pentacles, magic

A nice cup of rabies

Rantings with occasional art.

Previous Entry Share Next Entry
What is LJ doing to my links? Part 5
pentacles, magic
So yeah, the official word is that this script is gonna get pulled and that it's been displaying "several things that were not intended behaviors". like giving all the affiliate juice to the linkjacking company instead of lj</snark>

No comment on the fact that it was rolled out silently a month or two ago, of course.

And that's really what's got me pissed. The lack of transparency on something that's rewriting my content.

I wonder if I'll see anything about this in news when they've shut it down?

edit: Heh. I went and looked at support requests again. All the other questions are answered with a cut-and-paste statement and closed as of an hour or so ago; my more pointed question is still open. I wonder if I'll get a personally-crafted answer?

edit 2: Script is still being included, but now it's just one line in the file: /* this code is removed until we can get it off all our pages */ So yay for a response measured in hours. But boo for rolling it out silently in the first place. Because, I mean, "intended behavior" of this thing would still be "silently paste our affiliate code on lots of outgoing links without ever telling our userbase we were gonna monetize them this way". Even if it was super-scrupulous about never touching links with an existing affiliate code and had been tested on a big enough pile of links to notice the "" problem. which is beyond trivial to solve once you notice it exists but i think i have far better things to do with my life than debug shady code. like draw pornographic comic books. And the "intended behavior" is still feeling real likely to make me spend some time tomorrow giving Dreamwidth some dollars and migrating over there.

  • 1
As I mentioned elsewhere... This was a really reallllllllly stupid thing to do. Inserting an obsufcated blob of javascript from a third party into every page on a high profile website? We're *lucky* it wasn't a password or credit card scraper.

I would hope that LJ deobfuscated the code before plugging it in. It was the work of maybe an hour once I decided to just sit down and do it; there's not that much code involved. And they did host it on LJ, rather than pulling it off of outboundlink/drivingrevenue's servers where it could be modified at any time in the future.

I've been doing my best to construct narratives for this incident that are only due to bureaucratic complexity and inertia, rather than malign intent. *grin* Mostly I've just been trying to figure out what's going on at a technical level rather than a social/financial one!

I imagine it goes something like this:

Manager: Hello, tech people, our marketing department has made a deal with this Driving Revenue company. We need you to work with them so we can make affiliate money off of as many pages of our site is possible.
Driving Revenue's Contract: Put this JS code on your site. Please do not be peeking behind the curtains of our code, thanks, this is our intellectual property.
Tech people: ...okay then.

Yeah, I was imagining much the same story. Except maybe with it ending like this:

Tech: Hmm, this looks like a fake ID number. Should this get changed into a real one? *leaves a comment in the source*
Manager: I have a new pet project that must be implemented yesterday!
Tech: *forgets about the drivingrevenue ID question while putting out the manager's latest fire*

Entering (sans quotes) "set opt_exclude_stats 1" from should effectively opt you out.

Only for my eyes. As presently implemented, LJ will still be inserting this stuff into the pages it serves up for other people to see - it doesn't care if the author of the page opted out, only the person looking.

Ach, scheisse. Bastards.

I assume you've seen the response on kylecassidy's LJ. Occam's stupidity / malice explanation, as usual - but it's still a fuckup, and it's one more thing pushing me to look for tools to break the social trap of network effects.

I had not, though I'd seen the stuff she's working from.

I've been trying to attribute this to stupidity rather than malice as I dug into the technical details of what's going on, but I can't help but feel like "let's stick an affiliate ID on every unaffiliated e-commerce link we can find, and not tell any of our users about this" is a bit malicious. Even if it was being done with code that didn't have false positives on what it affected, and being done by altering the links when the page was served from LJ, rather than with this sneaky obfuscated JS that tries its best to hide its link-twiddling.

(Deleted comment)
*checks source* Ain't gone yet, hack away!

If you look at the source of dRev.js now, it just says:

/* this code is removed until we can get it off all our pages */

Just here to let you know that I'm linking to you on this issue and directing other people here, because you seem to be really on top of things.

If you want a Dreamwidth invite code, just say the word.

I had more important things to do today, but lounging in bed with the laptop chasing this was a compelling way to goof off. *grin*

And thanks! If I leap to DW (and LJ's handling of this so far is not helping) I'll probably just be buying a year of paid time off the bat; I've been a paid user for LJ for most of my time here and can certainly afford to do the same for a site I'm supporting for Not Being What LJ Is Turning Into.

Just so you know, DW's payments are currently down because of trolls in the system:

That means right now only check or money order can be accepted. However, they're making good progress on implementing a system that's not vulnerable to the same attacks.

In any case, if you decide to make a leap and have any questions/concerns about crossposting, importing, setting up, layout CSS/styles, things that sucked and could be made better, or anything like that, feel free to bug me about it! I do a lot of DW volunteer work, so I can usually answer or find out what's going on.

  • 1

Log in

No account? Create an account