halloween, witch, want an apple?

A nice cup of rabies

Rantings with occasional art.

Previous Entry Share Next Entry
What is LJ doing to my links?
SHODAN, glare
shatterstripes
Edit, the next day: LJ has said that the code doing this affiliate link fuzzling has been displaying "several unintended behaviors" and they're in the process of pulling it. So if you get nothing now, this is probably why. They've still lost a lot of what little trust I still had in them for doing this so stealthily in the first place.

Lately I've started to notice that every now and then, a link I'll click on in my friends page redirects through outboundlink.net.

For instance, jirris_midvale just posted a link to a Furbuy auction he's doing:
http://www.furbuy.com/auctions/1015216.html

Now, if you hover over that link, you'll see that it seems to go exactly where it says it will. But if you click on it, you end up going to this lengthy link on 'outboundlink.net' with an ID and the page you were on - and it'll forcibly open in a new window, too.

Some digging revealed that this is happening because LJ is including this on every page it generates:

<script src = "http://l-stat.livejournal.com/js/pagestats/dRev.js" type="text/javascript"></script>
<script language = "JavaScript" type = "text/javascript" >
var DR_id = '1111'; // Is this a real ID or we'll be asked to change it? :)
DrivingRevenue();
</script>


The Javascript is a big mess of obfuscated, packed code. A little Googling showed me how to reverse this packing; some further cursory hacking showed me that it seems to redirecting any link whose end matches this list through outboundlink.net:

ebay.com
amazon.com
ebay.co.uk
ebay.ca
newegg.com
cars.com
geeks.com
musiciansfriend.com
bestbuy.com
edmunds.com
sears.com
tigerdirect.com
bodybuilding.com
ebay.fr
auctionads.com
shoppingads.com
jcwhitney.com
autoanything.com
autopartswarehouse.com
motorcycle-superstore.com
buy.com
batteries.com
4wheelparts.com
carfax.com
jr.com
vanns.com
amazon.co.uk
bikebandit.com
motosport.com
ebags.com
itunes.apple.com
godaddy.com
dell.com
overstock.com
4wd.com
autobarn.net
guitarcenter.com
compusa.com
6ave.com
etronics.com
partstore.com
emusic.com
music123.com
ticketmaster.com
meritline.com
mwave.com
skype.com
abt.com
zappos.com
ritzcamera.com
borders.com
officedepot.com
autosportcatalog.com
sedo.com
zipzoomfly.com
www.web.com
onsale.com
hotels.com
pcconnection.com
streetsideauto.com
macmall.com
thenerds.net
advanceautoparts.com
ecost.com
hammacher.com
autopartsgiant.com
abesofmaine.com
drugstore.com
gnc.com
1and1.com
networksolutions.com
fandango.com
all-battery.com
amazon.ca
bhphotovideo.com
dotster.com
borders.com
drivingcomfort.com
ebay.com.au
ebay.ie
ebay.de
ebay.es
ebay.nl
ebay.at
ebay.be
ebay.ch
ebay.it
finishline.com
leasetrader.com
macconnection.com
officemax.com
peapod.com
pcmall.com
stubhub.com
travelocity.com
orbitz.com
discountperformanceautoparts.com
performance4trucks.com
priceline.com
paintball-online.com
wineenthusiast.com
americanmuscle.com
jegs.com
summitracing.com
shoemall.com
www.fye.com
1800petmeds.com
autoparts123.com
blinds.com
dell.ca
magazines.com
store.nascar.com
petsmart.com
shop.sirius.com
cycle-parts.com
hmhd.com
allthingsjeep.com
autopartsnerd.com
eforcity.com
onecall.com
pcuniverse.com
activemusician.com
allbikesupershop.com
kmart.com
realhog.com
target.com
autogeek.net
sheetmusicplus.com
partsgeek.com
dvdplanet.com
shopping.hp.com
andysautosport.com
jafrum.com
cdwow.com
euro.dell.com
novatech.co.uk
tesco.com
misco.co.uk
play.com
johnlewis.com
tvcables.co.uk
comet.co.uk
dixons.co.uk
pcworld.co.uk
digitalempireonline.co.uk
rapidonline.com
meshcomputers.com
sharp.co.uk
currys.co.uk
electricaldiscountuk.co.uk
mymemory.co.uk
digitaldirectuk.com
ajelectronics.co.uk
microdirect.co.uk
7dayshop.com
advancedmp3players.co.uk
be-direct.co.uk
hifibitz.co.uk

I can't tell what outboundlink.net may be doing to the link because it's not responding right now - this is why I really noticed it and stopped to investigate it. There's nothing there for humans to see, the WHOIS information just points to godaddy, and Google turns up next to nothing except for people on cosplay.com's forums wondering... why are links from LJ to that site going through outboundlink.net?

My immediate reaction is: What the fuck, LJ? When did you slip this in? Who in outboundlink.net and what are they doing to our links for you? Are they just tracking or are they doing more? The fact that the main function is named "drivingRevenue" does not exactly lead me to believe this is just tracking!

They're doing this to everyone, paid and free users alike. I watch the LJ news communities and I do not recall hearing anything about them doing things like this to links. This is not making me happy to see.

Why are they doing this via this stealthy obfuscated Javascript instead of being upfront and altering all the links they serve? Metafilter, for instance, alters all Amazon links in posts and comments by adding their own affiliate code - in the HTML, so it shows up when you mouse over it. They're not going to great lengths to hide what they're doing. LJ, on the other hand, is tracking and whoknowswhatting all your money-making links in this furtive manner.

I'm blocking this "dRev" script, myself. And Dreamwidth is looking that much better.

If anyone wants to investigate this further, please do! I'll be getting on a plane soon, so I don't really have time to dig around - though I may try to deobfuscate the script on the plane so I can see what the fuck it's doing. Or I might just kick back and read instead.




Edit: Okay, this might be the services of one drivingrevenue.com, and it could be just used to help serve ads. But why the hell is this shit showing up on my pages and making links intermittently pop up in new windows? I'm paying money to LJ to not have ads on my journal, and having this script show up - especially with the fact that its primary selling point is "hack your affiliate link onto everywhere" - feels like it's right on the edge of breaking that trust, if not over it.




TL,DR: Livejournal is using sneaky Javascript to pass a lot of e-commerce links on everyone's journals through a mysterious tracking site, and forcing them to open in a new window to boot.

edit: It's also putting its own affiliate link in; see my followup.

edit: For more of what I figured out, see the drivingrevenue.net tag. Also since this bit of code-sleuthing is getting linked all over, hello, LJ! I'm normally an artist, who's doing this today instead of getting back to work on her dirty webcomic [NSFW].

Edit, much later: Comments locked because spambots love ths post.

Page 1 of 2
<<[1] [2] >>

Found googling "outboundlink dRev.js"

krdbuni

2010-03-03 04:30 pm (UTC)

http://www.drivingrevenue.com/affiliatevb.php

Looks like LiveJournal's trying to force folks through an affiliate program to pick up some extra money for user behavior.
(Frozen) (Thread)

Found googling "outboundlink dRev.js"

krdbuni

2010-03-03 04:32 pm (UTC)

(Frozen) (Thread)

Re: Found googling "outboundlink dRev.js"

shatterstripes

2010-03-03 04:44 pm (UTC)

If I had an affiliate link to anywhere I'd try to post it and see what outboundlink.net does to it…

I also wonder at the "Is this a real ID or will we be asked to change it?" comment. Could be that they're not doing anything yet because it's still being set up.
(Frozen) (Parent) (Thread)

I'm blocking this "dRev" script, myself.

Would you be willing to share how you're doing this?
(Frozen) (Thread)

I'm already using GlimmerBlocker to kill ads. I went to the 'filters' pane of its prefs and added a new rule in the 'My filters' list: block, host is "l-stat.livejournal.com", path is "/js/pagestats/dRev.js".

For Macs using other ad-blockers, or other systems, do whatever's appropriate to block either ""l-stat.livejournal.com/js/pagestats/dRev.js" to nuke it just on LJ, or, presumably, "dRev.js" to nuke it everywhere.

Edited at 2010-03-03 04:46 pm (UTC)
(Frozen) (Parent) (Thread) (Expand)

Dreamwidth sounds more appealing by the day!
(Frozen) (Thread) (Expand)

At present, my only problem with Dreamwidth is technical, which is a shame. Its authentication technology isn't cross-compatible with whatever I'm using for my RSS feed, so I can't get my friends-locked posts in Google Reader with it. At least, not that I've tried.
(Frozen) (Parent) (Thread) (Expand)

ugh yeah... i'd noticed this when someone linked to http://www.crittersbythebay.com which redirected to eBay via "outboundlink". Thanks for the heads up...
(Frozen) (Thread)

*checks* Oooh, awesome. The outboundlink back-end is stupid and breaks links, too! Yeah, this needs to diiiieeeee.
(Frozen) (Parent) (Thread)

Wow, that seriously blows. :|
(Frozen) (Thread)

I couldn't get this to happen via Firefox, whether I was logged in or not. I started to wonder if maybe the brief redirect was simply happening too fast for me to notice, but when I tried doing it in IE, it was entirely noticeable.
(Frozen) (Thread) (Expand)

Yup. I'm looking at the source for the same LJ page in both IE and FF. The source from IE has extra code on the bottom that references the script you revealed here. The source from FF is missing that extra bit, and has no references to such a script at all.
(Frozen) (Parent) (Thread) (Expand)

Hm...I can't get this to occur for me for whatever reason. Either they are testing it only on certain accounts or my ad-blockers are somehow catching it and routing things correctly.

Seriously though, wtf. Paid accounts shouldn't have to deal with any of this sort of crap.
(Frozen) (Thread)

Yeah, me either. I've not installed any ad-blockers, other than what comes with Firefox by default.
(Frozen) (Parent) (Thread)

Dreamwidth is looking that much better.

This So fucking this. I've been there for a while with the username of "electrickeet", and they've not yet sucked even remotely as much as LJ has because they're honest about how they do everything. The things that LJ's taken back because of user outrage? These things just don't even happen on DW because they actually have some goddamned morals over there.
(Frozen) (Thread)

I've noticed this too and it's quite bothering. Especially because on some comms it seems to be broken and I'll click a link and it'll cycle through outboundlink and open up the page I was just on in a new window instead of the link. I've been having to copy and paste links from that one comm. Not cool. >:[
(Frozen) (Thread)

ysengrin linked to this post.

It has already been pointed out that this is related to http://www.drivingrevenue.com. And according to http://www.domaintools.com/reverse-ip/?hostname=outboundlink.net the IP address that hosts outboundlink.net also hosts http://www.jbrlsr.com and http://www.sciencerevenue.com.
(Frozen) (Thread)

The same IP address also hosts drivingrevenue.com according to domaintools! I think that's enough correlation to say that this is drivingrevenue...
(Frozen) (Parent) (Thread)

Hey, I was just wondering where I was going to get my daily dose of Utter Hatred For Advertising from today! This was a good post and thread; +1 (Informative). Have ka-blocked the js in question via ABP, which hopefully will take care of it for now.
(Frozen) (Thread)

Is this actually done with Livejournal's permission, or is it an attack? I haven't read enough of the ancillary information to tell.
(Frozen) (Thread)

99% sure it's with LJ's deliberate cooperation, as you can make it stop by going to the (obscure) LJ text console and entering a command. I doubt an external hacker would have bothered with that detail.
(Frozen) (Parent) (Thread)

At the risk of becoming ostracized, has anyone gone to LiveJournal with this, or are we all choosing to accept assumptions as truth and not investigating any further?
(Frozen) (Thread) (Expand)

I dropped a comment on the latest entries in news and lj_releases. No response yet. Then I had a plane to catch.

I'm not making any assumptions; I'm just saying "hey there's this bit of Javascript that seems to be coming from LJ that fucks with the links for e-commerce sites and does its business in ways that raise warning flags, what the fuck?".
(Frozen) (Parent) (Thread) (Expand)

Here's a test of an affiliate link.

When I was in New Orleans, I bought a copy of Pynchon's latest, Inherent Vice.
(Frozen) (Thread)

Here's a test of an eBay link. Wanna buy a Nexus One for more than Google s selling them for? This is your chance!
(Frozen) (Parent) (Thread)

Tested using Firefox 3.5.4 (Iceweasel), parmament account.

Logged in, using default UserAgent and IE UserAgent: No outboundlink.net
Logged out, using default UserAgent and IE UserAgent: Links are redirected via outboundlink.net

In my case, it doesn't happen if I'm logged in, only if I'm logged out.

I'm fine with this. It's fair to do revenue generation on non-paying users, IMO.
(Frozen) (Thread)

I'm a paid user too. I see it. I assume you don't see it when logged in because you did the "opt out of link tracking" admin command some people have turned up.

Also it's shearing off any affiliate ID I may have used and substituting its own… not good.
(Frozen) (Parent) (Thread) (Expand)

well, this is kind of a kick in the pants to do something i've been meaning to for a while -- go through and edit my past lazy amazon &so forth links to drive business towards my local guys and indies like powells instead. i don't have any affiliate links myself, so that's not an issue for me, but going back through all my entries will take a while. :/
(Frozen) (Thread)

This was excellent sleuthing and you're my main source for my post on no_lj_ads.

Edited at 2010-03-05 02:41 am (UTC)
(Frozen) (Thread)

Annoying workaround, but if you use a URL-shortening service like bit.ly, snipurl.com, or tinyurl.com, it can't strip the affiliate tag from the URL. I'll be doing that until this is fixed.
(Frozen) (Thread)

Clever, though I hate short URLs enough that I wonder if the disease is worse than the cure in this case!
(Frozen) (Parent) (Thread) (Expand)

Thank-you for the breakdown. Very useful.
(Frozen) (Thread)

I must be missing something. I don't get any redirects.

In fact, I loaded up the dRev.js directly into my browser...and got this:

/* this code is removed until we can get it off all our pages */

Hmm, I wonder, is LJ in the process of removing this "feature?"
(Frozen) (Thread)

Yes, they are. Huzzah!
(Frozen) (Parent) (Thread)

Excellent sleuthing!!

And, um . . . followed your link, LOVE your dirty webcomic, am looking forward to the next chapter being posted!! :D :D :D

-- A ^__^
(Frozen) (Thread)

5glasses is the LJ feed. If you're cool with having pages of a dirty comic show up uncut in your friends page in a month or two. *grin*
(Frozen) (Parent) (Thread) (Expand)

Sounds like it's been totally removed by now. A link of mine that was misbehaving ten hours ago, no longer is.
(Frozen) (Thread)

Nope - I'm still not able to get manage entries to work at all currently as my firefox addon (nojs) has outboundlink.com blocked. They've obviously missed bits of code if indeed they've taken it out at all. Grrr!
(Frozen) (Parent) (Thread) (Expand)

I got here through a google search, mysteriously enough, but I'm glad I'm not the only person noticing it. It seems to have been making page loading slower, and I don't appreciate it. I'll be checking out your tag to see what else you've seen, and I very much appreciate you doing some sleuthing work on this!
(Frozen) (Thread)

Page 1 of 2
<<[1] [2] >>