For the curious developers or security folk following us we wanted to share the methodology behind our SmartShare: safer social sharing plugin.
The State of Social Sharing
Commercial sharing tools provide simple and fast social sharing of web content. Tools like AddThis, ShareThis, and other CMS plugins that enable social sharing, are ubiquitous. Every contemporary website utilizes some on-site bookmark sharing tool. Social Sharing buttons/links are preset to recognize the URL of the page they appear on, allowing visitors to quickly propagate content to their digital/social networks. The tools are simple to install and provide countless “free” benefits. However free is never really free, few people realize that most of the companies that provide those solutions only do so to gain access to valuable information about you and your users. Those companies rely on the adoption of their 'free' social sharing tools to build vast web-wide user profile databases. They use the data they collect to power ad targeting businesses, and sometimes, they even sell the data itself. Rarely, if ever, do the websites that provide all that data see any compensation.
The “Smart” in SmartShare
Similar to commercial sharing tools SmartShare has a simple to use UI and is easy to install on a webpage. SmartShare differentiates from most other sharing plugins in the following ways:
- No user tracking. In most other tools all actions you perform with the tool are tracked – unless you explicitly check the “Do not track” link.
- Use of IFRAME to commingle distrusted content with our existing site layout.
- No advertisements, ever. Though there is a link to the SmartSocial Share tool page, this is simply meant to spread security awareness and is easily removable with no consequence.
The Nuts and Bolts
Tried to find the simple best solution for plugin generator for the 4 major networks :
Facebook , Google +, Twitter, Linkedin -
Of the 4 networks above only facebook and Twitter provide a Iframe implementation of their "Like" and "Tweet" buttons
- Twitter "Tweet" button
Similar to facebook like button Twitter has an iFrame implementation of the Tweet-button. Using query string parameters we customized the Tweet Button's behavior for scrolling and horizontal smartShare tool. More details can be found here.
Google +1 button code is actually inside an iFrame. As you can see here we are locally hosting the plusone.js file to pull the +1 code. When you inspect the elements inside the Google +1 button you would see that +1 code is populated inside an iFrame.
After getting all the plugins together into one html div tag, we used jQuery and jQueryUI libraries to position and scroll the SmartShare.
This Isn’t 100% Secure