Yesterday, Facebook suddenly redirected half the internet to itself, Hulu, Pinterest, Washington Post, Huffington Post, Buzzfeed, most of LA times, The Guardian just to name a few of the big ones were all affected ... pretty much most sites with a Facebook widget on their pages, but not all
The incident lasted for about 30 minutes, during which any visitor going to any one of these sites would instead be redirect to Facebook. http://allthingsd.com/20130207/in-one-fell-swoop-apparent-facebook-glitch-deep-sixes-the-web/?mod=atdtweet
Facebook fixed the bug and issue this statement: "For a short period of time, there was a bug that redirected people logging in with Facebook from third-party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual."
I'm sorry Facebook. That's just not good enough. As a publisher, I cannot accept that a 3rd party site can redirect my traffic either on purpose or by mistake.
That is simply a potential risk that I cannot accept to have. There is a lot of things that we cannot control online. But one thing I do want to control is that when people decide to come to my site, a 3rd party is not allowed to get in their way.
Here is the strange part though. Baekdal.com worked just fine, but 42Concepts.com redirect to Facebook. Both use Facebook widgets. So why did one work when the other failed?
And more importantly, is there something that I and other publishers could do to prevent this from ever happening again, regardless of how many bugs Facebook might make in the future?
The answer is yes.
How you implement these social widgets makes a big difference.
When you go to Facebook you are being presented with four ways:
The result is that if the 3rd party makes a mistake, it can have a serious impact. This is nothing new. We have seen many examples of rouge ad code breaking sites in the past.
But Baekdal.com uses iFrames instead to implement Facebook widgets, and it wasn't affected at all. And the reason for that is that iFrames is essentially a small website inside your site. And the security model around iframes means that 3rd iframes cannot modify the site that it is placed in.Note: See update
So when something goes wrong in an iframe, only the iframe breaks. The rest of your site works just fine.
Obviously, redirecting people to another to their own site is one worst examples I have seen of this yet... especially when it's done by Facebook.
But this isn't about Facebook at all. How have you added the tweet button? How do you embed a tweet? What about the Pinterest Pin button? ...or even the Google+ button?
Mistakes happen all the time. There isn't much we can do about that. But how we implement 3rd party widgets can make a big difference.
It's all part of this discussion we have at the moment about rented versus owned.
See also: Rented or Owned: Where To Focus Your Brand Contenthttp://www.baekdal.com/insights/rented-or-owned-where-to-focus-your-brand-content/Update
It turns out that iframes are not safe from redirects bugs. See the comments. I'm sorry for the confusion!
But iframes will still prevent other bugs from manifesting itself, as the iframe cannot modify the site it is in.