Click the like button, or don’t

So, Facebook has introduced alternatives to the Like button. They are Love, HaHa, Wow, Sad and Angry.likeloveLike, wow. How sad. That makes me angry, because haha, some of those words are verbs, some are adjectives, and some are exclamations. They don’t go together, Facebook! And anyway, I’m never going to use them, because, well, obviously, you know?

Now I’m guessing this has happened because some people are in the habit of putting whiny posts on Facebook, moaning about their problems. It’s impossible to Like those posts, but just conceivable that someone might Sad or Angry them. What’s needed, of course, is a Fuck off button, but Zuckerberg’s never going to give us one of those.

Now this post is beginning to sound a bit whiny itself, so before you’re tempted to Sad it, I’d better get to my point.

The bottom line is, I’m going to turn off the Like button on my blog. Why? Because I really don’t care whether people Like my blog or not. I don’t care whether they Love it or Haha it, or even Angry it. In fact I hope that sometimes they will. That’s not because I don’t care about my readers, but because my readers have brains and can write an Angry comment if they wish (or even a Sad comment or a Haha one.)

Also, I really don’t need another metric in my life. Yeah, life’s too short for unnecessary metrics, don’t you think?

Click Love if you agree, or Sad, if you don’t.

Oh wait, too bad, I just removed that option.

47 responses to “Click the like button, or don’t

  1. Agree. (Wait, is there a button for that?)

    • Haha, yes, that’s the problem, isn’t it? The internet is training us to be lazy. If there isn’t a button, we have to exercise our fingers and very often that’s too hard. Thank you for taking the time to write a comment, Sophie.

  2. I’ve always had mixed feelings about the Like button. It lets people provide feedback other than through commenting or sharing, but I’ve wondered if we’d get more comments without it. I guess you’ll find out.

    BTW, if (and only if) you’re comfortable discussing, how did you get SSL enabled on your custom domain? I asked WordPress support about it and was basically just brushed off.

    • Yes, I understand that people like to use the “Like” button to show that they read the post. I’m slightly worried that people will miss that quick and easy way to say, “Hi!” I’m hoping that maybe I’ll get more comments instead.

      Regarding SSL on my domain, I noticed that just recently. I didn’t do anything, it just happened. Maybe it will happen to you too?

    • Just a WAG here, but it might be due to not having the custom domain name in the SSL certificate. When I try to use https to connect to my blog, the error I get is: uses an invalid security certificate.
      The certificate is only valid for the following names: *,
      (Error code: ssl_error_bad_cert_domain)

      I used to run some J2EE apps for the company, and we went through a period where the environment operators were allowing SSL security certificates to expire (all of a sudden, at midnight, none of my users can connect anymore), so I was forced to dive into that world a bit. The “bad cert” error is familiar and makes sense in terms of what it’s saying.

      The question is whether it’s a matter of adding the custom domain to the cert or arranging for a separate cert for the custom domain. That I cannot answer.

      • I think you’re definitely right. Anyone who uses the domain is covered by the * certificate. But our custom domains wouldn’t be.

        I asked the WP folks if it was possible for me to get my own certificate but they said there wasn’t any mechanism for it, but that they were looking into a solution. It just happening for Steve’s blog is a promising development. We might wake up tomorrow and have it on ours.

        Which would be good since Google now ranks sites with SSL over those without it. (Although I’m a little worried about how the browsers might handle posts with old images using http links.)

        • D’oh! Of course. That’s the main cert for the site, so it’s not like they can add all the custom domains they support. That does complicate the issue quite a bit.

          Interesting about Google.

          Why would a blog need SSL anyway, though? Why does any “read only” site need it?

        • Good question, particularly since the administration and authoring part has always been encrypted anyway. Google might say something about the contact info that comes in with comment posting, but I suspect they just want to see all communications habitually encrypted to minimize the chance of anything sensitive accidentally being transmitted in the clear.

        • Oh, I think you hit it. Contact info does make sense. Cookie data might itself be encrypted by a site (or just coded as DB keys), but an attacker might be able to just copy it and use it to get access to your site!

          Hmmm. That might be a good reason to make a point of always formally logging off your sites. If you don’t, those cookies can be used.

        • Hopefully anything that would give admin access to your site is scoped only for your site’s domain (otherwise other blog owners could conceivably be able to see it) and marked secure, telling the browser not to submit it unless over an https connection.

          Of course, all it takes is a typo in cookie handling WP code to accidentally send a cookie that should be scoped narrowly to all wordpress sites. But I wouldn’t worry too much. has a good reputation on security. At least they did back in 2013 when I checked.

          You just inspired me to look at the cookies my browser has from wordpress. My, they do like their cookies: I have 61 for my site, 42 for overall, and 14 for my custom domain. But I suspect that’s par for the course these days.

        • A quick check at reveals that was given an SSL certificate on January 27, 2016, which was not caused by anything I did. It appears to be a valid certificate for the domain and for a few dozen other blogs too, so maybe this is something WordPress is rolling out? The certificate expires on April 26, 2016, so let’s see if WordPress renews it.

        • It sounds like you’re in a pilot implementation Steve, and the pilot ends in April. Cool. Hopefully that means the rest of us get set soon afterward.

        • Whoa! I see what you mean! And you’re right; I poked around just a little and found many other sites with large cookie jars. Most sites seem content with just one or three, but it’s a whole other ballgame for some (magazine sites have a lot!).

          (WAG: Sites having lots of sub-systems, each with their own cookie or three?)

          Many of the WP cookies are indeed marked send only on secure connection (ones related to admin, from what I noticed). Others are sent over any connection, and maybe there I can see the potential security problem depending on exactly how a site uses those unsecure cookies.

          It might be possible for a sophisticated attacker to spoof a WP user. I’m pretty certain an attacker can’t use this to get into anyone’s admin.

          I leave my home PC logged in on WP, so I can clink on a link (in an email, say) and open FireFox on a blog or post, and I can comment or Like as logged in Wyrd Smythe.

          So being logged in is part of the ‘any old connection’ cookies. Could be a flag or a DB key or an encrypted token, but some datum in some cookie lets me do that. And it doesn’t expire, at least not in a handful of days.

          So if the cookie is captured over an insecure link, an attacker can use it to spoof me as a normal logged on user. (In my work, I’ve sometimes added timecodes to force attackers to use any captured data within a certain timeframe.)

          I’m not sure the server cares about the IP of the cookie client. In general, client domains can change, so while browsers care a great deal about the server domain, I don’t know that servers care about the browser’s.

          The domain scope rule prevents third-party servers from getting cookies not meant for them. Servers assume cookies come from people who have a right to them (but may have taken their laptop between locations).

          So, long story long, yeah, no doubt we’re quite secure here admin-wise, and pretty secure here in general, but I think maybe I can see why — these days given sites with big cookie jars — Google is preferring https.

          The risk here is that maybe it’s not me leaving this comment ( 🙂 ), but other sites might not have such generally careful programmers!

          It does seem that it would be in WP’s best interest to have all blogs on https! Hasn’t happened to me so far. Maybe it’s a British thing? ❓

        • In the old days (he said shaking his cane), cookies were limited to 4k per domain, so we used them only for session ids and such, but I think that limit was lifted some time ago, and with HTML5, it’s now possible to store a lot of local data. (With lots of sandbox restrictions.)

          On the SSL pilot, my own suspicion is that it either has to do with the relatively high volume of Steve’s blog, or the design theme he’s using.

        • Or it might be alphabetical?

        • Good point. If that’s the case, I’ll be on the tail end. (Which is typical. In school, with a last name of “Smith”, I rarely found alphabetical sorting fair.)

        • Ah, design theme! Yeah, that makes sense. If it’s based on volume, it’ll be a long time coming for my blog! 😀

          Ya know,… I think I’m lucky I got out before HTML5 became a thing I had to deal with. It’s all fun and games until someone gets an eye put out! XD

          (I have notes for a post about how the original intent of the web (marked up hyper-linked content that was agnostic about how it was rendered) was lost almost immediately to those who demanded full control over how their stuff rendered. And wanted interactive app features! HTML5 is one more victory that effort. I have mixed feelings; we’re putting an awful lot of eggs in one basket.)

        • On HTML, yeah, I think you’re right that that battle was lost long ago. HTML5 and CSS are improvements though. The programmers that work for me don’t have to do nearly the ugly stuff I used to have to do to please the client’s desire for a specific look.

  3. WP should allow custom-designed buttons.

    I’d like: [Huh?] [Duh!] [No Opinion] [WTF?] and [Petrichor]

  4. When f***book changed their Like button, I quit clicking it altogether. Instead, if I have a thought about what someone posted, I type it out. I could care less about a bunch of little icons I can barely see.
    😀 😜 😱 💀 👀 🏃 💋 👓 🦄 🐎 💫 🌮 🍸 🚴🏻 🎸 🚀 💡 🔬 ❌ ➰

  5. Ah, but we love being able to let you know we’re here and we care and it makes us feel good to like you, even when we’re kind of brain dead and can’t string a bunch of words together in a thoughtful way. But I won’t complain too much. I just might have to comment more often.( Like. )

  6. I’ve always used the “like” button to mean: “I read your post, but I’m feeling too lazy to comment or I don’t have an opinion about the issue or I do have an opinion but I’d rather keep it to myself.”

    But I know others use it even when they don’t read the post. I think it’s a way to get your attention and perhaps get you to visit their blog. I get an instantaneous “like” from someone every time I post, and I know it’s not possible to read that many words in three seconds. I’ve heard of speed reading, but I even so, I have my doubts.

    On Facebook’s “like” button…I’m not sure how I feel about it. I’ve never known what to do with Facebook anyways.

  7. I did consider this too and I posted a rant about it. I felt better afterwards and the like button is still there for now.

  8. A benevolent monarch continues his good works.

    Hail, King Steve! One word does not a sentence make.

    • Haha, I think you might be poking fun at me, Chris. If only you had included an emoticon so I could understand what you really meant!

      • Verily, I applaud! Appreciation (or affront) surely should require more thought and effort than pressing a button.

        “So shines a good deed in a naughty world.”

  9. Well this has certainly generated a lot of comments …

  10. Wyrd, it’s not a British thing. The sites sharing my SSL certificate are international. They all begin with the letter “b”.

    Cookies are extremely common these days. Ubiquitous, perhaps. All but the most trivial site will use them for logins, analytics, etc.

    • (You’re lucky I happened to notice this. I usually just subscribe to the thread, not all comments.)

      Yeah, I just took a peek at your cert, and not only do they start with “b” but they all start with “blog”! That short expiration time is weird, so I think SAP might be right about this being some sort of beta. (And typical of WP to not give you notice.)

      I’ve been thinking a lot about your removal of the Like button and I like it. I may do the same. A couple of users have asked about a Like for individual comments, but I refuse to turn it on. Not only do I not know what others mean when they click Like, I don’t always know what I mean when I click it.

  11. I wanted to like this…

  12. Cool, nice point of view on this! I do not “like” stuff on facebook anyway so I do not care much about it. I use the like button in WordPress though I understand from your post that you did not want have it there. Sometimes it pisses me off how people only like your posts but never ever say anything, even view from them do not appear so you know that they just use likes to keep you interested in their blog -_-

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.