New Digg Feature = Friend Spamming: Proof of Concept





Update: Ive added like 200+ friends. This is ridiculous.

– Story Buried at 46 Diggs. Hmmm. Who would have thought? Maybe they wouldn’t be able to handle the #of friend requests if it had hit the front page…

– Here is my Befriended List

– You have to be logged in to Digg for the exploit to work



In what has got to be the stupidest move in the history of community features, Digg has created a URL-powered friend-adder. Basically, all you have to do is visit the url http://digg.com/invitefrom/{username} such as http://digg.com/invitefrom/russvirante and you automatically add them as your friend if you are currently logged in to Digg.

So, why is this royally stupid? Why should the inventor / everyone who thought this was a good idea go home for a long, long, long vacation?

<iframe src="http://digg.com/invitefrom/russvirante" height="1" width="1"></iframe>

The proof? I have inserted this code into my page. In about 5 minutes, go check your friends list and say hello to your newest buddy. And then delete me: at least there is a friend remove tool

The simple solution: Add a captcha to the landing page to verify that the user wants to add you as a friend. Come on guys, its not hard to avoid this type of spam.

No tags for this post.