Hijacking affiliate links

[foxfirefey]

I've been given a heads up that has done some excellent sleuthing and investigation into hijacked LJ affiliate links:

What is LJ doing to my links?
What is LJ doing to my links? Part 2
What is LJ doing to my links? Part 3

Expect this post to be update through the day as I find out more and come up with a good summary.

ETA: No good summary, but

Comments

[marta]

Several things that were *not* intended behaviors of this script have been brought to our attention. We'll be removing it, but I'm not sure when (it requires a code push, so that timing is still being worked out).

[foxfirefey]

How long has it been running? This person's post suggests quite some time--around a month.

[sundayave]

I first opened this Support request a month ago to complain about the lag in which the LJ pages found themselves in at that moment because of the script which they'd just implemented (I believe it was around release #61). About a day later and without any reply whatsoever, I just decided to block it with AdBlock and be done with it. I remember someone also complaining how the same script was on the secure login page and how it should be removed asap for obvious security reasons. I don't know precisely how long this redirecting business has been in action, but the first complaint (at least in Support) about it is this one.

(Also, why did I have to do the reCaptcha thingy when I posted this comment?)

[foxfirefey]

Thanks for the report--sorry about the CAPTCHA--I think at one point, we were getting a lot of spam (from logged in accounts, even), so we had to enable reCAPTCHA for nonmembers.

[sundayave]

Heh, no problem, I was just like "Why the Captcha! :( Oooh my comment is screened, that'd be it." :)

[foxfirefey]

Yeah, nonmember comments are screened because we can sometimes report on Touchy Topics, and that can bring in a bunch of people from links who don't know how to wave a pitchfork instead of throwing outright stones, or some other appropriate metaphor.

[phaetonschariot]

Oh... that's about the same time frame that the constant "this page is running a script that is slowing down Firefox, do you want to continue?" dialogs started popping up every time I loaded a page.

[elisa_rolle]

Nice to know that the first complaint was mine, but I'm still the one who didn't receive an answer.

I posted about it and added a comment to the support request:

http://elisa-rolle.livejournal.com/974955.html

I'd really like for someone to answer me, from my rough count, I lost 30 dollars the past month.

Plus I spent a lot of time redirecting people through other review site, like Goodreads, since I didn't trust no more my LiveJournal page.

[shatterstripes]

You should probably talk to Amazon. Another person who was affected by this said that he was pleasantly surprised by their response.

[elisa_rolle]

Thank you, I will do that. Elisa

[desh]

Can you elaborate on what things weren't intended behaviors? Specifically, was the overwriting of a user's affiliate code with LJ's (even for paid and permanent users) part of the goal?

[foxfirefey]

That's a good point. I'm not even sure what the intended behaviors are supposed to be; many of the behaviors described are offered programs.

[platypus]

I'd really like to know what the intended behavior of the script was. I don't see much of anything defensible there.

[marta]

As far as I am aware, we knew it would make us an affiliate. It wasn't supposed to override anyone's affiliate links ( if it did, we'd have a way to make it not do that, however, I don't know more than that).

Additionally, it wasn't supposed to change anyone's links or get caught up on loading (there were reports of a script not responding, and I believe this was one).

[foxfirefey]

"As far as I am aware, we knew it would make us an affiliate...Additionally, it wasn't supposed to change anyone's links"

Since these two statements are kind of at odds with each other, I'm going to try and clarify what I think you might mean--I think what you mean is it was supposed to add an affiliate ID onto non-affiliated links, and not redirect people through a third party site on the way?

[marta]

Yes - not having been in those discussions, that's the best I can explain it. We were told initially that if we got in reports that it had overridden someone's link we'd be provided a way to remove ours. I'm not 100% clear on whether it was known that that would happen for sure or if it was a contingency or how it worked.

However, we'd not been given that ability, nor help troubleshooting the loading issues, as far as I know, so we got permission yesterday to just pull it down. After that was when we discovered it redirected links, as some people have mentioned, so we're not going to continue to use this service.