?

Log in

No account? Create an account
No Opt In, No Ads
Fueling the resistance
Hijacking affiliate links 
4th-Mar-2010 02:32 pm - Hijacking affiliate links
Skittish Eclipse
I've been given a heads up that has done some excellent sleuthing and investigation into hijacked LJ affiliate links:

What is LJ doing to my links?
What is LJ doing to my links? Part 2
What is LJ doing to my links? Part 3

Expect this post to be update through the day as I find out more and come up with a good summary.

ETA: No good summary, but I feel like I should say code got taken down, etc etc, business as usual.
Comments 
4th-Mar-2010 10:40 pm (UTC)
Several things that were *not* intended behaviors of this script have been brought to our attention. We'll be removing it, but I'm not sure when (it requires a code push, so that timing is still being worked out).

(no subject) - sundayave - 2010-03-05 01:49 am (UTC)
(no subject) - foxfirefey - 2010-03-05 01:56 am (UTC)
(no subject) - sundayave - 2010-03-05 01:58 am (UTC)
(no subject) - foxfirefey - 2010-03-05 02:04 am (UTC)
(no subject) - phaetonschariot - 2010-03-05 04:04 am (UTC)
(no subject) - elisa_rolle - 2010-03-05 01:54 pm (UTC)
(no subject) - shatterstripes - 2010-03-05 11:49 pm (UTC)
(no subject) - elisa_rolle - 2010-03-06 08:18 am (UTC)
(no subject) - desh - 2010-03-04 10:51 pm (UTC)
(no subject) - foxfirefey - 2010-03-04 10:53 pm (UTC)
(no subject) - platypus - 2010-03-04 11:01 pm (UTC)
(no subject) - marta - 2010-03-04 11:24 pm (UTC)
(no subject) - foxfirefey - 2010-03-04 11:31 pm (UTC)
(no subject) - marta - 2010-03-04 11:36 pm (UTC)
(no subject) - shatterstripes - 2010-03-04 11:46 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 12:06 am (UTC)
(no subject) - shatterstripes - 2010-03-05 12:13 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:44 am (UTC)
(no subject) - shatterstripes - 2010-03-05 12:50 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:53 am (UTC)
(no subject) - zibblsnrt - 2010-03-05 03:39 am (UTC)
(no subject) - enotsola - 2010-03-05 09:00 am (UTC)
(no subject) - fengi - 2010-03-05 02:13 pm (UTC)
(no subject) - jenk - 2010-03-05 04:20 am (UTC)
gashing found - hep - 2010-03-05 05:28 pm (UTC)
(no subject) - barberio - 2010-03-04 11:47 pm (UTC)
(no subject) - sundayave - 2010-03-05 02:22 am (UTC)
(no subject) - eriscontrol - 2010-03-05 03:10 am (UTC)
(no subject) - barberio - 2010-03-04 11:55 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 12:03 am (UTC)
(no subject) - barberio - 2010-03-05 12:07 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:35 am (UTC)
(no subject) - shatterstripes - 2010-03-05 12:19 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:25 am (UTC)
(no subject) - celestineangel - 2010-03-05 01:26 am (UTC)
(no subject) - foxfirefey - 2010-03-05 01:29 am (UTC)
(no subject) - celestineangel - 2010-03-05 01:30 am (UTC)
(no subject) - foxfirefey - 2010-03-05 01:33 am (UTC)
(no subject) - celestineangel - 2010-03-05 01:41 am (UTC)
NoScript will help - keristor - 2010-03-05 10:12 am (UTC)
(no subject) - flwyd - 2010-05-22 10:29 pm (UTC)
(no subject) - arethinn - 2010-03-05 01:56 am (UTC)
(no subject) - foxfirefey - 2010-03-05 02:02 am (UTC)
(no subject) - arethinn - 2010-03-05 02:10 am (UTC)
(no subject) - raccoonteur - 2010-03-05 04:16 pm (UTC)
(no subject) - hep - 2010-03-05 05:21 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 05:29 pm (UTC)
(no subject) - arethinn - 2010-03-05 08:04 pm (UTC)
(no subject) - mskala - 2010-03-06 02:57 pm (UTC)
(no subject) - eruditeviking - 2010-03-05 03:21 am (UTC)
(no subject) - foxfirefey - 2010-03-05 03:22 am (UTC)
(no subject) - eruditeviking - 2010-03-12 02:52 am (UTC)
(no subject) - trixieleitz - 2010-03-12 03:50 am (UTC)
(no subject) - jenk - 2010-03-05 04:11 am (UTC)
(no subject) - elisa_rolle - 2010-03-05 01:56 pm (UTC)
(no subject) - jibb - 2010-03-09 03:33 am (UTC)
4th-Mar-2010 11:21 pm (UTC)
This just blows my mind. Why in the world would they think that is okay? Definitely wondering what the original intention of the script would be.
5th-Mar-2010 12:17 pm (UTC)
Is there a copy of the script as-was that the collective geek hive-mind can pull apart?
(no subject) - ryf - 2010-03-05 01:32 pm (UTC)
(no subject) - pseudomonas - 2010-03-05 02:49 pm (UTC)
5th-Mar-2010 12:10 am (UTC)
Have I mentioned lately how much I love Dreamwidth :)
5th-Mar-2010 12:22 am (UTC)
So, what do we need to enter into Adblock Plus to kill this thing?
(no subject) - tiferet - 2010-03-05 12:34 am (UTC)
(no subject) - thnidu - 2010-03-05 01:37 am (UTC)
(no subject) - phaetonschariot - 2010-03-05 04:06 am (UTC)
(no subject) - eriscontrol - 2010-03-05 03:13 am (UTC)
5th-Mar-2010 01:45 am (UTC)
I wonder what the Livejournal Advisory Board said about this. Does it still exist?
5th-Mar-2010 01:48 am (UTC)
A rep posted about it recently:

http://kylecassidy.livejournal.com/585577.html?format=light

And yeah, apparently the script has been gutted of all code.

Edited at 2010-03-05 01:49 am (UTC)
(no subject) - adnar_el - 2010-03-05 01:52 am (UTC)
(no subject) - mskala - 2010-03-05 02:15 am (UTC)
(no subject) - hep - 2010-03-05 05:27 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 05:34 pm (UTC)
(no subject) - hep - 2010-03-05 05:42 pm (UTC)
(no subject) - mskala - 2010-03-05 05:59 pm (UTC)
(no subject) - hep - 2010-03-05 06:06 pm (UTC)
(no subject) - mskala - 2010-03-05 06:19 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 06:16 pm (UTC)
(no subject) - hep - 2010-03-05 06:40 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 07:48 pm (UTC)
(no subject) - mskala - 2010-03-05 05:50 pm (UTC)
(no subject) - hep - 2010-03-05 05:59 pm (UTC)
(no subject) - mskala - 2010-03-05 06:04 pm (UTC)
(no subject) - hep - 2010-03-05 06:10 pm (UTC)
(no subject) - anti_aol - 2010-03-06 02:56 am (UTC)
(no subject) - foxfirefey - 2010-03-06 03:21 am (UTC)
(no subject) - anti_aol - 2010-03-06 03:53 am (UTC)
(no subject) - adnar_el - 2010-03-06 03:24 am (UTC)
(no subject) - foxfirefey - 2010-03-06 03:27 am (UTC)
(no subject) - adnar_el - 2010-03-06 04:14 am (UTC)
(no subject) - foxfirefey - 2010-03-07 08:33 am (UTC)
(no subject) - brookiki - 2010-03-06 05:00 am (UTC)
5th-Mar-2010 10:35 am (UTC) - *Growl*
Just when I was considering sticking the occasional blog post up here again...

As far as I understand it, there's sites that'll give you cookies if you refer people to them. (Like, "I just bought this great book at WeSellBooks.com" and this is the link...) and if you stick a number in, then WeSellBooks.com will know it's you and hand you a cookie.

LiveJournal wants a cookie, too.

So they remove your number and substitute their own. Hence, they get a cookie and you don't. So their script stole your cookie. The intended behaviour was to add their number to the list of cookie-worthy people, presumably so you wouldn't mail WeSellBooks.com going "Where's my cookie, bitch?"

They screwed up.

As I understand it, their Javascript changes the behaviour of your browser from "Follow this link", to "Follow this other link instead, modify the original slightly, then follow it." Words cannot express my loathing of this technique. For them to modify links in situ while even faking the link indicator in your browser when you hover over it, is pure and undiluted evil. Malware sites do this. Attack sites do this. And now LJ does it. Just what piece of excrement in LJ management decided this was a good idea, we'll never know.

Now all I was intending to post here was a few links to my fun and entertaining WoWfic (no link - it's up at wow_ladies if you want it). Which uses no affiliate links and is as static as HTML gets. No ads, no nothing. Terribly uncool URL with a ~ in, but that's a small price to pay for not having your stuff interfered with.

I probably still will go ahead and post weekly links, but I'll be watching them like a hawk and if I see anything strange happen, like, oh, Javascript appearing in my web pages where no Javascript should be... I'm out of here. Again. Damn it.
5th-Mar-2010 03:20 pm (UTC) - Re: *Growl*
"As far as I understand it, there's sites that'll give you cookies if you refer people to them."

"Cookie" may not be the best term for this because it has a very different technical meaning in the context of the Web. What these sites generally give you is money.
Re: *Growl* - flexor - 2010-03-05 06:55 pm (UTC)
Re: *Growl* - foxfirefey - 2010-03-05 07:52 pm (UTC)
Re: *Growl* - mskala - 2010-03-05 08:30 pm (UTC)
Re: *Growl* - foxfirefey - 2010-03-05 08:52 pm (UTC)
Re: *Growl* - brookiki - 2010-03-06 05:13 am (UTC)
5th-Mar-2010 04:50 pm (UTC)
I have a theory (and considering what happened, maybe it's neither so strange): mine was the first support request to LiveJournal

http://www.livejournal.com/support/see_request.bml?id=1046745

they were so good in making me believe that it was a spyware problem from my side (!), and maybe helped in this by a bad past experience with Amazon, that I wrote to the support center for the Amazon Associate.

I gave to them (Amazon), my Associate ID and the Associate ID "5336432744-20" of who was stealing my referral fees. Now I have no way to know the name behind "5336432744-20" and neither I have a way to see how many referral fees he is doing, but Amazon can, and he knows who "5336432744-20" is... so what if Amazon, after my request, and maybe other similar requests, noticed that suddenly "5336432744-20" was making a lot of money? and what if Amazon maybe wrote to "5336432744-20" asking why suddenly all the links of a lot of Associates were redirecting to him?

For once I don't believe that LiveJournal changed its code since we asked him to do that, I think they changed the code since, for mistake or with intention, they realized that what they were doing was not legal.

Now, I'd like from LiveJournal that they declared how many money they did in the last month (with Amazon they can know that, it's one of the report Amazon gives to the Associate) and use that money to refund the people they damaged. They know who they are, I suppose there are a lot of open support request.
5th-Mar-2010 10:28 pm (UTC) - Syndicated feed accounts
I read a number of bookbloggers. Many of them post affiliate links. Other bloggers post charity affiliate codes &c.

Being skint, haven't personally bought anything recently, but I'm guessing others have.

It's not just LJ users that have lost out, it's bookbloggers who's feeds are syndicated here. Some of these people won't even know of the existence of the syndication.

Explaining to some bloggers that an LJ feed is just like a Google Reader pickup is hard enough as it is, this pretty much tips it over the edge.

I cannot believe they did this without testing it to make sure it worked as advertised.
5th-Mar-2010 10:31 pm (UTC) - Re: Syndicated feed accounts
You're right, I didn't even think about that!
Re: Syndicated feed accounts - matgb - 2010-03-05 10:41 pm (UTC)
6th-Mar-2010 11:56 pm (UTC)
Some of the commentary I've seen has wondered if the opt-out was deliberately included as part of the present code, and therefore indicates something more sinister about it. I've finally managed to track down this and related pages, which indicate that the opt-out was there long ago.

Also, I (and probably many others) had set the opt-out way back when and forgotten about it. So those munged links would have looked fine to Support volunteers looking at the relevant requests, if they had also set and forgotten the opt-out. That would have hampered the investigation as well, especially if no-one involved knew about the hinky code.

None of which excuses the whole stinking mess, but it might go some way to clarifying a couple of details :)
7th-Mar-2010 12:19 am (UTC)
Yeah, that sounds like a good explanation. I don't the Support volunteers got notified about this change to the code base, either, and it didn't show up in changelog or anything.
28th-Mar-2010 06:01 pm (UTC)
I don't have the time to investigate more, but I've just noticed something new which screams "shady" to me.

I use Opera, have a permanent account. And yet, some entries that I've opened today (in paid journals) execute a script that makes the browser go through a wd.sharethis.com link (it appears in the browser's back button history) via a googleadservices.com link. (The latter appears in my browser's history.)

I've never used the "Share this!" javascript link that has replaced "tell a friend". I don't think it's right that I should be made to visit googleadservices.

I don't know if this is another case of a script doing what it wasn't supposed to, an Opera bug or what. I was hoping to enlist specialised web detectives like you for this. ;)

One possibility is that I came to those paid journals via a plus community, but now that I've blocked those sites I see this page trying to reload too (and failing because of blockages), and I can't imagine something less "plus" than this community.
28th-Mar-2010 08:59 pm (UTC)
I think the Share This javascript interacts badly with Opera--I've seen support requests come up about it before. I think you should report to Support, so they know what's going on at least--they haven't been able to replicate it, but you are not the only person it is happening to:

http://news.livejournal.com/123520.html?thread=81843328&format=light#t81843328
30th-Apr-2010 07:55 am (UTC) - For people who are tired of LJ stunts like this
Please feel free to contact me for an Inksome journal creation code.
30th-Apr-2010 08:52 am (UTC) - Re: For people who are tired of LJ stunts like this
Although prospective Inksome members should read this beforehand.
This page was loaded Dec 14th 2017, 8:57 pm GMT.