?

Log in

No account? Create an account
The secret is out and it's not pretty - Altivo's Horse Tails — LiveJournal
Wandering about distractedly
altivo
altivo
The secret is out and it's not pretty
Apparently LiveJournal has been using custom JavaScript code to modify some links on user pages dynamically when they are clicked. The action replaces the "affiliate ID" value in the link with another value. This doesn't affect all such links, but only those on a specific list of providers, including, apparently Amazon and EBay. The intent of this action isn't clear, though it seems likely that the purpose was to harvest any commissions that would otherwise have been paid by the linked site back to the provider of the link. Whether the collected fees were going to LiveJournal itself or to some other party is not clear at this time. The link alteration is done in a stealthy manner, so as to be almost invisible. Details and links to more discussion here.

There is a configuration command (undocumented, as often seems to be true with LJ) that will disable this operation for your own page and for any LJ links you click on. That is described in the additional documents linked to the Slashdot article above.

This is a pretty slimy act if in fact it is true. I haven't bothered to try confirming it myself, as the proof is complex and depends on a better understanding of JavaScript than what I have. However, many users have now confirmed that the changes really are taking place, and some who were Amazon partners say their link activity has suddenly dropped to zero according to Amazon.

If this wasn't a deliberate, policy based action by LJ management, then it seems likely to be a clever hack inserted by individuals in the coding team or someone with illicit access to the code base. Given that LJ has no policy statement forbidding such "partnership" links, a unilateral action to disable them seems questionable at best, and to my mind is a violation equal to the privacy violations Google committed a couple of weeks ago in their heated reach to grab market share away from Facebook and Twitter. (The Google Buzz cockup is now well and thoroughly dIscussed elsewhere.)

Tags: , ,
Current Location: Soggy oak grove
Mood: irritated irritated

40 pony nudges or Nudge the pony
Comments
kint From: kint Date: March 5th, 2010 02:47 am (UTC) (Link)
I think there was enough general outrage that there already pulling it. I think.
altivo From: altivo Date: March 5th, 2010 03:43 am (UTC) (Link)
They say they're trying to do something about it. They don't admit it's happening, they don't apologize, they don't explain. This appears to be yet another LJ secret screwup that no one was supposed to notice.

The fact that there was a console command to at least partially disable the thing shows that it was intentionally coordinated for some nefarious purpose.

I don't use affiliate links, so I have no direct damages to claim, but I'm still furious at the sly manner in which this was done and the attempt to avoid dealing with it openly. All they need is for Amazon and EBay or other similar large corporations to come after them for fraud (because that's what this is) and they'll collapse like a punctured balloon.
lobowolf From: lobowolf Date: March 5th, 2010 03:39 am (UTC) (Link)
I'm surprised LJ management is stupid enough to pull something like that. Don't they know that their clientele is riddled with geeks that could take their system apart ten times over? Plus it's just a scumbaggy thing to do. :/ Never bullsh*t people that are smarter than your company!

Edited at 2010-03-05 03:41 am (UTC)
altivo From: altivo Date: March 5th, 2010 03:44 am (UTC) (Link)
Alas, LJ management has proven time and time again that it hasn't a clue about what kind of users it is dealing with.
songdogmi From: songdogmi Date: March 5th, 2010 05:16 am (UTC) (Link)
I clicked some links in shatterstripes's LJ posts in the last few minutes. They worked as one would expect. But that does not necessarily contradict what you're saying; the function may have been disabled once it became known that users noticed.
altivo From: altivo Date: March 5th, 2010 12:21 pm (UTC) (Link)
The links appear to work, but they change the affiliate ID so the credit for the link goes to someone else. In most cases, you still arrive at the same site.

Also, if you have a paid account and are logged in, the behavior is different from what happens if you have a free account or are not logged in.

Even if they disabled the thing, it doesn't excuse the fact that it was instituted on the sly and apparently some time ago.
From: avon_deer Date: March 5th, 2010 09:44 am (UTC) (Link)
It seems that LJ have now released a statement more or less saying it was an anomoly caused by an update.

http://hgryphon.livejournal.com/934946.html?style=mine

The owner of that journal complains that people were jumping the gun and posting that warning (you saw one on my journal the other night) without first checking their facts.

I however make no appologies for automatically assuming that corporations (such as SUP) are inherantly evil. Becauase most of the time, I am correct.
schnee From: schnee Date: March 5th, 2010 11:16 am (UTC) (Link)

I'm not convinced by that user's reasoning, myself. What has happened is the following:

  1. Something bad (i.e., something that negatively affects users) happens.
  2. There's a huge uproar.
  3. LJ representatives say it was all a mistake that will get rectified soon.

From the last part, he then concludes that the missing first piece is, indeed,

  1. LJ makes a mistake.

This is consistent with the above, but it's not the only consistent first step. The following also is:

  1. LJ intentionally introduces a change that'll earn them extra money and/or data at the expense of users' privacy etc. and hopes users won't notice.

This is ALSO consistent, so just because LJ said they're sorry and it's all gonna be rolled back, you can't conclude it really was a mistake. (At the same time, you also can't strictly conclude it was indeed malice, so in reality, you'll just have to weigh the plausibility of the various options and come up with your own hypothesis. Needless to say, different people's hypotheses might differ, though.)

hgryphon From: hgryphon Date: March 5th, 2010 01:06 pm (UTC) (Link)
I haven't bothered to try confirming it myself...

And this answers the question I asked you elsewhere.
altivo From: altivo Date: March 5th, 2010 03:33 pm (UTC) (Link)
And that statement is out of date. I have investigated at length since this post was made.
From: cabcat Date: March 5th, 2010 01:22 pm (UTC) (Link)
I call schenadigans on this...I better get my broom. (if you don't watch southpark you won't get this reference)
altivo From: altivo Date: March 5th, 2010 03:33 pm (UTC) (Link)
You're right. I don't. But that doesn't matter. ;p
quoting_mungo From: quoting_mungo Date: March 5th, 2010 01:53 pm (UTC) (Link)
The code was supposed to be pulled last night, according to Martha or whatever the name of that occassionally-actually-helpful staffer is. The intended behavior far as anyone has been able to tell (that I've seen) was not to replace users' affiliate IDs, but to add an affiliate ID to links that didn't already have them.

Which, if that was all it did, and they'd been upfront about it, I'd be pretty okay with. Nobody loses money, LJ gets a bit extra. What's not okay is the obfuscation (not to mention the fact that the code is sloppily written and breaks links to other sites that e.g. happen to include "bay" in the URL).

Turning off JavaScript (or blocking the specific script used for the behavior) will also stop the hack from happening, ironically thanks to that obfuscation.

I see the "okay, you're upset, this is wrong, we're pulling it" as an improvement in LJ's behavior compared to e.g. the mess when they tried to phase out free accounts. Then it was "we're totally in the right doing this and we won't go back on this decision... at least not for a week, just to show who's boss!"


-Alexandra
altivo From: altivo Date: March 5th, 2010 03:36 pm (UTC) (Link)
My issue with that brief response is that this is the sort of thing that should be stated up front in the terms of service and announced as a change so that all users are aware of it. Instead they just slipped it in there and hoped/believed that no one would notice. If they intended to reap income from unaffiliated links, they should say so. I for one would have avoided posting links to Amazon for that reason, because I do NOT want to give LJ money if I can avoid it. They've already alienated me to a great extent with their past behavior, both under SA and under SUP management.
gabrielhorse From: gabrielhorse Date: March 11th, 2010 06:19 pm (UTC) (Link)

All's well that ends, period.

My only thought is, "every trick in the book..."

Also, sorry to here your LJ is now RIP- six years is a long time to put up with crap you don't like, so I geuss you could say you stuck it out there. But, then again, I've always said life is like that- one minute people follow each other's lives, the next you find yourself asking, "whatever happened to so & so?", and so it goes...
altivo.dreamwidth.org From: altivo.dreamwidth.org Date: March 11th, 2010 06:24 pm (UTC) (Link)

Re: All's well that ends, period.

Actually the journal is not dead, it just moved, comments and all, to altivo.dreamwidth.org.

You can still read it from your LJ account if you add altivo_dw_feed as a friend. To reply so I can read it, you need to click on the Dreamwidth link at the top of the journal entry, and leave your response over there. You can log in using OpenID to do that as long as you're logged in at LJ.
(http://altivo.dreamwidth.org/)
40 pony nudges or Nudge the pony