View Full Version : Instead of trying to defeat frame busting....

10-22-2006, 09:19 PM
If my pages were mildly popular (as they will be virtually unknown at the start), in your opinion, what would be the odds that site admins would add a small "if parent.location != www.mysitelinks.com then bust frames" condition to their frame busting code to allow my visitors to become their visitors?

Philip M
10-22-2006, 10:30 PM
Odds = square root of minus zero.

10-22-2006, 10:40 PM
I always thought the whole purpose of a website was to get visitors.

If I am helping in that pursuit, what do you think the objections to such a reasonable request might be?

10-22-2006, 11:45 PM
If you don't use frames that display someone else's web pages alongside yours then they can't bust the frames to do away with your page and just display theirs.

10-23-2006, 01:45 AM
If I just scrap the whole idea I don't have to worry about it either. Unfortunately, that does nothing to make searching educational sites easier as I had planned.

The idea is simple. A bunch of links on the left that lead to sites (clearly identified as such - like the page at www.torrentscan.com does) that display in a content frame.

The reasons for such a site should be obvious...easier searches, a common place to gather sites of interest that may change as the site ratings change and so on...

But, because people seem to be paranoid (not entirely without cause, I might add) about something that they cannot prevent completely anyway, they have made it more difficult (but not impossible) for legitimate web pages to include their site(s) as a service to the user.

Frame busting harms more than it helps, and I 'll tell you why.

If I am determined to trap (or steal) your content, I can do so via a call to a server that strips out your page's core content from the DOM and returns it to my frame/iframe/div page for display. And, no, there is not a damned thing you can do to stop me. (It'll even look more like my own content than framed content because I can fiddle with the innerHTML - whereas I cannot in a frame that exposes site content from another domain).

So, frame busting only stops those that are very simplistic in their approach to stealing content. Besides which, stealing content by using an iFrame does NOT look like you made the content that you stole, unless you are stealing the main content frames from a site that uses frames to display its own content.

Most sites contain banners and headers plainly identifying the site. Trapping these in a frame should also show the main headers, banners, footers, etc. UNLESS the site being stolen from uses frames to display content pages - which it should not do.

Using a frame to display the pages from another domain means that these headers, banners, etc. all stay in place - as you cannot edit the content of a frame that loads cross-domain content from a local frame. Using my web service method, I am able to strip your headers, banners and anything that I wish before displaying it to the end user. You are much better off allowing frame trapping than the alternative - if you care about being credited for your content.

Professional content sites do not use framesets, they use CSS.

Although I could capture frame-busting sites from a call to a web service, I will not do so for 2 reasons. (1) It is too expensive as far as bandwidth is concerned to offer the service free and ad-free as I had wanted. (2) I can always replace the paranoid sites with sites that are more interested in the distribution of knowledge than in the protection of ideas.

So, I will probably develop the site without forcing the paranoid sites into a box for all to see. I will simply show the user that some sites are not compatible due to the site admin breaking compatibility with normally accepted standards of displaying content in frames and iframes. I will explain the rationale for the site admin doing so and then recommend alternative sites for similar or the same content.

If the users choose not to use the tools I provide because of this limitation, so be it.

Hey, the tools are free. If they were paying, I'd trap the stubborn sites and be done with it.

Just my 2 cents.

10-23-2006, 01:59 AM
I might also add, I have asked people that have frame busting on their sites (here and elsewhere) just what objections they would have to a site that (a) lists their site in a list of desirable sites to visit (b) shows their site in a content frame large enough to display the site as it was meant to be seen and (c) provides a direct link to their site for bookmarking.

Nobody had an answer. That's right, NOBODY.

While I respect their wishes to be known as the author of their own content, I feel that this unfounded (for the most part) fear actually harms their website as far as the number of visitors.

I guess, as a site admin, you have a choice to make...visitors or the rarely-see-but-much-feared content thief. (Hey, maybe that'd make a good Halloween costume.....anybody seen one so I can make a sketch to work from?)

From where I stand, I see more loss of revenue and loss of ranking by limiting access to the site than by content theft.

Heck, even Google and CNN don't bust out of frames. Why should anyone else?

I'll be quiet now.

10-23-2006, 02:29 AM
If their site uses frame busting code then that means that they don't give permission for their pages to display in someone else's frames. IAt least some of the sites using framebusters have had problems in the past with their content being displayed as if it were part of someone else's site. Also they may have problems with advertising on their pages not displaying if the site is loaded into frames. Finally, frames (apart from iframes) are deprecated and should not be used for new web page development in any case as future browsers are not required to support them.

If you want to have a list of sites that stays open to allow easy swapping between a number of different sites then do it as two separate windows (or browser tabs) rather than two frames in the same page.

10-23-2006, 04:38 AM
So, frames are depreciated but iframes are not...do I understand that correctly?

I did not know that ads got hosed when displayed on pages in frames. I really don't understand why either. If the link is clicked, the clicked ad will appear to come from the original content site (if the onclick event is coded correctly), not the framing site. This would seem to be an error in link recognition by the ad hosting company.

The advertising company should know better, but I suspect they use their bad code as an excuse to not pay as many people as possible. (Didn't Google get sued recently for Adsense inconsistencies?)

As for not giving explicit permission to show a site in a frame, I agree that they have not. But, they have also not given explicit permission to show their site ANYWHERE - not even in specific browsers.

If we are to assume that they want their site to show in browsers, what about text only browsers showing photography sites? That wouldn't really give the original vision that the author had, would it?

What about browsers that use Greasemonkey to change the way that sites show in the browser or add-ins/3rd party browsers that strip out ads that pay the site's bandwidth bills? Surely the author didn't have that in mind when s/he created his/her content.

The point I am making is that when you put content on the web, you lose control of it. That doesn't make copyright infringement moral or legal, and you don't have to like it - but, as a web admin, you do have to face reality. And, the reality is that your (or my) content is not safe on the web.

The best that you can do is make your site, friendly, attractive, easy to use and offer frequent new content or a useful web application to keep users coming back for more.

Frame busting (while making you feel more secure) does nothing to make your site's content truly secure. It only narrows the audience that gets to see your content the way it was meant to be displayed.

You still have people downloading entire websites and posting them as their own. You still have theft of your content. You just have fewer people actually being exposed to your content on your page.

I have given the subject of placing frame busting code on my sites a lot of thought. And, IMHO, allowing frames actually increases the chances of my work being recognized as mine and increases the chances that someone will see any attempted content theft (as the links and content page link still are pointing to my website) and report it back to me.

If frames are not used and your content is stolen anyway (which is FAR more likely than frame content theft), the people that see your stolen content on other pages may assume that you stole the content from the page that they originally saw it on.

How are the surfers to know that you posted it first? There are no links because you use frame busting - so the content thieves simply cut-n-pasted your content to their domain. And, how many of them do you think will take the time to look at date/timestamps or search web archives to see which site said it first? That's right - none of them.

I am afraid that we are missing out on many positive things because of the ill-conceived idea that it is even possible to protect content on the web. Practically and economically speaking, it isn't.

Oh well, frame busting isn't be the first time that a well-meaning solution cost society more than it cured and it, sadly, won't be the last.

10-23-2006, 05:14 AM
This'll make ya think - even if you disagree.... http://avc.blogs.com/a_vc/2005/11/the_future_of_m.html