Log in

No account? Create an account
No Opt In, No Ads
Fueling the resistance
Hijacking affiliate links 
4th-Mar-2010 02:32 pm - Hijacking affiliate links
Skittish Eclipse
I've been given a heads up that has done some excellent sleuthing and investigation into hijacked LJ affiliate links:

What is LJ doing to my links?
What is LJ doing to my links? Part 2
What is LJ doing to my links? Part 3

Expect this post to be update through the day as I find out more and come up with a good summary.

ETA: No good summary, but I feel like I should say code got taken down, etc etc, business as usual.
4th-Mar-2010 11:24 pm (UTC)
As far as I am aware, we knew it would make us an affiliate. It wasn't supposed to override anyone's affiliate links ( if it did, we'd have a way to make it not do that, however, I don't know more than that).

Additionally, it wasn't supposed to change anyone's links or get caught up on loading (there were reports of a script not responding, and I believe this was one).

4th-Mar-2010 11:31 pm (UTC)
"As far as I am aware, we knew it would make us an affiliate...Additionally, it wasn't supposed to change anyone's links"

Since these two statements are kind of at odds with each other, I'm going to try and clarify what I think you might mean--I think what you mean is it was supposed to add an affiliate ID onto non-affiliated links, and not redirect people through a third party site on the way?
4th-Mar-2010 11:36 pm (UTC)
Yes - not having been in those discussions, that's the best I can explain it. We were told initially that if we got in reports that it had overridden someone's link we'd be provided a way to remove ours. I'm not 100% clear on whether it was known that that would happen for sure or if it was a contingency or how it worked.

However, we'd not been given that ability, nor help troubleshooting the loading issues, as far as I know, so we got permission yesterday to just pull it down. After that was when we discovered it redirected links, as some people have mentioned, so we're not going to continue to use this service.
4th-Mar-2010 11:46 pm (UTC)
What's going to be done about lost revenues for everyone who had affiliate links replaced?

And the loss of trust for yet another sneaky code push that treats all users, paid and ad-supported alike, as something to be farmed out rather than as customers?
(no subject) - foxfirefey - 2010-03-05 12:06 am (UTC)
(no subject) - shatterstripes - 2010-03-05 12:13 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:44 am (UTC)
(no subject) - shatterstripes - 2010-03-05 12:50 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:53 am (UTC)
(no subject) - Anonymous - 2010-03-05 03:39 am (UTC)
(no subject) - enotsola - 2010-03-05 09:00 am (UTC)
(no subject) - fengi - 2010-03-05 02:13 pm (UTC)
(no subject) - jenk - 2010-03-05 04:20 am (UTC)
gashing found - hep - 2010-03-05 05:28 pm (UTC)
4th-Mar-2010 11:47 pm (UTC)
Um... Let me get this straight.

LJ accepted third party code onto the site. That monitored outbound links from people's journals, that information handed over to a third party. Then those links were altered to direct referral income to that third party. Said third party promising LJ they would correct any issues where someone's link might be overridden. LJ I assume were getting a cut of referral money. LJ also declined to tell it's customers that this was going to happen.

But it's okay, because they're removing the code now?
(no subject) - sundayave - 2010-03-05 02:22 am (UTC)
(no subject) - eriscontrol - 2010-03-05 03:10 am (UTC)
4th-Mar-2010 11:55 pm (UTC)
Also, I want to go into why this was... so so so so so so so so so so stupid.

This was an obscufated blob of javascript code apparently included on *all* LJ served pages. One that was evidently not reviewed by anyone competent enough to examine it before it went live. On a major website. To millions of people.

The guy who made that decision has been given an incorrect level of authority.

This thing could have been so much more malicious. It could have been skimming passwords for all LJ knew. It could have been skimming *credit card numbers*.
(no subject) - foxfirefey - 2010-03-05 12:03 am (UTC)
(no subject) - barberio - 2010-03-05 12:07 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:35 am (UTC)
(no subject) - shatterstripes - 2010-03-05 12:19 am (UTC)
(no subject) - foxfirefey - 2010-03-05 12:25 am (UTC)
5th-Mar-2010 01:26 am (UTC)
so we're not going to continue to use this service.

Would it be too much to hope that LJ won't be using any script that isn't theirs from now on?
(no subject) - foxfirefey - 2010-03-05 01:29 am (UTC)
(no subject) - celestineangel - 2010-03-05 01:30 am (UTC)
(no subject) - foxfirefey - 2010-03-05 01:33 am (UTC)
(no subject) - celestineangel - 2010-03-05 01:41 am (UTC)
NoScript will help - keristor - 2010-03-05 10:12 am (UTC)
22nd-May-2010 10:29 pm (UTC)
so we're not going to continue to use this service.

I'm a little late to the party. I didn't notice this happening in early March, but I recently noticed a lot of weird browser behavior on my friends list[1], with "Contacting outboundlink.net" regularly showing up in my status bar. So it appears LJ has decided to use this service again.

I found several posts suggesting running set opt_exclude_stats 1 through the admin console and that seems to do the trick. But there's no user-friendly way to opt out.

I don't see any note on news or lj_releases announcing that LiveJournal would start rewriting links. I've been a paid user of LiveJournal for 8-ish years because I think it's a great service and I'm happy to support its operation through money rather than having advertising foisted upon me and my journal's readers. Rewriting links to provide revenue feels a lot like advertising and it leads to a degraded user experience with no upside to the user. I feel such a change should at least be accompanied with an announcement and a way for paid users to opt out. Can we get an explanation?
5th-Mar-2010 01:56 am (UTC)
So, hang on. It was supposed to take a link with no affiliate info, and add LiveJournal's? For what purpose? If I were to post a link to some Amazon item or something (I do not have affiliation set up, so it would be a "naked" link), and someone clicked on the link and bought the item, LJ would have gotten affiliate credit??
5th-Mar-2010 02:02 am (UTC)
Well, er, for the purpose of making LJ money.
5th-Mar-2010 02:10 am (UTC)
Sorry, I should have specified: for what legitimate, above-board purpose. :P

Stepping in and snatching affiliate credit just because there wasn't any there already is Not Okay. Yarr.
(no subject) - raccoonteur - 2010-03-05 04:16 pm (UTC)
(no subject) - hep - 2010-03-05 05:21 pm (UTC)
(no subject) - foxfirefey - 2010-03-05 05:29 pm (UTC)
(no subject) - arethinn - 2010-03-05 08:04 pm (UTC)
(no subject) - mskala - 2010-03-06 02:57 pm (UTC)
5th-Mar-2010 03:21 am (UTC)
I'm not sure if I'm seeing the residual problems with this or not, I'm not a code jockey, but in the last month I'm having increasing problems trying to even log in. The ads and other programs that are flipping our my firewall are locking up the screen preventing me from logging in without hitting the refresh button to throw the java script off my page. It's getting VERY annoying.
12th-Mar-2010 02:52 am (UTC)
It's the flash particularly with some of the ads that's causing the problems. It's worse with some ads, I think H&R block was one of them. I've turned off my flash player (easy to do on Opera) and the problem stops instantly.
(no subject) - trixieleitz - 2010-03-12 03:50 am (UTC)
5th-Mar-2010 04:11 am (UTC)
I don't suppose y'all are hiring software testers? Because this should've been easy to find in testing.
This page was loaded Apr 21st 2018, 9:04 pm GMT.