I was just invited by a ‘friend’ to join a Facebook “free laptop” group whose real aim is to get you to take surveys.
Facebook have obviously decided not to have a “Select All” button on your list of friends when you share stuff, to try and reduce spamming. Here’s this group’s way around that, from their instructions:
3) After that, Click the ‘Invite People to Join’ link on the left hand side of the page. (Must do it, it’s part of how we can give these buttons away for free!)
4) Erase everything in your address bar… (The address bar is where http://www.facebook.com is typed, where you type in a website to go to.)
Then copy and paste the following code in there and hit ENTER.
5) Once you’ve done that, all of your friends in the box should turn BLUE, Click ‘Send Invitations’
So, how about a JS URL which creates form elements mimicing a Facebook login form, waits for them to autofill, and then posts the contents off to a server? (Or did we fix that?) Or one which inserts a <script> tag with a src at an attack site? If people get used to blindly following instructions like this, no good will come of it…