Wednesday, January 9, 2013

Auto invite friends to Facebook group

Quite a few Facebook friends of mine sent me some Facebook group invite these days. The target group is always bullsh!t in some way or another (e.g.: making friend, life story, love group). I didn't pay much attention until today... Too lazy to work so I spent a while to investigate the case.

Most of the groups tell you to copy and paste some script to Google Chrome's console to get list of people who visit your profile. I have made a copy of the script here.

A typical cover image of the fishy groups

Turned out they use the first degree link to get your friends list then fetch the invite dialog with each friend and finally trigger a mouse event programmatically to send our the invite. Pretty clever! However, the script kiddie is unethical in two ways: After finishing the job (inviting your whole gigantic friends list) which may take a while, they don't show the list of friends in first degree as advertised -- false advertising! And secondly, the first degree is not about people who stalk you, it orders people by how much you stalk your friends -- completely liar! So, if you happen to be invited (like me), you should at least report the group before leaving it. For good measure, please spend an additional minute to report the group admin too. Those bastards!

If you are curious to see the list of people that you stalk, you can use a cleaned version of mine available here. A minified version is also available below:

jx={getHTTPObject:function(){var e=!1;if("undefined"!=typeof ActiveXObject)try{e=new ActiveXObject("Msxml2.XMLHTTP")}catch(t){try{e=new ActiveXObject("Microsoft.XMLHTTP")}catch(n){e=!1}}else if(window.XMLHttpRequest)try{e=new XMLHttpRequest}catch(r){e=!1}return e},load:function(e,t){var n=this.getHTTPObject();if(n&&e){n.open("get",e,!0),n.onreadystatechange=function(){n.readyState==4&&n.status==200&&n.responseText&&t&&t(n.responseText)},n.send()}}};var m="please wait...";
jx.load(window.location.protocol+"//www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+Env.user+"&filter[0]=user&__user="+Env.user,function(e){for(var e=e.substring(e.indexOf("{")),e=JSON.parse(e),e=e.payload.entries,t=0;t<e.length;t++)if(t<10)console.log(t==0?"Most Favourite:":t==1?"Second place:":t==2?"And the third:":"#"+t+":",e[t].text);else break}),m

Just go to Facebook, open the browser console, paste the code and press enter. You will get something like this:

The list looks about right to me
Interesting notes:

  • Google Chrome usage in Vietnamese Facebook users must be quite high
  • Facebook has patched their site from the original first degree script by blocking all cross domain script loading. Very good practice!









But seriously, do not ever listen to ANYONE who tells you to run some arbitrary code on your browser/computer/whatever machinery.