Feb 23 2007
ddn

MyBlogLog Tracks Your Visitors Ad Clicks

By ddn 74 comments »

I know we said we’d never mention MyBlogLog again, but that was before this discovery.

Maybe all the recent MBL exploits recently didn’t bother you. Maybe they seemed trivial. I don’t think people should feel the same way about this one. This isn’t even an exploit, but something that MBL is actively doing with their blog widget. If you’re not interested in the long technical version, skip to the bottom.

The first thing that happens when the browser loads the MyBlogLog javascript is the loading of another javascript file.

document.write(’scr+ipt language=”javascript” src=”http://track3.mybloglog.com/js/jsserv.php?mblID=2006112922074849″>

I started looking at this code, and I noticed something odd. Why were the urls to google adsense and YPN servers in the code? This is the piece that caught my attention. Notice that it’s ripped from a Mint plug-in that tracks ad click stats.

//start IFrame ad tracking
//from http://www.digitalmediaminute.com/article/1715/adsense-click-pepper
var m_px=0,m_py=0,m_as_frms=new Array(),is_ie=document.all?true:false;
function m_as_init() {
var ad=document.getElementsByTagName(’iframe’);
for(var i=0;i if(ad[i].src.indexOf(’googlesyndication.com’)>-1){
m_as_frms[m_as_frms.length]=new Array(ad[i], ‘http://pagead2.googlesyndication.com’, ‘Google AdSense’);
if(is_ie){ad[i].onfocus=m_trk_as;}
} else if(ad[i].src.indexOf(’ypn-js.overture.com’) > -1) {
m_as_frms[m_as_frms.length]=new Array(ad[i], ‘http://ypn-js.overture.com’, ‘Yahoo! Publisher Network’);
if(is_ie){ad[i].onfocus=m_trk_as;}
} else {}
}

Upon further investigation, it looked like the MBL was tracking clicks and reporting them back. But this couldn’t be possible. So I made a test page. On it, I placed the MBL widget, an adsense block, and a link.

I loaded up the page, turned ieHTTPHeaders on, and clicked my external link. This is what I found at the top of my header log:

GET /tr/urltrk.php?t=2&u=http%3A//www.alnk.org/mybloglogsucks&
te=will%20mybloglog%20track%20this%20link%3F&i=2006090110210818
&now=1172264766637&d=20070223
&db=&v=N2007022315034055 HTTP/1.1
Accept: */*
Referer: http://www.dellanave.com/test.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
 5.1; SV1; .NET CLR 1.1.4322; Alexa Toolbar)
Host: track2.mybloglog.com

OK, so they’re tracking external links. Well this kinda makes sense, as they try to build a picture of who is browsing who’s communities. What about if I click the adsense ad though?

GET /tr/urltrk.php?t=2&u=http%3A//pagead2.googlesyndication.com
%23160x600&
te=Google%20AdSense%20%28160x600%29&i=2006090110210818&
now=1172264934262
&d=20070223&db=&v=N2007022315034055 HTTP/1.1
Accept: */*
Referer: http://www.dellanave.com/test.php

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
 5.1; SV1; .NET CLR 1.1.4322; Alexa Toolbar)
Host: track2.mybloglog.com

The bottom line is that MyBlogLog is tracking AdSense and YPN clicks too. (Update: They do show you ads clicks in MBL Pro. Not having Pro does NOT stop the tracking from loading.) Who else gets this data? I don’t know about you, but I’d rather keep my ad click stats to myself. So in your own word Eric, “On what planet is that not a bannable offense?”.

There’s more as always, but I think this is enough for one day (or year). I think I’ve assured I’ll never be hired by Yahoo!

Here’s a link to the javascript for when they pull it or change it:

MyBlogLog Tracking Javascript

MyBlogLog Ad Tracking Video

  1. Doyle said on February 23rd, 2007 at 4:31 pm

    Guess that turns it in to one of the best $10m investments Yahoo could have made.

    [Reply]
  2. morgan thomas said on February 23rd, 2007 at 4:38 pm

    Jeremy, wow, just wow man. Good job, I wonder if this was added before or after the sale of the company. It would be interesting to find out.

    [Reply]
  3. Matt Coddington said on February 23rd, 2007 at 4:41 pm

    I’m not a very tech-savvy guy, but last I checked MyBlogLog Pro showed my Adsense clicks. You can even filter your outgoing links clicked by “Ads”. Did I miss something or are you talking about something else altogether?

    [Reply]
  4. Ali said on February 23rd, 2007 at 4:46 pm

    What the hell! I think I’m taking off the “widget” now!

    [Reply]
  5. Matt Coddington said on February 23rd, 2007 at 4:52 pm

    Here is a screenshot of MyBlogLog Pro showing my Adsense clicks in the outgoing link tracker:
    http://www.netbusinessblog.com/pics/mybloglog_ads.gif

    Maybe this is why they’re tracking ad clicks - to display it in MyBlogLog Pro’s stats? Like I said, I could be way off base. Most of your post was over my head anyway.

    [Reply]
  6. John said on February 23rd, 2007 at 4:54 pm

    I just joined MyBlogLog a few days ago so I still have the free “MyBlogLog Pro”

    They aren’t “hiding” it by any means. They show it pretty plainly. I can see “Google AdSense,” the Size of the ad and what time someone clicked on it.

    Of couse I can track things like that on my own w/o their help. So I won’t be paying for the “Pro”

    Just wanted you to be aware that they aren’t trying to be sneaky and hiding the data from people. (IMHO)

    [Reply]
  7. Paul Short said on February 23rd, 2007 at 5:22 pm

    Dude, I’m SO glad I didn’t sign up for MBL.

    [Reply]
  8. Matt Coddington said on February 23rd, 2007 at 5:31 pm

    But it was still “publicly” displayed. Everyone gets a trial MBL Pro account and can see that the Adsense is tracked. I don’t get what the dealio is.

    [Reply]
  9. Jeremy Steele said on February 23rd, 2007 at 5:41 pm

    *waits 10 minutes for MyBlogLog representative to say “Ohhh we don’t track those, nope, your doing something wrong”*

    Taking widget off my blog as I type this.

    [Reply]
  10. DingBat said on February 23rd, 2007 at 5:42 pm

    Dude, you are being lame. Of course they track this data, it’s one of the selling points of the Pro version. By tracking all your click data, when you do sign up they have all the interesting historic data for you to analyze.

    Sour grapes on your part.

    [Reply]
  11. More M said on February 23rd, 2007 at 6:04 pm

    I did not post my url because I don’t want to get banned but I have used YPN and mybloglog. It clearly shows clicks on my YPN ads that YPN never pays me for.

    Sounds to me like they are getting themselves in trouble.

    [Reply]
  12. Matthew Berman said on February 23rd, 2007 at 6:04 pm

    wow thats super shady yahoo…and i was rooting for you to beat google too…

    [Reply]
  13. Diorex said on February 23rd, 2007 at 6:15 pm

    10 million down the tubes….

    I took it down from my site even before this, because I saw absolutely zero value other than the novelty.

    [Reply]
  14. droo said on February 23rd, 2007 at 6:35 pm

    it seems like there is a “Holy war” going on with Shoemoney and MyBlogLog… what a way to fill up a blog… geeezzz

    [Reply]
  15. JeffPosaka said on February 23rd, 2007 at 6:49 pm

    Thank you for the heads up.

    [Reply]
  16. Tom said on February 23rd, 2007 at 6:52 pm

    This is a pretty common practice. I can think of half a dozen sites off the top of my head that do this, and any competent developer with a few hours on their hands can pull it off. This is a blatant example of making a mountain out of an ant hill.

    [Reply]
  17. Zaid said on February 23rd, 2007 at 6:53 pm

    This may end up being the final blow leading to MLB’s demise.

    Very unethical stuff, Yahoo.

    -Zaid

    [Reply]
  18. Alex Moskalyuk said on February 23rd, 2007 at 7:12 pm

    Hmm, if they track *every* click, why would they exclude ad clicks? Also, I’ve compared the MBL click data and AdSense click reports, and MBL is generally missing ad clicks by an order of magnitude, so if there’s anything malicious that could be done with MBL logs, they would probably tweak the click-counting techniques first.

    [Reply]
  19. Media-Man said on February 23rd, 2007 at 7:59 pm

    This is why I use Ad Muncher.

    It blocks all regular ads as well as the hidden stuff.

    http://www.admuncher.com/

    boo! yahoo boo!

    [Reply]
  20. jeba said on February 23rd, 2007 at 8:39 pm

    Phew!!!

    [Reply]
  21. Thien said on February 23rd, 2007 at 8:45 pm

    I recently installed MBL on my site but have taken it down since reading this post. Eh.

    [Reply]
  22. Bulbboy said on February 23rd, 2007 at 8:46 pm

    That “generally” part is oh so reassuring. =P “Never”, would be even better.

    [Reply]
  23. Bulbboy said on February 23rd, 2007 at 8:48 pm

    If the SEM business doesn’t pan out Shoe, you could always open a PI biz. :)

    [Reply]
  24. scurry said on February 24th, 2007 at 3:09 am

    Haha… yes because they lost your little piece of the internet, the whole 10 million is going down the tubes. Don’t be a tard, they’ll still get great data out of this and any company including google would do the same.

    You can take off your tinfoil hat now.

    [Reply]
  25. Gangreen said on February 24th, 2007 at 9:01 am

    That’s very very foulplay.

    [Reply]
  26. Doug Karr said on February 24th, 2007 at 9:19 am

    Om… it’s called a FEATURE. You really have it out for these guys, huh?

    [Reply]
  27. Steven Wong said on February 24th, 2007 at 10:51 am

    It is not surprise that MBL did track on external link, it even shows the adsense click from my site. Although it is not a details data, I guess this data will send back to their site as well. I have experience to see some of the adsense click.

    [Reply]
  28. feedbuzzard said on February 24th, 2007 at 2:48 pm

    Yeah, I’m done with MBL. Deleted everything, and removed scripts.

    You have to be careful.

    [Reply]
  29. feralcat said on February 24th, 2007 at 4:18 pm

    The *only* reason I use MyBlogLog is because I want to track my external clicks, including Adsense clicks.

    I really don’t give a damn about their stupid “blog communities” which are completely worthless to me.

    The day MBL stops offering exernal click stats is the day I stop using their service.

    [Reply]
  30. Matthew Chen said on February 24th, 2007 at 9:07 pm

    I don’t think anything wrong here because Mybloglog is supposed to track every links you click. It may need a special processing in order to track the clicked links from Adsense or Yahoo Ads.

    [Reply]
  31. Marko said on February 25th, 2007 at 2:59 pm

    MyBlogLog seems to be digging its self in a deeper and deeper hole…

    [Reply]
  32. derrich said on February 26th, 2007 at 1:35 pm

    I’m getting data from Ad clicks, but they don’t agree with the affiliate marketing stats. For instance (just using easy numbers), my AdSense impressions reports shows 10, but my MBL stats show it was clicked 20 times. What gives?

    [Reply]
  33. web a serio said on February 26th, 2007 at 2:10 pm

    It’s just me or does this count as a violation on the Adsense Policy, as it allow MyBlogLog to know click-through rates, that by 7(b) from the Terms and Conditions we all agree on joining adsense is disclosurable?

    With this don’t all the MyBlogLog users that are using the widget are putting themselves in a vulnerable position to become “terminated” by Google?

    themage.

    [Reply]
  34. Ferrarislave said on February 26th, 2007 at 10:46 pm

    Myblog has been x-ray’d by Shoemoney! LOL Found all the secrity bugs, found all their tracking code, found everthing.

    [Reply]
  35. Gary said on February 27th, 2007 at 11:30 am

    i’m not sure what i’m thinking right now . . . do I want to keep my bloglog or not . . . part of me says why they hell now since i have no traffic from my ads, so yahoo can do anything they want . . . but in the future, they’re going to know too much about the site and can manipulate ad pricing . . or something like that

    [Reply]
  36. derrik said on February 27th, 2007 at 3:01 pm

    is this worth doin?

    [Reply]
  37. Scot Duke said on March 3rd, 2007 at 12:02 pm

    I have found that MBL is really starting to do stupid stuff to get members on their free side to go to the Pro side. Stuff like not allowing but one update of a screenshot of your community. givemeafrigginbreak.com. What if you have a better one produced? You have to pay $25 to get it updated?

    [Reply]
  38. jo said on September 10th, 2007 at 4:20 am

    I would like to get the code of the widget of mybloglog can you tell me how you email me it please?

    [Reply]
  39. MyBlogLog Ad Click Tracking » Net Business Blog said on February 23rd, 2007 at 5:05 pm

    [...] this private information to third parties. If you want to read his technical analysis you can visit his post or see this [...]

  40. Bye Bye My Blog Log and Thanks For the Heads Up Shoemoney said on February 23rd, 2007 at 5:12 pm

    [...] here is the train as it stands: Shoemoney > Marketing Pilgrim > Wolf Howl > First Page Fitness > [...]

  41. dillsmack said on February 23rd, 2007 at 5:13 pm

    Indeed, it looks like MBL Pro shows clicks. Are you comfortable with Yahoo owning that data?

    [Reply]
  42. Removing MyBlogLog said on February 23rd, 2007 at 5:16 pm

    [...] MyBlogLog tracks Ad Clicks  [...]

  43. - Paul Wolbers - » Blog Archive » Yahoo Tracking Your Google AdSense Data & MORE? said on February 23rd, 2007 at 6:23 pm

    [...] Maybe they seemed trivial. I don’t think people should feel the same way about this one.” read more Shizzalize [...]

  44. The Voyager - » Yahoo Tracking Your Google AdSense Data & More said on February 23rd, 2007 at 6:25 pm

    [...] much for a widget. Turns out they are using it to track Adsense data to get a edge. (video included)read more | digg story Share and Enjoy:These icons link to social bookmarking sites where readers can share [...]

  45. MyBlogLog and YPN Problems said on February 23rd, 2007 at 6:28 pm

    [...] Shoemoney today blogged on MyBlogLog tracking but really this is old news to those of us who have been using it. The real question is the clicks that YPN is not paying for and now they have confirmed it themselves through MyBlogLog. Netbusiness as well as this and this has picked it up also. [...]

  46. MyBlogLog = Tracking Google Ad Clicks? » Webomatica said on February 23rd, 2007 at 6:31 pm

    [...] problems, noted blogger Shoemoney noticed some “hacks” and got banned. Now he’s done a little more digging and noted that because MyBlogLog tracks what links your blog’s users click on, that means [...]

  47. ShoeMoney said on February 23rd, 2007 at 6:55 pm

    lol holywar =P I did not even write this story ddn did ;)

    [Reply]
  48. dillsmack said on February 23rd, 2007 at 7:03 pm

    Gathering the data is acceptable. What they do with it from there is what could be incredibly unethical.

    This privacy policy wouldn’t make my feel good about it: “Generally, MyBlogLog does not share personal information about you with other people or nonaffiliated companies without your consent except to provide products or services you’ve requested and in the following circumstances”

    [Reply]
  49. dillsmack said on February 23rd, 2007 at 7:04 pm

    How many of those are owned by the 2nd biggest contextual ad publisher?

    And what does how long it takes to implement have to do with it? I could do it in 15 minutes, does that make me a super star?

    [Reply]
  50. Mizzouse.com » Yahoo Tracks Google AdSense Data Via MyBlogLog Widget said on February 23rd, 2007 at 9:38 pm

    [...] Yahoo may not care at this point, with Google AdSense clearly dominating the online revenue market.read more | digg story Bookmark: These icons link to social bookmarking sites where readers can share and [...]

  51. Links Dump 24 Feb 2007 - Reaper-X .:[ ID ]:. said on February 23rd, 2007 at 10:00 pm

    [...] MyBlogLog tracks your visitors Ad Clicks even if you’re not using their pro features – via Shoemoney [...]

  52. Yahoo Tracking Your Google AdSense Data & MORE « News Coctail said on February 23rd, 2007 at 11:14 pm

    [...] Your Google AdSense Data & MORE Filed under: Uncategorized — recar @ 5:17 am Yahoo Tracking Your Google AdSense Data & MORE Yahoo has a widget called MyBlogLog which (they recently purchased for 10 million dollars). People [...]

  53. Yahoo! Tracks Google Adsense Clicks » SELaplana said on February 24th, 2007 at 1:15 am

    [...] more details on how MyBlogLog tracks Adsense Ad clicks, visit Schoe’s blog. Tags: Yahoo!, Google, Adsense, MyBlogLog var container_id = “tsoh_container”; var [...]

  54. Removing MyBlogLog Widget From My Blog said on February 24th, 2007 at 1:24 am

    [...] first post I read, MyBlogLog Tracks Your Visitors Ad Clicks, Shoemoney showed that the MyBlogLog javascript specifically called out Adsense and YPN clicks.  [...]

  55. MyBlogLog Tracks Ad Clicks: Does This Matter? » The Real Ryan J. Parker said on February 24th, 2007 at 7:28 am

    [...] MyBlogLog has come under fire during recent weeks due to numerous hacks and exploits found with their software, and now another issue is being raised by popular blogger ShoeMoney in regards to MyBlogLog tracking ad clicks. [...]

  56. Yahoo! nutzt MyBlogLog um AdSense auszuspionieren? - Adult Webmaster Blog said on February 24th, 2007 at 11:21 am

    [...] genaue Beschreibung wie MyBlogLog die Klicks auf AdSense- und Overture-Anzeigen trackt, gibt es bei ShoeMoney. Ich finde das schon ein bischen erschreckend. Jetzt macht der Zukauf aber wenigstens Sinn. Warum [...]

  57. Yahoo Publisher Network’s Trojan Horse said on February 25th, 2007 at 12:50 pm

    [...] so that publishers wouldn’t have to touch a thing. Coincidentally, MyBlogLog (Yahoo) is also tracking information on Google AdSense — how many clicks Google AdSense ads are receiving (on webpages [...]

  58. Blog Mirrors » Yahoo Publisher Network’s Trojan Horse said on February 25th, 2007 at 1:41 pm

    [...] so that publishers wouldn’t have to touch a thing. Coincidentally, MyBlogLog (Yahoo) is also tracking information on Google AdSense — how many clicks Google AdSense ads are receiving (on webpages [...]

  59. MyBlogLog è il cavallo di troia per Yahoo! ? said on February 25th, 2007 at 5:18 pm

    [...] a parlarne perché su ShoeMonkey è stato sollevato un grosso interrogativo sui dati che raccoglie questo widget: oltre al traffico [...]

  60. » MyBlogLog viola os termos do Adsense »» Blog da Maysa said on February 26th, 2007 at 9:03 am

    [...] algumas leituras para fazer este post, encontrei aqui, onde Jeremy Shoemaker (veja sua foto com um cheque de mais de 132 mil dólares do Adsense) detalha [...]

  61. My Satellite Tracking Blog » MyBlogLog, Shoemoney and John Chow said on February 26th, 2007 at 9:18 am

    [...] After showing my friend the picture of Jeremy holding that big check, the next thing to do was to show him Jeremy’s Shoemoney blog. That was the time I found this posting on MyBlogLog. [...]

  62. wildbluffmedia said on February 26th, 2007 at 9:53 am

    I signed up for a mybloglog account, but now I think maybe I shouldn’t have. What action does the user take to let them put their hooks in like that?

    [Reply]
  63. Specks said on February 26th, 2007 at 11:55 am

    Another reason not to put MyBlogLog on any of my blogs. My Adsense stats belong to me. I don’t want them knowing my business.

    [Reply]
  64. Specks said on February 26th, 2007 at 12:02 pm

    Simply having the code to place their widget on your page will allow them to do this. As far as I’m concerned its a security flaw that you can drive a freight ship through. I’m wondering what kind of exploit a person could create if they going the trust of the public and everyone places that widget on their page? Foreign code shouldn’t be able to do that since it didn’t come from the place of origin that the page came from.

    [Reply]
  65. Will Using MyBlogLog get you banned from Adsense? - JohnTP.com said on February 27th, 2007 at 12:58 am

    [...] Using MyBlogLog get you banned from Adsense? I first read it over at 901am and then at ShoeMoney that MyBlogLog tracks our visitors Ad clicks Are you using Adsense and MyBlogLog together? [...]

  66. MyBlogLog trackea los clicks en tus anuncios | Denken Über said on February 27th, 2007 at 10:24 am

    [...] mucho tener mi perfil asociado a mi “paseo” por toda la blogosfera. Y viendo un reporte de que MyBlogLog podría estar siguiendo y guardando los datos de clicks en publicidad me pone un poco más [...]

  67. Yahoo Publisher Network’s Trojan Horse said on March 1st, 2007 at 8:46 am

    [...] so that publishers wouldn’t have to touch a thing. Coincidentally, MyBlogLog (Yahoo) is also tracking information on Google AdSense — how many clicks Google AdSense ads are receiving (on webpages [...]

  68. Seo Home blog » Blog Archive » MyBlogLog going to get you banned from Adsense/ypn? said on March 5th, 2007 at 8:26 am

    [...] More info here to [...]

  69. MyBlogLog tracking AdSense & YPN ad clicks on your site | Internet Marketing & SEO said on March 15th, 2007 at 12:33 pm

    [...] For all the nitty gritty, including all the technical evidence that backs it up can be found here. [...]

  70. MyBlogLog tracking ad clicks: Isn’t this illegal? at fo.unta.in said on April 25th, 2007 at 11:25 pm

    [...] Here is some shocking information: you put a MyBlogLog widget on your page, and it reports back ALL ad clicks on your page to its server. In summary, MyBlogLog is tracking AdSense and YPN clicks too. So Yahoo knows the clickthrough rates of your ads. The details are at shoemoney. [...]

  71. » MyBlogLog, tracking et Yahoo! - ocarbone.free.fr - membre de la communauté Talend said on May 23rd, 2007 at 9:48 pm

    [...] des publicités Google AdSenses et les siennes. Besoin d’infos techniques ? Cliquez ici [...]

  72. O’Flaherty - » Deathmatch Kirkpatrick VS Cochrane said on May 24th, 2007 at 3:37 am

    [...] it’s well know that the MBL widget tracks a lot of what users do on your site. Some folks have gone as far as to say that real reason Yahoo purchased MyBlogLog [...]

  73. All The Breaking MyBlogLog News (That Isn’t) at Henricus said on January 31st, 2008 at 11:02 am

    [...] revealed today (for the last time! really) that MyBlogLog tracks Adsense and YPN ads. Soon after, Jensense [...]

  74. MyBlogLog, tracking and Yahoo! - [ Blog ocarbone.free.fr ] said on May 11th, 2008 at 10:55 am

    [...] MyBlogLog allows you to consult the statistics of access for your blog, that is it keeps trace of your visitors, their clicks… in particular regarding clicks on advertising. The information happens to be very interesting for Yahoo as they can compare the use of Google AdSenses’ advertising with theirs. Technical advice about it? Click here! [...]

What do you think? Join the discussion...

How do I change my avatar?

Go to gravatar.com and upload your preferred avatar.