A new issue with LJ privacy...
kijikunlinked me to this post on some new LJ link scripting shenannigans I'm pasting it here to give everyone a heads up.
################################
LiveJournal has started snooping on outbound clicks, sliently redirecting outbound links through "outboundlink.net." This is enabled even for paid users, and the opt-out is so hidden/out of the way that what they're doing is simply unconscionable.
Here's an example link: http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/
Javascript is used to make the url in the status bar appear normal when you hover over it, until you actually click on the link. To see that it is actually being redirected for tracking, right-click on the link and copy the url, then paste it into something like notepad.
Fortunately, there is a way to opt out:
1. Open the Admin Console at http://www.livejournal.com/admin/console/
2. Execute the following command: set opt_exclude_stats 1
I also recommend adding the following to your ad-blocker:
* outboundlink.net
* l-stat.livejournal.com/js/pagestats/dRev.js
Brought to my attention by a post on DamnPortlanders.
Edit:
eevee and I got through the JS obfuscation. It works by setting links' onclick and oncontextmenu, so the reason why links appear normal is that it doesn't change them until you actually click on them.
If you're unclear about SUP/LJ's intent, realize that this a technique that would only be used by someone who wanted to hide the fact that they are manipulating outbound links.
Edit 2:
As posted in comments, this (for now) is only affecting links to a long but finite list of domains.
It also appears to be financially motivated, as the net effect (when it isn't breaking links to crittersbythebay.com due to sloppy programming) seems to be the insertion of LJ/SUP or their Partner's referral/kickback code in the url. This finer manipulation is done on the "outboundlink.net" servers, though, instead of in the javascript.
Every click going through LJ's partner-in-crime will of course be logged by this third party, so the call-to-arms on privacy grounds still stands.
################################
LiveJournal has started snooping on outbound clicks, sliently redirecting outbound links through "outboundlink.net." This is enabled even for paid users, and the opt-out is so hidden/out of the way that what they're doing is simply unconscionable.
Here's an example link: http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/
Javascript is used to make the url in the status bar appear normal when you hover over it, until you actually click on the link. To see that it is actually being redirected for tracking, right-click on the link and copy the url, then paste it into something like notepad.
Fortunately, there is a way to opt out:
1. Open the Admin Console at http://www.livejournal.com/admin/console/
2. Execute the following command: set opt_exclude_stats 1
I also recommend adding the following to your ad-blocker:
* outboundlink.net
* l-stat.livejournal.com/js/pagestats/dRev.js
Brought to my attention by a post on DamnPortlanders.
Edit:
eevee and I got through the JS obfuscation. It works by setting links' onclick and oncontextmenu, so the reason why links appear normal is that it doesn't change them until you actually click on them.
If you're unclear about SUP/LJ's intent, realize that this a technique that would only be used by someone who wanted to hide the fact that they are manipulating outbound links.
Edit 2:
As posted in comments, this (for now) is only affecting links to a long but finite list of domains.
It also appears to be financially motivated, as the net effect (when it isn't breaking links to crittersbythebay.com due to sloppy programming) seems to be the insertion of LJ/SUP or their Partner's referral/kickback code in the url. This finer manipulation is done on the "outboundlink.net" servers, though, instead of in the javascript.
Every click going through LJ's partner-in-crime will of course be logged by this third party, so the call-to-arms on privacy grounds still stands.