Hijacking affiliate links

[foxfirefey]

I've been given a heads up that has done some excellent sleuthing and investigation into hijacked LJ affiliate links:

What is LJ doing to my links?
What is LJ doing to my links? Part 2
What is LJ doing to my links? Part 3

Expect this post to be update through the day as I find out more and come up with a good summary.

ETA: No good summary, but

Comments

[marta]

Several things that were *not* intended behaviors of this script have been brought to our attention. We'll be removing it, but I'm not sure when (it requires a code push, so that timing is still being worked out).

[foxfirefey]

How long has it been running? This person's post suggests quite some time--around a month.

[sundayave]

I first opened this Support request a month ago to complain about the lag in which the LJ pages found themselves in at that moment because of the script which they'd just implemented (I believe it was around release #61). About a day later and without any reply whatsoever, I just decided to block it with AdBlock and be done with it. I remember someone also complaining how the same script was on the secure login page and how it should be removed asap for obvious security reasons. I don't know precisely how long this redirecting business has been in action, but the first complaint (at least in Support) about it is this one.

(Also, why did I have to do the reCaptcha thingy when I posted this comment?)

[foxfirefey]

Thanks for the report--sorry about the CAPTCHA--I think at one point, we were getting a lot of spam (from logged in accounts, even), so we had to enable reCAPTCHA for nonmembers.

[shaebay]

This just blows my mind. Why in the world would they think that is okay? Definitely wondering what the original intention of the script would be.

[pseudomonas]

Is there a copy of the script as-was that the collective geek hive-mind can pull apart?

[ryf]

Yep http://shatterstripes.livejournal.com/1066472.html#cutid1

[pseudomonas]

Thanks! looks like it's been shredded well there :)

[tiferet]

Have I mentioned lately how much I love Dreamwidth :)

[tiferet]

So, what do we need to enter into Adblock Plus to kill this thing?

[foxfirefey]

http://l-stat.livejournal.com/js/pagestats/dRev.js

[tiferet]

Thanks!

[thnidu]

what she said

[mskala]

I wonder what the Livejournal Advisory Board said about this. Does it still exist?

[foxfirefey]

A rep posted about it recently:

http://kylecassidy.livejournal.com/585577.html?format=light

And yeah, apparently the script has been gutted of all code.

[mskala]

The sad, and worrying, thing about this is that it was so predictable. Anyone with half a clue about how Livejournal's users feel about things - or even half a clue about how Internet users in general feel about things - would have been able to guess accurately how the userbase would react to adding an affiliate ID to user-posted links, let alone removing users' own IDs. But the people in charge at Livejournal went ahead with it anyway. Logical conclusion: either they really have no clue how users think, or they really don't care. Neither is good.

If you end up with a mob of pitchfork-wielding users outside your castle gates one time, okay, well, anyone can make a mistake. But when it becomes a regular occurrence, you have to start considering the possibility that you might not be the hero of the story anymore.