This code is much more complex. It's also not obfuscated, which is nice. It also seems to be doing a lot more processing on the remote end - there's no more juicy list of strings to pull out and see just what sites it's linkjacking.
It's even got a credit for a MIT-licensed URL parser it's using. So hooray for not, you know, tripping every single alert in my head that this is probably malicious code within the first ten seconds of looking at it. It's still of dubious ethics but at least it's not acting like it's got tons to hide, you know?
A quick dig into the code shows that it does this:
1. Wake up and get a list of every single link on the page.
2. Send this list to http://outboundlink.me/anxo/dr_ta_1/dr_
3. Get back a list of which URLs need to be fuzzled with.
4. Attach code to every single link; upon pressing 'return' or clicking the mouse on the link, check if it's in the list in step 3, and change it.
It also seems to be repeatedly asking outboundlink.me for this data at random intervals. Oh, no, I see: when you roll over a link it'll query outboundlink.me as to what should be done with it. Sneaky sneaky sneaky.
It is not presently stripping Amazon affiliate IDs, nor is it inserting new ones. It is however Doing Things: an unaffiliated link to China Miéville's upcoming book gets turned into a monstrosity like file:///Users/egypt/Desktop/Friends.html?d
Looks like you can stop most of these shenanigans by blocking outboundlink.me. And http://l-stat.livejournal.com/js/pagesta
I really need to sit down and figure out the roadblocks to moving my posting habits to Dreamwidth. Let's see: lost some icon associations upon import, need to find out what'll happen if I try a re-import, XJournal needs a little expanding to deal with multiple services. That's about it.
(thanks to foxfirefey for the heads-up on the return of this stuff.)