MyBlogLog Tracks Your Visitors Ad Clicks

by on February 23, 2007 · 76 comments

I know we said we’d never mention MyBlogLog again, but that was before this discovery.

Maybe all the recent MBL exploits recently didn’t bother you. Maybe they seemed trivial. I don’t think people should feel the same way about this one. This isn’t even an exploit, but something that MBL is actively doing with their blog widget. If you’re not interested in the long technical version, skip to the bottom.

The first thing that happens when the browser loads the MyBlogLog javascript is the loading of another javascript file.

document.write(‘scr+ipt language=”javascript” src=”http://track3.mybloglog.com/js/jsserv.php?mblID=2006112922074849″>

I started looking at this code, and I noticed something odd. Why were the urls to google adsense and YPN servers in the code? This is the piece that caught my attention. Notice that it's ripped from a Mint plug-in that tracks ad click stats.

//start IFrame ad tracking
//from http://www.digitalmediaminute.com/article/1715/adsense-click-pepper
var m_px=0,m_py=0,m_as_frms=new Array(),is_ie=document.all?true:false;
function m_as_init() {
var ad=document.getElementsByTagName('iframe');
for(var i=0;i if(ad[i].src.indexOf('googlesyndication.com')>-1){
m_as_frms[m_as_frms.length]=new Array(ad[i], 'http://pagead2.googlesyndication.com', 'Google AdSense');
if(is_ie){ad[i].onfocus=m_trk_as;}
} else if(ad[i].src.indexOf('ypn-js.overture.com') > -1) {
m_as_frms[m_as_frms.length]=new Array(ad[i], 'http://ypn-js.overture.com', 'Yahoo! Publisher Network');
if(is_ie){ad[i].onfocus=m_trk_as;}
} else {}
}

Upon further investigation, it looked like the MBL was tracking clicks and reporting them back. But this couldn't be possible. So I made a test page. On it, I placed the MBL widget, an adsense block, and a link.

I loaded up the page, turned ieHTTPHeaders on, and clicked my external link. This is what I found at the top of my header log:

GET /tr/urltrk.php?t=2&u=http%3A//www.alnk.org/mybloglogsucks&
te=will%20mybloglog%20track%20this%20link%3F&i=2006090110210818
&now=1172264766637&d=20070223
&db=&v=N2007022315034055 HTTP/1.1
Accept: */*
Referer: http://www.dellanave.com/test.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
 5.1; SV1; .NET CLR 1.1.4322; Alexa Toolbar)
Host: track2.mybloglog.com

OK, so they're tracking external links. Well this kinda makes sense, as they try to build a picture of who is browsing who's communities. What about if I click the adsense ad though?

GET /tr/urltrk.php?t=2&u=http%3A//pagead2.googlesyndication.com
%23160x600&
te=Google%20AdSense%20%28160x600%29&i=2006090110210818&
now=1172264934262
&d=20070223&db=&v=N2007022315034055 HTTP/1.1
Accept: */*
Referer: http://www.dellanave.com/test.php

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
 5.1; SV1; .NET CLR 1.1.4322; Alexa Toolbar)
Host: track2.mybloglog.com

The bottom line is that MyBlogLog is tracking AdSense and YPN clicks too. (Update: They do show you ads clicks in MBL Pro. Not having Pro does NOT stop the tracking from loading.) Who else gets this data? I don't know about you, but I'd rather keep my ad click stats to myself. So in your own word Eric, "On what planet is that not a bannable offense?".

There's more as always, but I think this is enough for one day (or year). I think I've assured I'll never be hired by Yahoo!

Here's a link to the javascript for when they pull it or change it:

MyBlogLog Tracking Javascript

MyBlogLog Ad Tracking Video

About the author...

– who has written 9 posts on ShoeMoney.com.

David is the CTO of ShoeMoney Media Group. He makes the gears turn in opposite directions.

Anna recommends you check out these amazing posts:

  1. 300px-Boschsevendeadlysins Seven Deadly Sins For People Trying to Make Money Online
  2. hogan Shawn Hogan Speaks Out On FBI Charges
  3. 41591_149249958438888_9382_n Movies That Motivate Me

{ 46 comments… read them below or add one }

1 Doyle

Guess that turns it in to one of the best $10m investments Yahoo could have made.

Reply

2 morgan thomas

Jeremy, wow, just wow man. Good job, I wonder if this was added before or after the sale of the company. It would be interesting to find out.

Reply

3 Matt Coddington

I’m not a very tech-savvy guy, but last I checked MyBlogLog Pro showed my Adsense clicks. You can even filter your outgoing links clicked by “Ads”. Did I miss something or are you talking about something else altogether?

Reply

4 Ali

What the hell! I think I’m taking off the “widget” now!

Reply

5 Matt Coddington

Here is a screenshot of MyBlogLog Pro showing my Adsense clicks in the outgoing link tracker:
http://www.netbusinessblog.com/pics/mybloglog_ads.gif

Maybe this is why they’re tracking ad clicks – to display it in MyBlogLog Pro’s stats? Like I said, I could be way off base. Most of your post was over my head anyway.

Reply

6 John

I just joined MyBlogLog a few days ago so I still have the free “MyBlogLog Pro”

They aren’t “hiding” it by any means. They show it pretty plainly. I can see “Google AdSense,” the Size of the ad and what time someone clicked on it.

Of couse I can track things like that on my own w/o their help. So I won’t be paying for the “Pro”

Just wanted you to be aware that they aren’t trying to be sneaky and hiding the data from people. (IMHO)

Reply

7 Paul Short

Dude, I’m SO glad I didn’t sign up for MBL.

Reply

8 Matt Coddington

But it was still “publicly” displayed. Everyone gets a trial MBL Pro account and can see that the Adsense is tracked. I don’t get what the dealio is.

Reply

9 Jeremy Steele

*waits 10 minutes for MyBlogLog representative to say “Ohhh we don’t track those, nope, your doing something wrong”*

Taking widget off my blog as I type this.

Reply

10 DingBat

Dude, you are being lame. Of course they track this data, it’s one of the selling points of the Pro version. By tracking all your click data, when you do sign up they have all the interesting historic data for you to analyze.

Sour grapes on your part.

Reply

11 More M

I did not post my url because I don’t want to get banned but I have used YPN and mybloglog. It clearly shows clicks on my YPN ads that YPN never pays me for.

Sounds to me like they are getting themselves in trouble.

Reply

12 Matthew Berman

wow thats super shady yahoo…and i was rooting for you to beat google too…

Reply

13 Diorex

10 million down the tubes….

I took it down from my site even before this, because I saw absolutely zero value other than the novelty.

Reply

14 droo

it seems like there is a “Holy war” going on with Shoemoney and MyBlogLog… what a way to fill up a blog… geeezzz

Reply

15 JeffPosaka

Thank you for the heads up.

Reply

16 Tom

This is a pretty common practice. I can think of half a dozen sites off the top of my head that do this, and any competent developer with a few hours on their hands can pull it off. This is a blatant example of making a mountain out of an ant hill.

Reply

17 Zaid

This may end up being the final blow leading to MLB’s demise.

Very unethical stuff, Yahoo.

-Zaid

Reply

18 Alex Moskalyuk

Hmm, if they track *every* click, why would they exclude ad clicks? Also, I’ve compared the MBL click data and AdSense click reports, and MBL is generally missing ad clicks by an order of magnitude, so if there’s anything malicious that could be done with MBL logs, they would probably tweak the click-counting techniques first.

Reply

19 Media-Man

This is why I use Ad Muncher.

It blocks all regular ads as well as the hidden stuff.

http://www.admuncher.com/

boo! yahoo boo!

Reply

20 jeba

Phew!!!

Reply

21 Thien

I recently installed MBL on my site but have taken it down since reading this post. Eh.

Reply

22 Bulbboy

That “generally” part is oh so reassuring. =P “Never”, would be even better.

Reply

23 Bulbboy

If the SEM business doesn’t pan out Shoe, you could always open a PI biz. :)

Reply

24 scurry

Haha… yes because they lost your little piece of the internet, the whole 10 million is going down the tubes. Don’t be a tard, they’ll still get great data out of this and any company including google would do the same.

You can take off your tinfoil hat now.

Reply

25 Gangreen

That’s very very foulplay.

Reply

26 Doug Karr

Om… it’s called a FEATURE. You really have it out for these guys, huh?

Reply

27 Steven Wong

It is not surprise that MBL did track on external link, it even shows the adsense click from my site. Although it is not a details data, I guess this data will send back to their site as well. I have experience to see some of the adsense click.

Reply

28 feedbuzzard

Yeah, I’m done with MBL. Deleted everything, and removed scripts.

You have to be careful.

Reply

29 feralcat

The *only* reason I use MyBlogLog is because I want to track my external clicks, including Adsense clicks.

I really don’t give a damn about their stupid “blog communities” which are completely worthless to me.

The day MBL stops offering exernal click stats is the day I stop using their service.

Reply

30 Matthew Chen

I don’t think anything wrong here because Mybloglog is supposed to track every links you click. It may need a special processing in order to track the clicked links from Adsense or Yahoo Ads.

Reply

31 Marko

MyBlogLog seems to be digging its self in a deeper and deeper hole…

Reply

32 derrich

I’m getting data from Ad clicks, but they don’t agree with the affiliate marketing stats. For instance (just using easy numbers), my AdSense impressions reports shows 10, but my MBL stats show it was clicked 20 times. What gives?

Reply

33 web a serio

It’s just me or does this count as a violation on the Adsense Policy, as it allow MyBlogLog to know click-through rates, that by 7(b) from the Terms and Conditions we all agree on joining adsense is disclosurable?

With this don’t all the MyBlogLog users that are using the widget are putting themselves in a vulnerable position to become “terminated” by Google?

themage.

Reply

34 Ferrarislave

Myblog has been x-ray’d by Shoemoney! LOL Found all the secrity bugs, found all their tracking code, found everthing.

Reply

35 Gary

i’m not sure what i’m thinking right now . . . do I want to keep my bloglog or not . . . part of me says why they hell now since i have no traffic from my ads, so yahoo can do anything they want . . . but in the future, they’re going to know too much about the site and can manipulate ad pricing . . or something like that

Reply

36 derrik

is this worth doin?

Reply

37 Scot Duke

I have found that MBL is really starting to do stupid stuff to get members on their free side to go to the Pro side. Stuff like not allowing but one update of a screenshot of your community. givemeafrigginbreak.com. What if you have a better one produced? You have to pay $25 to get it updated?

Reply

38 jo

I would like to get the code of the widget of mybloglog can you tell me how you email me it please?

Reply

39 tunyalit

wchich one is better MyblogLog & Blog catalog… ???
i’ll ad to this site > http://asireport.blogspot.com
it about news of investment wish one is better ?

Reply

Leave a Comment

Previous post:

Next post: