pentacles, magic

A nice cup of rabies

Rantings with occasional art.

Previous Entry Add to Memories Share Next Entry
What is LJ doing to my links? Part 2
power cosmic, wtf?, kirby, galactina
shatterstripes
Alright, I've been fiddling around some more with this outboundlink.net stuff. I signed up for Amazon's affiliate program to see what this Javascript would do to an affiliate link.

While I was on vacation, I picked up a copy of Pynchon's latest book, Inherent Vice. It was much more in the vein of The Crying of Lot 49 than Mason & Dixon, ie, actually fun to read.

If you have the 'dRev.js' script blocked, you'll end up at a page on Amazon with "&tag=egypturna-20" as part of the URL.

If you're not blocking the 'dRev.js' script... you'll end up at the same page on Amazon, with "&tag=5336432744-20" as part of the URL instead.

Guess what the "&tag=something" is used for? Telling Amazon which affiliate account to give credit to. If you buy that book by clicking on that link (or, I think, something else if you keep wandering Amazon from there), I'm supposed to get a kickback. But now someone else gets it. Livejournal? outboundlink.net? Who knows? And this thing is firing on links to about 150 different e-commerce sites, like eBay, iTunes, Newegg, Borders, buy.com, and lllllots more.




This code is also sloppy; it will try to do its work on any link whose end matches something it wants to play with. So http://www.crittersbythebay.com gets turned into an outboundlink.net URL, which redirects to a rover.ebay.com link with "&campid=5336432744" in it (hey, that number sure looks familiar!), which then ends up on the front of eBay, presumably because it's not actually providing a valid item link or something.




This code is definitely being inserted by Livejournal. If you go do something with LJ's very obscure Admin Console it will stop showing up. I don't think someone sneaking this into LJ would be bothering to wire it to a switch like that.




TL;DR: dRev.js is not only tracking your e-commerce links; it is actively removing any affiliate IDs and substituting its own. This is not a malicious third party; this is something LJ is doing on their servers.

Also any link dRev.js works its "magic" on now opens in a new window, which is a behavior I really, really hate.

I opened a support request on this.

comments now locked on this old entry because spambots.

D: You are magical. Thank you for having the knowledge and taking the time. What a bunch of assholes.
(Frozen) (Thread)

It's a puzzle to solve! Especially since I spent a while the night before last looking from afar at people going down the rabbitholes of an ARG promoting Portal 2!
(Frozen) (Parent) (Thread)

Heh, I'm following that too. :)
(Frozen) (Parent) (Thread)

This is spectacularly fucked up.
(Frozen) (Thread)

I'm using Firefox under Ubuntu; I got the proper "&tag=egypturna-20" URL instead of the adulterated version.

Looks like that is, indeed, IE-specific so far, as the previous comments suggested.

Thanks for keeping us posted on this; yeah, it's pretty damned sleazy. It'd be one thing if LJ ANNOUNCED that they were doing this; heck, if they came right out and said "to increase our revenues and keep the service running, we're going to do this to all your commercial links, and we're NOT GIVING YOU AN OPTION", it'd still be less offensive than sneaking in a stealth script with a toggle on a "Beware of the Leopard" page.

It's the difference between applying an open surcharge and embezzling.
(Frozen) (Thread)

I see this on a Mac running Safari. I also just checked with FF on the same Mac and got the "link is adulterated upon click" behavior. Are you running any script-blocking stuff, an auto-updating adblocker, etc?

And yeah, the way to turn it off is totally Beware the Leopard. Where's a bulldozer to lie in front of when you need one?
(Frozen) (Parent) (Thread)

I've got Ad Blocker Plus running, which is a pretty standard FireFox extension.
(Frozen) (Parent) (Thread)

This one? I just installed it on my only-ever-used-for-testing copy of FF and it's still happening. I wonder if you opted out of link tracking via the console several years back - if you want to check, go here, type set opt_exclude_stats 0, then reload this journal entry and see if it's started happening.
(Frozen) (Parent) (Thread)

I wonder if you opted out of link tracking via the console several years back ...

I checked the link using the Epiphany browser, and got the Evil Tag -- but I didn't bother to log in. I then logged out of LJ here on FireFox, and, lo and behold, the Evil Tag appeared. The link opened a new tab, rather than a new window, because I've set FireFox to do that.

So, yes. I probably opted out of link-tracking after one of Cory Doctorow's paranoid screeds on BoingBoing.
(Frozen) (Parent) (Thread)

And yeah, the way to turn it off is totally Beware the Leopard

just another LJ geek directed here about the linkjacking, but I have to say, the way you turned that phrase made me smile even though I'm at the office on a Saturday. thanks for the joy. :)
(Frozen) (Parent) (Thread)

geez, wut?
went and turned that off, i hadn't noticed it as i'm not finding myself clicking a lot of links these days, but thanks for the heads up ...
(Frozen) (Thread)

Thanks, Peggy. I don't understand a symbol of the code, but it was nice to get it fixed as it's doing the same thing on Safari. Once the admin board fix was applied, links seem to work fine. I'd be sorry to see people flee LJ as things like Facebook are so damned short and impersonal. And there's no other community I know of where so many people I follow post. I hope the whistle has been blown and something is done.
(Frozen) (Thread)

Maybe if we tell them all about this kind of thieving fuckery on LiveJournal's part, the people you follow on LJ will head for Dreamwidth where it just doesn't happen. Given the numerous other things that LJ has botched, there's got to be some momentum building already....
(Frozen) (Parent) (Thread)

I know nobody but the lawyers would profit, but I idly wonder if this is actionable somehow. This actually cost me a few dollars in Amazon affiliate kickbacks, assuming this is the real cause for the dip in my numbers.
(Frozen) (Thread)

Hmm! When did you start seeing a dip? The earliest I found reference to it was in early February of this year.
(Frozen) (Parent) (Thread)

Ooh, wait, I can do one better: I'm telling Amazon. (Anybody with me? A plurality of e-mail speaks louder than one.) This is in strict violation of the Operation Agreement for the Associate program, which forbids attempts to hide links, links being processed through redirects, failure to disclose use of the Affiliate program, and tampering with other Affiliate links without disclosure.
(Frozen) (Parent) (Thread)

I LIKE THIS PLAN

The offending affiliate ID is 5336432744-20, added by outboundlink.net, which is probably operated by drivingrevenue.com. And of course LJ is complicit in this as well, since I sure as hell haven't heard anything official about them doing this.
(Frozen) (Parent) (Thread)

A quote from the e-mail I just sent, which is probably a useful reference for everybody who wants to do this:

This script is undisclosed, LiveJournal does not declare their association with outboundlink.net or their affiliate program, Support questions about the matter have gone unanswered, LiveJournal is directly (and poorly) tampering with affiliate links by other users, and the page is processed through a redirect. Collectively, this violates sections 5, 9, 15, possibly 19 (the automatic system cannot control what links are rewritten and is poor at detecting correct links- see below), 20, arguably but probably not 21, 23 (all links are processed as pop-ups), 25, 26, and arguably 27.


If you'd like to get your own opinion on what they've violated, see https://affiliate-program.amazon.com/gp/associates/help/operating/participation for the document I was referring to. Their failure to disclose their use of the Associate system isn't covered by the Participation Agreement, but it violates the Operating Agreement- https://affiliate-program.amazon.com/gp/associates/agreement
(Frozen) (Parent) (Thread)

This is a good idea.
(Frozen) (Parent) (Thread)

Furtive capitalist misdirection! I don't like it. Dreamwidth increases its appeal...
(Frozen) (Thread)

On a whim; if I'm logged in as a user with the admin fix applied, the behaviour is fine and your affiliate id is ok. If I log out and clear my caches then try a reload, surprise! I get the offsite redirect and your affiliate id is gone, same link. (Mobile Safari, no adblockers)
(Frozen) (Thread)

I de-obfuscated the code.

From the WTF department:


var _URLList = new Array("ebay.com","amazon.com", […~150 domains snipped...],"hifibitz.co.uk");

if (currentHour < 6) {
_URLList["push"]("tirerack.com");
_flag = 1
};


Yes, folks, if it's earlier than 6AM, it'll add tirerack.com to the list of sites it adds its affiliate code to. But buying your tires during daylight is safe!

It also passes that flag to outboundlink.net as "tr". I wonder what the story is behind that?

Also for some reason it won't touch links that include the text "AFFCODE" or "a.jsp" - is this a half-assed attempt to not snipe pre-existing affiliate codes?
(Frozen) (Thread)

OK, this was a better test. And I got the same results that chirik did. When I'm logged in, I get no altered link. When I'm logged out, I get the modified link, the code that calls for the script shows up in the page source.

I'm still using Firefox 3.6.

I must have done that opt-out thing a long time ago and I just didn't remember!
(Frozen) (Thread)

Just dropping by to let you know that I linked to both of your posts to my own rant about it. Something else that's bothering me is that I know I've seen people use affiliate links to benefit charities in the past. This isn't only stealing from LJ users, but potentially also from non-profit causes.
(Frozen) (Thread)

I did some digging for who outboundlink.net is.

The domain was registered via GoDaddy. GoDaddy lists the registrant as Domains by Proxy.

Domains by Proxy is a service that allows you to anonymously register domain names.

Also, some more data points:

* Serversiders says the domain started getting traffic January 18.

* A search of Google for "outboundlink.net" shows this has struck a variety of sites about the same time, mostly forums. For example, here is a response from an admin on a Tivo Community Forum explaining that, Yes, it is to monetize links, and yes, they ARE replacing an Amazon affiliate link with their own code.

This last point is rather damning. The difference between the Tivo forum and LJ is that LJ does not forbid using affiliate links. So I believe this absolutely would be a violation of LJ's* TOS with Amazon, for example.

I would really like a response from LJ now.

* Since the admin on the Tivo forum admitted that they do get the revenue from purchases using supplemented affiliate links, I presume that LJ does too.

So, so so sketchy.
(Frozen) (Thread)

Thank you for looking into this. I assumed it was changing affiliates for kickbacks, but I hadn't the time to research it. Thanks.

Also, this is scary shit. I'd rather choose who to give my kickbacks too. I'd hate this for the opening shit in a new window/tab alone, but this gives me cause to get upset.
(Frozen) (Thread)

Yeah, logged out on my work computer and using IE I didn't get the links changed, but when I remote desktop'ed in to the server I manage and tried from there, it changed the links.

Ended up adding a request to my Dreamwidth crosspost footer asking people to click the links over on DW instead of LJ. *sigh*
(Frozen) (Thread)

Thank you so much for keeping up on this, Peggy.
(Frozen) (Thread)