LJ’s latest PrivacyFail

I’ve seen a lot of news going around about this, but for those of you who haven’t, LJ has just turned on new functionality to crosspost to Facebook and Twitter.

On the face of it this seems fine. I crosspost regularly, as y’all probably know; all my posts these days originate from my WordPress blogs, but from there they head out to LJ, Dreamwidth, Facebook, and Twitter all at the same time. I’m fine with LJ allowing that to happen for stuff that originates on LJ.

What I’m not fine with is that you can apparently now also crosspost comments. Including comments on locked posts, or posts which are set to screen all comments. The crossposted comments will include a link back to the original post–and if that post is locked, sure, only the people who are authorized to see it will still see it. But there’s no way of knowing if those crossposted comments might quote bits of the original post.

So there’s big privacy fail here. There’s also just general fail of manners, because seriously, it’s just rude to link back to locked posts that people on other sites can’t read.

I wouldn’t have been turning on this functionality anyway since my crossposting originates off of LJ and I therefore do not need it. But I’m leaving it off also on general principle just because of this big gaping security hole. I encourage you all to do the same. Also, while I don’t often post locked posts or posts with screened comments, I do ask that if I do, please don’t crosspost any comments off of them.

The FAQ post about the new functionality is here. The new news post that mentions it is here.

If you feel passionately about this, I encourage you to submit feedback to LJ about it.

If you feel really passionately about this, enough to bail on LJ, I have Dreamwidth invite codes. Let me know if you want one.

4 Replies to “LJ’s latest PrivacyFail”

  1. Hey Anna,

    That’s Interesting. With a Capital Eye.

    Looks like all the social networking sites are having some sort of privacy fail or another. Haven’t posted on LJ lately. And not sure I will after your comments.

    What’s weird is that just last week some “anonymous” stalker dude, who I hadn’t heard from in 2 years, found me on LJ. He commented on an ancient post. Than from my LJ profile, he somehow acquired my Yahoo Messenger ID.

    Eek-A-Mouse. Guess I ought jump LJ’s ship. I already have a WordPress blog. Is Dreamwidth good? It looks pretty cool. Please send me an invite!

    Thanks for the info!


    Btw, how’s the writing coming along?

    1. Dreamwidth is so far for my money the best of the LJ-like sites to date, not only because of the solidity of their version of the code base, but also because of how the folks running it have been doing so. If you’d like a code I’ll be happy to send you one, but I need an address to which to do so! Email me at my gmail address, annathepiper.

      The writing’s been pokey, unfortunately. :( Been waiting for word on one of my manuscripts sitting with a particular press, though!

  2. I read through that, about six times, and it appears to me that it defaults to NOT cross-posting comments on locked posts, so in order to make it cross-post the comment, it would require that the person posting the comment actively choose to do so.

    I think this does make a significant difference. If it works as it says.

    Why someone would want to cross-post a comment on a locked LJ post is another question, as is whether or not they should be allowed to. As for quotes within the comment — In the end, all of that comes down to whether or not you trust the people you’ve allowed to view and comment on the original post in the first place, because they could always copy/paste whatever you said and post it anywhere they wanted to, if they’re not worthy of your trust.

    The only other question is one of functionality — does it work the way that LJ claims it does, or it will it accidentally cross-post things it shouldn’t? If that happens, then I would call it a fail.

    I do think their documentation is not very clear. That’s why I kept re-reading it over and over, trying to pick through the language to understand exactly what they were saying.

    1. Yes, you do have to jump through a couple of hoops in order to turn on cross-posting at all; firstly, you have to link your LJ account to Facebook and/or Twitter. Then, you have the option to turn on automatic crossposting of both posts AND comments to either site.

      Here’s the kicker. Comments on locked or screened posts are as I understand it in theory supposed to have crossposting off by default. What I don’t know, and what I need to test just to be sure, is whether that gets overridden if your own personal settings are set to auto-crosspost anyway.

      userinfocleolinda has been poking at this more and she’s got more information here, not only about the crossposting feature but also about the new pingback feature as well.

Comments are closed.