Mar. 3rd, 2010

egypturnash: (SHODAN)
Edit, the next day: LJ has said that the code doing this affiliate link fuzzling has been displaying "several unintended behaviors" and they're in the process of pulling it. So if you get nothing now, this is probably why. They've still lost a lot of what little trust I still had in them for doing this so stealthily in the first place.

Lately I've started to notice that every now and then, a link I'll click on in my friends page redirects through outboundlink.net.

For instance, [livejournal.com profile] jirris_midvale just posted a link to a Furbuy auction he's doing:
http://www.furbuy.com/auctions/1015216.html

Now, if you hover over that link, you'll see that it seems to go exactly where it says it will. But if you click on it, you end up going to this lengthy link on 'outboundlink.net' with an ID and the page you were on - and it'll forcibly open in a new window, too.

Some digging revealed that this is happening because LJ is including this on every page it generates:

<script src = "http://l-stat.livejournal.com/js/pagestats/dRev.js" type="text/javascript"></script>
<script language = "JavaScript" type = "text/javascript" >
var DR_id = '1111'; // Is this a real ID or we'll be asked to change it? :)
DrivingRevenue();
</script>


The Javascript is a big mess of obfuscated, packed code. A little Googling showed me how to reverse this packing; some further cursory hacking showed me that it seems to redirecting any link whose end matches this list through outboundlink.net:

tons of shopping sites )

I can't tell what outboundlink.net may be doing to the link because it's not responding right now - this is why I really noticed it and stopped to investigate it. There's nothing there for humans to see, the WHOIS information just points to godaddy, and Google turns up next to nothing except for people on cosplay.com's forums wondering... why are links from LJ to that site going through outboundlink.net?

My immediate reaction is: What the fuck, LJ? When did you slip this in? Who in outboundlink.net and what are they doing to our links for you? Are they just tracking or are they doing more? The fact that the main function is named "drivingRevenue" does not exactly lead me to believe this is just tracking!

They're doing this to everyone, paid and free users alike. I watch the LJ news communities and I do not recall hearing anything about them doing things like this to links. This is not making me happy to see.

Why are they doing this via this stealthy obfuscated Javascript instead of being upfront and altering all the links they serve? Metafilter, for instance, alters all Amazon links in posts and comments by adding their own affiliate code - in the HTML, so it shows up when you mouse over it. They're not going to great lengths to hide what they're doing. LJ, on the other hand, is tracking and whoknowswhatting all your money-making links in this furtive manner.

I'm blocking this "dRev" script, myself. And Dreamwidth is looking that much better.

If anyone wants to investigate this further, please do! I'll be getting on a plane soon, so I don't really have time to dig around - though I may try to deobfuscate the script on the plane so I can see what the fuck it's doing. Or I might just kick back and read instead.




Edit: Okay, this might be the services of one drivingrevenue.com, and it could be just used to help serve ads. But why the hell is this shit showing up on my pages and making links intermittently pop up in new windows? I'm paying money to LJ to not have ads on my journal, and having this script show up - especially with the fact that its primary selling point is "hack your affiliate link onto everywhere" - feels like it's right on the edge of breaking that trust, if not over it.




TL,DR: Livejournal is using sneaky Javascript to pass a lot of e-commerce links on everyone's journals through a mysterious tracking site, and forcing them to open in a new window to boot.

edit: It's also putting its own affiliate link in; see my followup.

edit: For more of what I figured out, see the drivingrevenue.net tag. Also since this bit of code-sleuthing is getting linked all over, hello, LJ! I'm normally an artist, who's doing this today instead of getting back to work on her dirty webcomic [NSFW].

Most Popular Tags

Expand Cut Tags

No cut tags
Page generated Sep. 24th, 2017 05:06 am
Powered by Dreamwidth Studios