Everyone (who is a nerd) loves the XmlHTTPRequest. It's awesome is why. The web starts behaving like applications. Things work how they are supposed to, and mum and dad don't need to know anything about post-backs and submit buttons - "Submit? Submit to what?!"
There are a myriad of examples of Asynchronous Javascript and XML (errgh, ajax? I give it two thumbs down. But I'm too lazy to think of something better, so I'll shut up on that front) that show why it's the greatest thing since the 1 pixel gif. (Check out fiftyfoureleven.com. That's got some swanky stuff)
For all its goodness, however, something smells a little funny about this holy grail of web communication... like beer and chocolate before it, there is an evil side to what - on the surface - seems pure and innocent.
The evilness lies primarily in its newness. A whole swag of newly trackable data, sent at any time, sent without the user's knowledge, without the (average) user even knowing it's possible. Every keystroke, every mouse move, every click, every pause, can now be captured and sent to the web server and there is nothing you can do about it.
Like every technology, of course, it can be used for good and it can be used for evil. The evil, I think, will mostly be in the form of user-profiling. User profiling previously could only be done on posted data - data that the user wanted the server to see. Now, the user will be constantly monitored - especially for things like the "delete" key, or checking then unchecking boxes. And so on.
Not convinced? Not ready to rise up and strip the XmlHTTPRequest code from your browser? Perhaps this mighty text adventure proof of concept will chill you to your core... "The Search For Fonzie's Treasure" - can you save Fonzie's soul from everlasting damnation?
Good luck, but remember... although it seeeems like harmless client-side interaction, every four moves an XmlHTTPRequest is sent to my server and your moves saved. FOREVER. Don't make a typo. I'll know. Don't try something stupid like "eat jukebox". I'll know.
Scared yet? Check out day one's Fonz Requests.
29 Comments
i dont know if its evil. seems like a good idea to me. cool game too.
I’m not really sure that this is that big an issue – or, even if it is, that your proof of concept demonstrates it. I mean, in the text of your blog entry, you present a more compelling argument than the game itself. The idea that the server can transparently communicate exactly what the user is doing before she/he clicks any kind of link is interesting – I can know if the user mouses over a web banner, and but doesn’t click, etc… or (in theory) how long the user scrolls down a page, or something – but the game doesn’t deal with that. You’re still submitting data to the server, every time you run a move. This would be no different than writing this game in the regular HTML Form -> Server -> response page – it’s just nicer, because it’s XMLHttpRequest.
And if you want to know about sensitive information being stored transparently in an Ajax application, my iPod bartender app stores temporary files containing drink recipes, named however the user specifies (although it is completely anonymous.) You should see what some of these people name their drink collections! :-)
The game is cool, however. I hit the jukebox.
I don’t know about XmlHttpRequest being evil, but I know what is: a combination that starts with 0 and doesn’t work, leaving someone going around in circles for a long time X( Other than the run-around, I much enjoyed a walk around the set of one of my favorite TV shows =) Make me want to write one of these now, but I lack the patience…
–CDFritz
CDFritz – Ill check that out… I saw your comments in your moves – nice lateral thinking there :)
Andrew E – Yep, I fully agree (though, of course, this game is entirely client-side javascript, so you would not assume your data was being posted) I was going to write a more relevant proof-of-concept, but it was really really boring :)
Also, I saw your iPod Bartender application a while ago and told all the iPodders in the office about it. I, unfortunately, am still iPoddless.
Ill never use the web again! They are watching me! Everyone watching me!
I have put together a resource site called AJAX Matters. I look forward to your suggestions.
That was fun to play (reminded me of Shadowgate) and an impressive demonstration of Ajax use… congratulations !
was this done using ruby rails? or which ajax technology? is the source for this available? it’d be great to learn from it!
Hey scott, It just uses a very simple xmlhttprequest send to send data server. Its all in javascript, so check out the code for the game, and the remote scripting stuff in the javascript include.
The send stuff is right at the bottom of the file. The wierd OnReadyStateChange function “readyChange” is to do with the “live help” stuff i implemented. (Check out the next blog entry here)
Bug in game — don’t want to give up
too much, but let’s say when the random
number generator chooses a number like 080,
the parser can’t understand it because it
thinks it’s octal.
Ran me crazy until I d/l the sourcecode and saw it : maybe
the 1st number of the RNGenerator should just be 1-9 ?
He he. Sorry about that Dave. Just making it a bit more um, challenging for you. I *PROMISE* I will fix this this real soon. PROMISE!
No problem :) — forgot to add a) LOVE IT! Great Job!! and
b) VERY COOL and useful!!
Nice going!
Looks like fun. Sure wish I could see green on green. Or green at all for that matter.
http://www.mrspeaker.net/ajax/fonz.html
Ummm, you rcorded my game? Ummm, the request to sniff Mrs C’s knickers was just to test the parameters of the game, uh, yea, honest guv!
You can “Hit” the jukebox in any room!
David – you are witnessing the power of the Fonz.
I am a beginner trying to decide between frames or tables to use for a design that has one top bar, and then two vertically seperated equal frames/cells. A major component of the website though will be the ability to send friends links to specific pages, as well as bookmark. With frames it seems that this isn’t possible. But with tables, i also want to be able to allow the user to click on a link in one cell/frame that will request a document to open in the adjacent cell/frame. I was thinking that xmlhttprequest combined with tables might be a solution? I also thought i knew how to fix my car and its still in my garage.
I don’t know the exact requirements of your project, but what you described sounds like what we in the biz call a “web site” – you shouldn’t use frames (un-bookmarkable, and sooo 1996), and you shouldn’t use tables (sooo 1999) – you should start to get your head around XHTML and CSS. They’re a bit fiddly to begin with, but its where its at. (There are even handy tools like The CSS Creator where you just enter: Top Nav, left column, centre column – and it spits out the xhtml and css)
Using xmlHttpRequest to grab pages is generally considered bad – or at least overkill. And it wouldn’t be bookmarkable anyway. You shouldn’t be worried about having to reload the whole page each for each link – thats the internet – people expect it, and browsers cache all the images etc, so they load quickly anyhoo…
One of the biggest complaints about AJAX is that people are using it for things that don’t need it. If you just want to experiment with it I’d say have a go. But use DIVs, not tables!
they are using the web to train androids, dont touch anymore browsers
I loved your post about this, however, I didn’t notice any tracking done when I viewed the site. It’s simple, i just disabled javascript. I have javascript always disabled, I only enable it on the site where I would want it. Hence, no user tracking unless I want you to.
For sure Morder – thats why I use the no-script extension for firefox. But what with the whole Web2.0 thing goin’ strong, turning off javascript will soon make half the web un-seeable (or, you know, developers will start making ajax stuff gracefully degrade… haha!). Its a tricky one!
Cool!
Any chance of taking a look at the JavaScript or server side code?
Holy undigested matter batman. Im gonna be rich!
Hi,
I am totally new to Ajax and only shifted from .Net User Controls to Ajax yesterday to perform a task that I need to do for my final year project.
My final year project is a co-browsing application and one of its requirements is that, I should be able to share the contents of the application form on the client’s screen (e.g. filled textBoxes)on the (human) customer service agent’s copy of the same application form.
And i need to do it without posting the page, maybe using a timer.. and i need it both ways, i.e. if the customer allows, the agent could help him out in filling the form by filling certain fields at his end.
Can you let me know firstly, if this is possible in AJAX and secondly, if you could help me in actually implementing it..
I shall be REALLY grateful.
Thanx
Wajih
Pakistan
Wajih… Of course you can do it with AJAX. No need for a timer.
Go read up on some tuts!
@Wajih:
Timers are also possible with AJAX. I understand what you need. AJAX is definately the correct solution.
http://java.sun.com/developer/technicalArticles/J2EE/AJAX/
huh?
Not Found
The requested URL /2005/04/17/the-fonz-and-ajax/FonzsTreasure/fonzWin.php was not found on this server.
——————————————————————————–
Apache/2.0.46 (Red Hat) Server at mrspeaker.webeisteddfod.com Port 80
Loved the flashback to Zork.