# Allow Facebook scripts and objects to be included only # from Facebook pages Site .facebook.com .fbcdn.net .facebook.net Accept from .facebook.com .fbcdn.net .facebook.net Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
This tells NoScript to allow Facebook scripts (you know, to visit facebook.com), but to stop them from being included in other sites. I guess with NoScript’s surrogate scripts one might even be able to replace Facebook’s Like-widget with one that just shows the old-fashioned (and harmless) share-button. Now wouldn’t that be fun?
I like Facebook. I like sharing stuff there, I like liking friends’ activities and I like friends sharing and liking my links and posts. But I really, really don’t like Facebook’s Like buttons and similar boxes! Because I see some serious problems with the like button;
The page containing the “like”-widget loads and renders significantly slower (i.e. performance impact)
Facebook can track me visiting this page, even if I don’t click on “Like” (i.e. privacy issue)
no contact with Facebook unless clicked on, so tracking of my surfing behavior is not possible
an intermediate screen shows what you’re about to share, meaning a much lower security risk
no forced relationship with the page owner, i.e. “avert 2nd privacy-risk: CHECK”
But as I can’t force site-owners to remove the “Social Widgets”, I can only install something like No FB Tracking to disable the virus that is the Facebook Like-button. And whine about it on my blog, off course.