy much earlier.
There have been alternate buttons, browser plugins and a movement to include no third-party scripts on the web for years.
I switched techrunch.com to the two-click solution in 2008. It didn't last long because we weren't successful in arguing why you don't want scripts from third-parties loading automatically. I sure could have used a bit of backup at that time.
If you had to compromise, what about enabling the buttons on hover? You'd still have people accidentally enabling them, but fewer than if they were auto-enabled.
I am surprised he did not do that from the very beginning... I am reading his monthly newsletter and did not look at the blog too often, but on my own installations I always asked myself, how much of my users privacy I want to give up for some gain I might have (usually not much)
> Over the next couple of days, I will transition existing subscribers off of Feedburner, but since some of you are subscribed directly to a Feedburner URL, [...]
Anybody happen to know how one might "transition existing subscribers off of Feedburner"? I have a decent amount of subscribers via Feedburner but I would also like to cease using it (the writing is on the wall) and transition existing subscribers off but, obviously, RSS readers are tied to my Feedburner URL instead of the "direct" URL on my blog.
I believe the only way of doing it is to delete the FeedBurner feed. Google redirects requests for your FB feed to the source for 15 days, then stops redirecting and shows a message with a link to the source feed for 15 days, then returns a 404: http://support.google.com/feedburner/answer/79597?hl=en
This should give keen subscribers the chance to switch over, although you will likely lose some in the transition.
If you have FeedBurner's email subscription option turned on, you'll also need to migrate those users to MailChimp or FeedBlitz or similar manually. (You can export the list from the FB control panel.)
In theory, if you change the URL in the feed to point to the new location and return the XML with a 301 (Moved Permanently) response code, the feed reader will update its record to the new location.
However, Feedburner doesn't appear to allow a user to control that, so I believe all that can be done is to put up a "We're moving" blog post and have readers manually add the new blog. (Yay for vendor lock-in...)
Feedburner has (had) an option to CNAME your own domain name to a google domain and to use that as the feed URL. If you did that then all you need todo is change where the CNAME points to.
I recently read up on this because I want to move my subs off. Feedburner has support for redirects and extracting email subscribers, although I still wish there was a tool that would automate a few of the steps.
See this post, which is the best I have found on the topic:
[Wondering aloud] Would a better approach be to activate the sharing icons on mouseover? Sure, users would do this accidentally, but those concerned about privacy could learn to avoid those areas of blogs. Those who don't care (or pay attention) would get a one-click experience.
Touch users woud presumably still have to tap twice.
Define "easy for a non-webdev," because implementing a jQuery plugin isn't something I could tell my friends to do on their normal Wordpress blog.
My solution isn't "better" (nor easier to implement, due to how implemented social buttons handle social counts) because for this purpose because I primarily implemented my own buttons for performance/aesthetic reasons.
By "implementing a jQuery plugin" you mean "copy and pasting a few lines of code, like it says in the instructions"? I'm sure you can appreciate that some people have the skill to do that, but not the skill to come up with a new solution from scratch.
Also, I was genuine above when I said that, if you have a better solution, you should publicize it. Any reason why your method can't be done just as easily, if the code was out there?
Oh! I have a suggestion for Wordpress users: Try WPSocialite.[1] I put a slightly modified version at mightygodking.com. I should send that mod upstream...
I was hoping the changes would include a commitment to him keeping to discussing things he knows about, rather than having the expert's problem of talking about things outside his domain knowledge and being considered an expert for it regardless.
It's surprisingly common. Here's[1] the most recent example of Schneier talking out of his domain with the potential to cause damage.
The problem is that Schneier is a pundit, not a security expert. He has a good knowledge of cryptography but as a media pundit he's often asked questions outside of his domain and on responding or commenting he's referred to in the media as an expert. This is precisely what happened with his views on Airport Security. He was expressing views as an expert when he was known for cryptography and had no domain experience in airport security. Over time he's clearly researched it and had more interest in it, but his earlier stuff shows his lack of domain knowledge, yet because of his media presence he's automatically deemed an expert, and this is dangerous.
In the most recent example of security awareness training, I would bet £5 (to be donated to the Open Rights Group, the UK equivalent of the EFF) versus the equivalent in dollars to be donated to the EFF that Schneier never once in his lifetime has been involved in implementing a security awareness training programme. Yet his commentary on this marks him as an expert in the field as far as the media is concerned, and such views coming from 'an expert' may impact the security awareness programmes of many people trying to improve security in their own organisations worldwide. There's strong and well put opposition to this from Dave Kennedy[2] and Andy Ellis[3], the latter of which is Akamai's CSO, and someone who actually practices security on a day to day basis.
Just to be clear, I am generally critical of Schneier and I think it would be unfair not to state this. While I'm not a cryptography expert I recognise the work he's done in that field, however where his points have crossed over into my domain knowledge I've found his comments often show a lack of experience for someone deemed an expert by default. I don't blame him for this, but I do believe that he benefits from it and does nothing to counter the impression (that he is an expert in areas he clearly isn't).
I don't find it very surprising that providers of security awareness programs don't agree with Schneier's arguments against their offering.
But since they have a strong financial incentive to disagree with him I'm doubtful about their arguments.
Their arguments were also not convincing to me. Let me quote a random and very shallow bit from the first linked post:
"An education and awareness PROGRAM is not a one hour CBT and clicking through something. It’s education and awareness just like your HR department helps you navigate to your expenses."
> I don't find it very surprising that providers of security awareness programs don't agree with Schneier's arguments against their offering.
Erm... I wasn't talking about commercial providers of security awareness programmes. I'm talking about people who work in security who actually implement security awareness programmes as part of their security management processes, and the risk of a higher up being convinced that it's not worthwhile because schneier said so.
I've actually had a phone call this morning with one of my clients where this article was raised as justification for cutting the security budget next year by reducing spend on security awareness. This is for a major european defence manufacturer who's under pretty much constant attack by people looking to steal their IP.
In reference to your quote, that's not desperate, it's fact. A proper security awareness programme is created and maintained by the organisation itself on the basis of trying to find the best way to counter the threats the organisation faces. Some organisations will find that the need for this is relatively low and that the biggest threats they face are things like password sharing and internal things with disgruntled employees. Others may find that they're under constant attack from external threat actors and need to train people to help support their detection capability. In either situation it's definitely not a one hour CBT, it's more complex, it's more nuanced and it's ongoing.
Facebook: https://www.facebook.com/sharer/sharer.php?u=http%3A%2F%2Fex...
Twitter: https://twitter.com/intent/tweet?text=My+tweet+http%3A%2F%2F...
Google+: https://plus.google.com/share?url=http%3A%2F%2Fexample.com
LinkedIn: http://www.linkedin.com/shareArticle?mini=true&url=http:...