Search Form

MyBlogLog Tracks Your Visitors Ad Clicks

  • 75 Comments
  • Posted 2 years, 4 months ago by ddn

I know we said we’d never mention MyBlogLog again, but that was before this discovery.

Maybe all the recent MBL exploits recently didn’t bother you. Maybe they seemed trivial. I don’t think people should feel the same way about this one. This isn’t even an exploit, but something that MBL is actively doing with their blog widget. If you’re not interested in the long technical version, skip to the bottom.

The first thing that happens when the browser loads the MyBlogLog javascript is the loading of another javascript file.

document.write(’scr+ipt language=”javascript” src=”http://track3.mybloglog.com/js/jsserv.php?mblID=2006112922074849″>

I started looking at this code, and I noticed something odd. Why were the urls to google adsense and YPN servers in the code? This is the piece that caught my attention. Notice that it's ripped from a Mint plug-in that tracks ad click stats.

//start IFrame ad tracking
//from http://www.digitalmediaminute.com/article/1715/adsense-click-pepper
var m_px=0,m_py=0,m_as_frms=new Array(),is_ie=document.all?true:false;
function m_as_init() {
var ad=document.getElementsByTagName('iframe');
for(var i=0;i if(ad[i].src.indexOf('googlesyndication.com')>-1){
m_as_frms[m_as_frms.length]=new Array(ad[i], 'http://pagead2.googlesyndication.com', 'Google AdSense');
if(is_ie){ad[i].onfocus=m_trk_as;}
} else if(ad[i].src.indexOf('ypn-js.overture.com') > -1) {
m_as_frms[m_as_frms.length]=new Array(ad[i], 'http://ypn-js.overture.com', 'Yahoo! Publisher Network');
if(is_ie){ad[i].onfocus=m_trk_as;}
} else {}
}

Upon further investigation, it looked like the MBL was tracking clicks and reporting them back. But this couldn't be possible. So I made a test page. On it, I placed the MBL widget, an adsense block, and a link.

I loaded up the page, turned ieHTTPHeaders on, and clicked my external link. This is what I found at the top of my header log:

GET /tr/urltrk.php?t=2&u=http%3A//www.alnk.org/mybloglogsucks&
te=will%20mybloglog%20track%20this%20link%3F&i=2006090110210818
&now=1172264766637&d=20070223
&db=&v=N2007022315034055 HTTP/1.1
Accept: */*
Referer: http://www.dellanave.com/test.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
 5.1; SV1; .NET CLR 1.1.4322; Alexa Toolbar)
Host: track2.mybloglog.com

OK, so they're tracking external links. Well this kinda makes sense, as they try to build a picture of who is browsing who's communities. What about if I click the adsense ad though?

GET /tr/urltrk.php?t=2&u=http%3A//pagead2.googlesyndication.com
%23160x600&
te=Google%20AdSense%20%28160x600%29&i=2006090110210818&
now=1172264934262
&d=20070223&db=&v=N2007022315034055 HTTP/1.1
Accept: */*
Referer: http://www.dellanave.com/test.php

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
 5.1; SV1; .NET CLR 1.1.4322; Alexa Toolbar)
Host: track2.mybloglog.com

The bottom line is that MyBlogLog is tracking AdSense and YPN clicks too. (Update: They do show you ads clicks in MBL Pro. Not having Pro does NOT stop the tracking from loading.) Who else gets this data? I don't know about you, but I'd rather keep my ad click stats to myself. So in your own word Eric, "On what planet is that not a bannable offense?".

There's more as always, but I think this is enough for one day (or year). I think I've assured I'll never be hired by Yahoo!

Here's a link to the javascript for when they pull it or change it:

MyBlogLog Tracking Javascript

MyBlogLog Ad Tracking Video



Please read this disclaimer before acting on this post.
  • 75 comments. What say you?
    • RSS

Who's talking about it?

  1. MyBlogLog, tracking and Yahoo! - [ Blog ocarbone.free.fr ]
    May 11, 2008
  2. All The Breaking MyBlogLog News (That Isn’t) at Henricus
    January 31, 2008
  3. O’Flaherty - » Deathmatch Kirkpatrick VS Cochrane
    May 24, 2007
  4. » MyBlogLog, tracking et Yahoo! - ocarbone.free.fr - membre de la communauté Talend
    May 23, 2007
  5. MyBlogLog tracking ad clicks: Isn’t this illegal? at fo.unta.in
    April 25, 2007
  6. MyBlogLog tracking AdSense & YPN ad clicks on your site | Internet Marketing & SEO
    March 15, 2007
  7. Seo Home blog » Blog Archive » MyBlogLog going to get you banned from Adsense/ypn?
    March 5, 2007
  8. Yahoo Publisher Network’s Trojan Horse
    March 1, 2007
  9. MyBlogLog trackea los clicks en tus anuncios | Denken Über
    February 27, 2007
  10. Will Using MyBlogLog get you banned from Adsense? - JohnTP.com
    February 27, 2007
  11. My Satellite Tracking Blog » MyBlogLog, Shoemoney and John Chow
    February 26, 2007
  12. » MyBlogLog viola os termos do Adsense »» Blog da Maysa
    February 26, 2007
  13. MyBlogLog è il cavallo di troia per Yahoo! ?
    February 25, 2007
  14. Blog Mirrors » Yahoo Publisher Network’s Trojan Horse
    February 25, 2007
  15. Yahoo Publisher Network’s Trojan Horse
    February 25, 2007
  16. Yahoo! nutzt MyBlogLog um AdSense auszuspionieren? - Adult Webmaster Blog
    February 24, 2007
  17. MyBlogLog Tracks Ad Clicks: Does This Matter? » The Real Ryan J. Parker
    February 24, 2007
  18. Removing MyBlogLog Widget From My Blog
    February 24, 2007
  19. Yahoo! Tracks Google Adsense Clicks » SELaplana
    February 24, 2007
  20. Yahoo Tracking Your Google AdSense Data & MORE « News Coctail
    February 23, 2007
  21. Links Dump 24 Feb 2007 - Reaper-X .:[ ID ]:.
    February 23, 2007
  22. Mizzouse.com » Yahoo Tracks Google AdSense Data Via MyBlogLog Widget
    February 23, 2007
  23. MyBlogLog = Tracking Google Ad Clicks? » Webomatica
    February 23, 2007
  24. MyBlogLog and YPN Problems
    February 23, 2007
  25. The Voyager - » Yahoo Tracking Your Google AdSense Data & More
    February 23, 2007
  26. - Paul Wolbers - » Blog Archive » Yahoo Tracking Your Google AdSense Data & MORE?
    February 23, 2007
  27. Removing MyBlogLog
    February 23, 2007
  28. Bye Bye My Blog Log and Thanks For the Heads Up Shoemoney
    February 23, 2007
  29. MyBlogLog Ad Click Tracking » Net Business Blog
    February 23, 2007

Comments

  1. tunyalit - November 27, 2008 at 1:15 pm

    wchich one is better MyblogLog & Blog catalog… ???
    i’ll ad to this site > http://asireport.blogspot.com
    it about news of investment wish one is better ?

    Reply
  2. jo - September 10, 2007 at 4:20 am

    I would like to get the code of the widget of mybloglog can you tell me how you email me it please?

    Reply
  3. Scot Duke - March 3, 2007 at 12:02 pm

    I have found that MBL is really starting to do stupid stuff to get members on their free side to go to the Pro side. Stuff like not allowing but one update of a screenshot of your community. givemeafrigginbreak.com. What if you have a better one produced? You have to pay $25 to get it updated?

    Reply
  4. derrik - February 27, 2007 at 3:01 pm

    is this worth doin?

    Reply
  5. Gary - February 27, 2007 at 11:30 am

    i’m not sure what i’m thinking right now . . . do I want to keep my bloglog or not . . . part of me says why they hell now since i have no traffic from my ads, so yahoo can do anything they want . . . but in the future, they’re going to know too much about the site and can manipulate ad pricing . . or something like that

    Reply
  6. Ferrarislave - February 26, 2007 at 10:46 pm

    Myblog has been x-ray’d by Shoemoney! LOL Found all the secrity bugs, found all their tracking code, found everthing.

    Reply
  7. web a serio - February 26, 2007 at 2:10 pm

    It’s just me or does this count as a violation on the Adsense Policy, as it allow MyBlogLog to know click-through rates, that by 7(b) from the Terms and Conditions we all agree on joining adsense is disclosurable?

    With this don’t all the MyBlogLog users that are using the widget are putting themselves in a vulnerable position to become “terminated” by Google?

    themage.

    Reply
  8. derrich - February 26, 2007 at 1:35 pm

    I’m getting data from Ad clicks, but they don’t agree with the affiliate marketing stats. For instance (just using easy numbers), my AdSense impressions reports shows 10, but my MBL stats show it was clicked 20 times. What gives?

    Reply
  9. Marko - February 25, 2007 at 2:59 pm

    MyBlogLog seems to be digging its self in a deeper and deeper hole…

    Reply
  10. Matthew Chen - February 24, 2007 at 9:07 pm

    I don’t think anything wrong here because Mybloglog is supposed to track every links you click. It may need a special processing in order to track the clicked links from Adsense or Yahoo Ads.

    Reply
  11. feralcat - February 24, 2007 at 4:18 pm

    The *only* reason I use MyBlogLog is because I want to track my external clicks, including Adsense clicks.

    I really don’t give a damn about their stupid “blog communities” which are completely worthless to me.

    The day MBL stops offering exernal click stats is the day I stop using their service.

    Reply
  12. feedbuzzard - February 24, 2007 at 2:48 pm

    Yeah, I’m done with MBL. Deleted everything, and removed scripts.

    You have to be careful.

    Reply
  13. Steven Wong - February 24, 2007 at 10:51 am

    It is not surprise that MBL did track on external link, it even shows the adsense click from my site. Although it is not a details data, I guess this data will send back to their site as well. I have experience to see some of the adsense click.

    Reply
  14. Doug Karr - February 24, 2007 at 9:19 am

    Om… it’s called a FEATURE. You really have it out for these guys, huh?

    Reply
  15. Gangreen - February 24, 2007 at 9:01 am

    That’s very very foulplay.

    Reply
  16. scurry - February 24, 2007 at 3:09 am

    Haha… yes because they lost your little piece of the internet, the whole 10 million is going down the tubes. Don’t be a tard, they’ll still get great data out of this and any company including google would do the same.

    You can take off your tinfoil hat now.

    Reply
  17. Bulbboy - February 23, 2007 at 8:48 pm

    If the SEM business doesn’t pan out Shoe, you could always open a PI biz. :)

    Reply
  18. Bulbboy - February 23, 2007 at 8:46 pm

    That “generally” part is oh so reassuring. =P “Never”, would be even better.

    Reply
  19. Thien - February 23, 2007 at 8:45 pm

    I recently installed MBL on my site but have taken it down since reading this post. Eh.

    Reply
  20. jeba - February 23, 2007 at 8:39 pm

    Phew!!!

    Reply
  21. Media-Man - February 23, 2007 at 7:59 pm

    This is why I use Ad Muncher.

    It blocks all regular ads as well as the hidden stuff.

    http://www.admuncher.com/

    boo! yahoo boo!

    Reply
  22. Alex Moskalyuk - February 23, 2007 at 7:12 pm

    Hmm, if they track *every* click, why would they exclude ad clicks? Also, I’ve compared the MBL click data and AdSense click reports, and MBL is generally missing ad clicks by an order of magnitude, so if there’s anything malicious that could be done with MBL logs, they would probably tweak the click-counting techniques first.

    Reply
  23. Zaid - February 23, 2007 at 6:53 pm

    This may end up being the final blow leading to MLB’s demise.

    Very unethical stuff, Yahoo.

    -Zaid

    Reply
  24. Tom - February 23, 2007 at 6:52 pm

    This is a pretty common practice. I can think of half a dozen sites off the top of my head that do this, and any competent developer with a few hours on their hands can pull it off. This is a blatant example of making a mountain out of an ant hill.

    Reply
  25. JeffPosaka - February 23, 2007 at 6:49 pm

    Thank you for the heads up.

    Reply
  26. droo - February 23, 2007 at 6:35 pm

    it seems like there is a “Holy war” going on with Shoemoney and MyBlogLog… what a way to fill up a blog… geeezzz

    Reply
  27. Diorex - February 23, 2007 at 6:15 pm

    10 million down the tubes….

    I took it down from my site even before this, because I saw absolutely zero value other than the novelty.

    Reply
  28. Matthew Berman - February 23, 2007 at 6:04 pm

    wow thats super shady yahoo…and i was rooting for you to beat google too…

    Reply
  29. More M - February 23, 2007 at 6:04 pm

    I did not post my url because I don’t want to get banned but I have used YPN and mybloglog. It clearly shows clicks on my YPN ads that YPN never pays me for.

    Sounds to me like they are getting themselves in trouble.

    Reply
  30. DingBat - February 23, 2007 at 5:42 pm

    Dude, you are being lame. Of course they track this data, it’s one of the selling points of the Pro version. By tracking all your click data, when you do sign up they have all the interesting historic data for you to analyze.

    Sour grapes on your part.

    Reply
  31. Jeremy Steele - February 23, 2007 at 5:41 pm

    *waits 10 minutes for MyBlogLog representative to say “Ohhh we don’t track those, nope, your doing something wrong”*

    Taking widget off my blog as I type this.

    Reply
  32. Matt Coddington - February 23, 2007 at 5:31 pm

    But it was still “publicly” displayed. Everyone gets a trial MBL Pro account and can see that the Adsense is tracked. I don’t get what the dealio is.

    Reply
  33. Paul Short - February 23, 2007 at 5:22 pm

    Dude, I’m SO glad I didn’t sign up for MBL.

    Reply
  34. John - February 23, 2007 at 4:54 pm

    I just joined MyBlogLog a few days ago so I still have the free “MyBlogLog Pro”

    They aren’t “hiding” it by any means. They show it pretty plainly. I can see “Google AdSense,” the Size of the ad and what time someone clicked on it.

    Of couse I can track things like that on my own w/o their help. So I won’t be paying for the “Pro”

    Just wanted you to be aware that they aren’t trying to be sneaky and hiding the data from people. (IMHO)

    Reply
  35. Matt Coddington - February 23, 2007 at 4:52 pm

    Here is a screenshot of MyBlogLog Pro showing my Adsense clicks in the outgoing link tracker:
    http://www.netbusinessblog.com/pics/mybloglog_ads.gif

    Maybe this is why they’re tracking ad clicks – to display it in MyBlogLog Pro’s stats? Like I said, I could be way off base. Most of your post was over my head anyway.

    Reply
  36. Ali - February 23, 2007 at 4:46 pm

    What the hell! I think I’m taking off the “widget” now!

    Reply
  37. Matt Coddington - February 23, 2007 at 4:41 pm

    I’m not a very tech-savvy guy, but last I checked MyBlogLog Pro showed my Adsense clicks. You can even filter your outgoing links clicked by “Ads”. Did I miss something or are you talking about something else altogether?

    Reply
  38. morgan thomas - February 23, 2007 at 4:38 pm

    Jeremy, wow, just wow man. Good job, I wonder if this was added before or after the sale of the company. It would be interesting to find out.

    Reply
  39. Doyle - February 23, 2007 at 4:31 pm

    Guess that turns it in to one of the best $10m investments Yahoo could have made.

    Reply
Trackbacks url:

By commenting on this post you agree to the comment policy

Leave a Comment...