A Facebook friend of mine liked a video which was a little out of her ordinary preferences: "The beautiful Marika Fruscio shows her breasts on Italian TV!" and if you're like me, you click on just about everything on your feed.
Of course once you play the video, it shows up on your Facebook feed, so I wanted to learn how they did that -- so that I wouldn't get tricked again, or at least I could play the same trick on someone else.
It turns out that the site had layered in some transparent like buttons over the play buttons on the video, so when you saw:
Your browser was really showing:
But the buttons are transparent; it's french site, so they're showing "J'aime" buttons, but that might also be intentional since "J'aime" is longer than "Like" so they have a slightly larger target. Notice that they've remembered the play button in the lower corner.
How do we do it
Take your page (and this assumes you're hosting a webpage somewhere), figure out every really sweet spot that people are likely to click and then take your Facebook like button, which will look something like this:
And put it in a DIV right after the sweet spots with opacity set to 0.0, and a margin-left of -50px or so. (you may want to play with the styles of the various elements -- view this page source for my attempts).
How do we fix it
As long as Facebook wants likes to be single click actions (a second click on a Facebook branded page would be just about impossible to fake) I think they're actually doing everything right, which makes this kind of hack a lot more dangerous, because it's up to the browsers to solve, namely that CSS opacity should not inherit cross-domain (it's one of those things that's obvious in retrospect). Oddly enough, this is all harder to test this because it seems brand new Facebook accounts can't "like" things (I imagine to keep sites from inflating their counters.
Sometimes clicking the invisible like button, (like you did when you pressed "more"if you were logged in to Facebook now, I'd have hidden one on the "more" button) opens a second window (which I ignored as an advertisement) which might alert you, but things you've liked don't show up on your Facebook homepage, it's only if you visit your profile that you find out you've liked something.
One thing you might be able to do in the meantime is to set up a custom stylesheet for your browser that sets opacity:1 for the facebook.com domain. I imagine if I get tricked again, I'll look into that.
Going Viral
The picture that shows up if you like this is a Creative Commons photo from News Fedora that popped up in a search for "sexy girl glasses." I figured that would probably get the most attention, but that's just a guess, at some point I might check to see if other pictures or titles work better. Similarly, the title is a little misleading intentionally, and I might play around with a few different titles to see if any work better. Like I said earlier, I hide a like button on the "more" link up above because I'm curious if this would actually work in the wild or if this was a fluke. I'd be happier if it didn't, but I'm always experimenting.
When you see someone else get to put random junk on your friends (and your) Facebook feed, naturally, you want to know how.