I did this and wrote about it[0]. It works really well, is very fast and doesn't compromise your users' data. There are also libraries that make it very easy to add.
Note that by not setting rel="noopener noreferrer" on the links you let the linked sites control the opener window (and of course see a detailed referrer header).
For the case of opening in a new tab, consensus seems to be moving to making it default, though that's not true everywhere yet. It's currently default on Safari and Firefox.
Well if the referrer header matches the shared url it's just bloat in the request headers, and if it doesn't it's possibly leaking details it shouldn't, like perhaps a token in a query parameter. Twitter, Facebook, etc doesn't really need to know where a user initiated a share anyway.
Either way making sure that window.opener isn't available to random sites is a critical security feature and in some browsers that require you to set noreferrer, so better safe than sorry.
Yes, and there's no loss of functionality, you can still share/Tweet/whatever. Really makes you think about what exactly all that extra JS the real button loads is doing.
Unless you have rights holders permissions then the social links at the bottom of that article look like copyright and probably trademark infringements. (I'm not saying that's a good thing, just how it appears.)
> 8. You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.
We know that Facebook uses that paragraph against alternative like buttons.
Many years ago German computer magazine publisher Heise created a version of the like button that works like this: The button is initially greyed out and has to be activated by a slide button to be used. Communication with Facebook's servers starts only when the button is activated.
After threats from Facebook Heise had to change the look of the initial button so that is has none of the Facebook branding. Only the dynamically loaded original Facebook button looks like Facebook like button. [1]
Link to the original alternative like button project in German is [2]. An fork with English documentation is [3].
EDIT: Their current branding guidelines for the "thumb icon" [4] say:
> Do link the Thumb Icon directly to your Page on Facebook when using the Thumb Icon online.
So a thumb icon linking to your page should be OK.
EDIT 2: The branding guideline also says:
> Don't use an outlined thumb with the cuff detached.
So you can use the "Thumb Icon" but not in a way that replicates the current original Facebook like button because that one is outlined and has the cuff detached.
BTW this is exactly what Privacy Badger does: It replaces the original Facebook Like Button (cuff detached) with the thumb icon from the official assets (cuff connected).
>> 8. You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.
> We know that Facebook uses that paragraph against alternative like buttons.
Did you quote the wrong section? That term can't really apply to alternative "like us on Facebook" buttons, because such a button can't confuse users into thinking it refers to Facebook features or functionality, because it actually does refer to Facebook features and functionality.
The quote is from the ZDNet article (reference [1]). It says that Facebook brought up this clause specifically as a reason why the implementation violates Facebooks's terms. Here is a little longer quote for more context:
> Unsurprisingly, Facebook didn't like this change. A spokesperson told the German publication that the way it has implemented the Facebook Like button violates the Facebook Platform Policies, specifically quoting this clause:
>> 8. You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.
> > 8. You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.
As written, if the reference is to Facebook features or functionality, then there can be no confusion and this clause does not apply. This would seem to be the case here.
Facebook's stance doesn't really matter in the end though. It all depends on how this will be interpreted by a judge, and I have a hard time believing that a European judge would rule in favor of Facebook, since there's no possiblity of confusion for the end user. Also, it is done to protect end-user privacy, which European judges tend to like.
I'm adding European, because that's what the article is about and that's where I'm from. Not sure what would happen in a US court.
IMHO to be complete the law should require web widget providers to serve what it says on the tin.
AND NOTHING ELSE
If it is a button so that users can bookmark articles on the facebook website then it shall only do that, nothing else. And so on: the webmaster must host the image himself. If the functionality can be accomplished with html there shall be no javascript. If there is a need for javascript it will be hosted by the webmaster and shall require consent before calling home to the mothership.
For example, visiting a store doesn't give the store owner the right to search your bag.
Then lets not stop there and include all advertisement???
The advertiser knows the topic of the website he is advertising on, he knows what kind of audience is attracted by a specific article. He can place his advertisement at the top or the bottom to further filter down.
This gives him everything he need to advertise his product on that website. The web master can host the images. A neutral 3rd party, preferably a government agency, can track impressions and provide the advertiser with a crude estimate of traffic by region.
I think it shouldn't stop at having other people do all kinds of things and pay for it. The EU could easily fund its own technologies.
THE EU could give you [say] a Facebook like button in html and require you use it. That they have their own TOS is just irrelevant. Or worse, Facebook shouldn't have to invest in terms of service. We should have detailed laws removing the need for a TOS. Standard laws for social networks should apply.
A restaurant owner doesn't have to clutter up his place with 100 no smoking signs. There is no contract to sign before you can eat.
Who cares? Facebook is a zero sum game at this point for advertisers/content creators. Facebook stacking the odds like a casino does chuck-a-luck. There's only them winning here, nobody else.
And they will be suing for what? For attempting to send more people to facebook? What's the damage?
Facebook has no right to have their arbitrary code on other people's websites. So they can't force any specific way to show their button. From the end user's perspective it's all the same.
Facebook could reasonably argue that by bypassing their established use policies for the like button, you are depriving them of value - in this case the value of the data that their JavaScript collects and sends back to them, and that you (the site owner) are being unjustly enriched through the use of their copyrighted image(s) on your site.
Except in cases of fair use, which isn’t nearly as broad as people think, the use of other parties’ images is subject to whatever licensing restrictions they choose to put on them. You can choose not to display their images if you do not accept those terms.
The reason sites want to have Like buttons is because they perceive value in that for the site. A C&D would be enough to bring anyone in to alignment that didn't have a wish for a very expensive day trip to court.
That’s a very broad question. For one thing, fair use is a concept only in US law. Other countries may have their own versions of it, but all of them have their own unique limits. Even under the US version, it is not at all clear that it would fall under fair use. If I start making t-shirts with the Facebook logo on them, is that fair use? No, it isn’t. Is there much difference between that and putting it on a website that I make money from? The right jury would say no.
Fair use is a defense. You, at best, get sued, have to pay a ton of money in attorneys fees, on the chance that you "bet" it's going to work. Tough sell.
Because they want the data their button+js gets for them, and if they let you get away with not using the js, then anyone can get away with it. Better to shut it down early and painfully.
Shouldn't you also show intermediate page with a privacy warning and a cancel / continue buttons?
Otherwise user can click it by mistake and compromise his data.
[0]: https://www.stavros.io/posts/scourge-web-analytics/