Real Estate Hive

Major Changes to Facebook Pages: Bye Bye FBML, Hello Iframes!

facebook page

On February 11, 2011 Facebook announced some major changes to Facebook Pages which have some big implications on businesses with customised Facebook tabs and applications. Facebook has advised that as of March 11, 2011 we will no longer be able to create new FBML apps and we will be unable to add the static FBML app to Pages.

For those of you scratching your heads right now, FBML is the customised Facebook code previously required by Facebook to build applications and static tabs on Facebook Pages. Instead, developers will be able to use standard HTML, CSS and Javascript like on any other web page, using iFrames. iFrame applications enable you to embed an external web page into a tab on your Facebook Page.

Why the change?

Facebook has advised that these changes have been made to “help Page admins manage communications, express their brands, an increase engagement.”

A more practical explanation is that as iFrame applications are hosted on the user’s web server, Facebook will be able to avoid the massive bandwidth costs it currently is facing. This is because with the old FBML method everything was proxied on Facebook’s content distribution network proxy.

Another strong reason for making the change is that Facebook and developers will no longer have to continue developing FBML – a now considered dead or obsolete technology.

Now that Facebook has monetised, they are looking to make massive savings for future growth.

The Pros

Many developers are seeing the iFrame change as good news as they’ll be able to develop without the confines of FBML. This opens developers up to explore every single bit of functionality they can now add. One exciting development of the change is the new ability to pass data to the tab and detect fans and non-fans.

The Cons

As iFrame applications are not hosted by Facebook you will need to upload the content files for your application page to a web server. You will also need to ensure that your web server’s host is reliable and that the code does not generate errors. If a web server has issues or goes down, errors are likely to crop up all over the place.

Page admins and marketers will also need to be sure that their web servers can handle sudden growth in traffic and increased server loads, when running campaigns and promotions on their Facebook Page.

Another major foreseeable issue is security. Many fear that the new iFrames could open the door to even more abuse and make attacks on Facebook much easier to instigate. Facebook has updated their policy to circumvent abuse, however this does not mean much to cybercriminals.

As developers are no longer constrained by FBML, the possibilities of what they can do are limitless. The more malicious developers could quite easily trick users into installing viruses, redirect them to alternative sites, capture user data, etc

“No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes” commented Rik Ferguson, senior security advisor at antivirus vendor Trend Micro.

It’s better to be safe than sorry. Protect yourself from cyber criminal activity by following these general rules of thumb:

  • Always exercise caution
  • Always run anti-virus and anti-malware software
  • Ensure your operating system is always up-to-date
  • Use a more secure web browser with security enhancement e.g. Google Chrome with site warning
  • Don’t be fooled by enticing links! Never enter your username and password unless it is on a Facebook provided login page
  • Check out the apps before granting them access to your profile

Facebook may eventually look at introducing some iFrame security control in the future so iFrame contents and data is sanitised before being presented to users. However, while this would help protect users it would also add a lot of time and processing on Facebook’s end and produce a lot of false positives.

So in the meantime be careful when following links, accessing Facebook applications and clicking on Facebook Page tabs.

Scroll to Top