shatterstripes

Edit, the next day: LJ has said that the code doing this affiliate link fuzzling has been displaying "several unintended behaviors" and they're in the process of pulling it. So if you get nothing now, this is probably why. They've still lost a lot of what little trust I still had in them for doing this so stealthily in the first place.

Lately I've started to notice that every now and then, a link I'll click on in my friends page redirects through outboundlink.net.

For instance, jirris_midvale just posted a link to a Furbuy auction he's doing:
http://www.furbuy.com/auctions/1015216.html

Now, if you hover over that link, you'll see that it seems to go exactly where it says it will. But if you click on it, you end up going to this lengthy link on 'outboundlink.net' with an ID and the page you were on - and it'll forcibly open in a new window, too.

Some digging revealed that this is happening because LJ is including this on every page it generates:

<script src = "http://l-stat.livejournal.com/js/pagestats/dRev.js" type="text/javascript"></script>
<script language = "JavaScript" type = "text/javascript" >
var DR_id = '1111'; // Is this a real ID or we'll be asked to change it? :)
DrivingRevenue();
</script>

The Javascript is a big mess of obfuscated, packed code. A little Googling showed me how to reverse this packing; some further cursory hacking showed me that it seems to redirecting any link whose end matches this list through outboundlink.net:

ebay.com
amazon.com
ebay.co.uk
ebay.ca
newegg.com
cars.com
geeks.com
musiciansfriend.com
bestbuy.com
edmunds.com
sears.com
tigerdirect.com
bodybuilding.com
ebay.fr
auctionads.com
shoppingads.com
jcwhitney.com
autoanything.com
autopartswarehouse.com
motorcycle-superstore.com
buy.com
batteries.com
4wheelparts.com
carfax.com
jr.com
vanns.com
amazon.co.uk
bikebandit.com
motosport.com
ebags.com
itunes.apple.com
godaddy.com
dell.com
overstock.com
4wd.com
autobarn.net
guitarcenter.com
compusa.com
6ave.com
etronics.com
partstore.com
emusic.com
music123.com
ticketmaster.com
meritline.com
mwave.com
skype.com
abt.com
zappos.com
ritzcamera.com
borders.com
officedepot.com
autosportcatalog.com
sedo.com
zipzoomfly.com
www.web.com
onsale.com
hotels.com
pcconnection.com
streetsideauto.com
macmall.com
thenerds.net
advanceautoparts.com
ecost.com
hammacher.com
autopartsgiant.com
abesofmaine.com
drugstore.com
gnc.com
1and1.com
networksolutions.com
fandango.com
all-battery.com
amazon.ca
bhphotovideo.com
dotster.com
borders.com
drivingcomfort.com
ebay.com.au
ebay.ie
ebay.de
ebay.es
ebay.nl
ebay.at
ebay.be
ebay.ch
ebay.it
finishline.com
leasetrader.com
macconnection.com
officemax.com
peapod.com
pcmall.com
stubhub.com
travelocity.com
orbitz.com
discountperformanceautoparts.com
performance4trucks.com
priceline.com
paintball-online.com
wineenthusiast.com
americanmuscle.com
jegs.com
summitracing.com
shoemall.com
www.fye.com
1800petmeds.com
autoparts123.com
blinds.com
dell.ca
magazines.com
store.nascar.com
petsmart.com
shop.sirius.com
cycle-parts.com
hmhd.com
allthingsjeep.com
autopartsnerd.com
eforcity.com
onecall.com
pcuniverse.com
activemusician.com
allbikesupershop.com
kmart.com
realhog.com
target.com
autogeek.net
sheetmusicplus.com
partsgeek.com
dvdplanet.com
shopping.hp.com
andysautosport.com
jafrum.com
cdwow.com
euro.dell.com
novatech.co.uk
tesco.com
misco.co.uk
play.com
johnlewis.com
tvcables.co.uk
comet.co.uk
dixons.co.uk
pcworld.co.uk
digitalempireonline.co.uk
rapidonline.com
meshcomputers.com
sharp.co.uk
currys.co.uk
electricaldiscountuk.co.uk
mymemory.co.uk
digitaldirectuk.com
ajelectronics.co.uk
microdirect.co.uk
7dayshop.com
advancedmp3players.co.uk
be-direct.co.uk
hifibitz.co.uk

I can't tell what outboundlink.net may be doing to the link because it's not responding right now - this is why I really noticed it and stopped to investigate it. There's nothing there for humans to see, the WHOIS information just points to godaddy, and Google turns up next to nothing except for people on cosplay.com's forums wondering... why are links from LJ to that site going through outboundlink.net?

My immediate reaction is: What the fuck, LJ? When did you slip this in? Who in outboundlink.net and what are they doing to our links for you? Are they just tracking or are they doing more? The fact that the main function is named "drivingRevenue" does not exactly lead me to believe this is just tracking!

They're doing this to everyone, paid and free users alike. I watch the LJ news communities and I do not recall hearing anything about them doing things like this to links. This is not making me happy to see.

Why are they doing this via this stealthy obfuscated Javascript instead of being upfront and altering all the links they serve? Metafilter, for instance, alters all Amazon links in posts and comments by adding their own affiliate code - in the HTML, so it shows up when you mouse over it. They're not going to great lengths to hide what they're doing. LJ, on the other hand, is tracking and whoknowswhatting all your money-making links in this furtive manner.

I'm blocking this "dRev" script, myself. And Dreamwidth is looking that much better.

If anyone wants to investigate this further, please do! I'll be getting on a plane soon, so I don't really have time to dig around - though I may try to deobfuscate the script on the plane so I can see what the fuck it's doing. Or I might just kick back and read instead.

---

Edit: Okay, this might be the services of one drivingrevenue.com, and it could be just used to help serve ads. But why the hell is this shit showing up on my pages and making links intermittently pop up in new windows? I'm paying money to LJ to not have ads on my journal, and having this script show up - especially with the fact that its primary selling point is "hack your affiliate link onto everywhere" - feels like it's right on the edge of breaking that trust, if not over it.

---

TL,DR: Livejournal is using sneaky Javascript to pass a lot of e-commerce links on everyone's journals through a mysterious tracking site, and forcing them to open in a new window to boot.

edit: It's also putting its own affiliate link in; see my followup.

edit: For more of what I figured out, see the drivingrevenue.net tag. Also since this bit of code-sleuthing is getting linked all over, hello, LJ! I'm normally an artist, who's doing this today instead of getting back to work on her dirty webcomic [NSFW].

Edit, much later: Comments locked because spambots love ths post.