Is MyBlogLog spyware?

February 27, 2007 | Leave a comment

There’s been a flurry of activity over the last few days over MyBlogLog, and specifically, whether it secretly tracks advertising clicks. Now owned by Yahoo, the allegation is that the tool is being covertly used to optimise their contextual search product against Google’s Adsense (which we run on the sidebars here on Elgg.net). Techcrunch called this the Yahoo Publisher Network’s Trojan horse, and with good reason: at the time of acquisition, MyBlogLog was on at least 40,000 pages. If it was reporting user activity back to Yahoo for each of those, that’s a very good representative sample to use in refining their product. As a result, the comments at the bottom of the Techcrunch post were full of people wanting to switch networks.

MyBlogLog responded as follows: they don’t secretly track advertising clicks. It’s part of their product.

Because MyBlogLog is largely marketing itself as a widget you slap on your site to see who’s visiting, this seems a little disingenuous. In fact, had it been a desktop application, it would probably have been deemed spyware, which is defined as follows:

Any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. …

MyBlogLog is a free widget, which comes with a monitoring payload that most users aren’t aware of. It sounds like it fits the definition pretty well, but Internet applications have so far gotten off scot free – because they don’t install themselves into your system, and because web browsers mostly have a hefty wall between those applications and your desktop machine, most web application privacy issues are to do with phishing scams and cross-site scripting attacks.

However, as more and more of our applications work begins to take place on the Internet, this model begins to fall over. We need to take care about what we put on our websites and mash up with our applications – it’s not all benign. There’s big money involved, and when you look at the web 2.0 world in a particular way, it begins to look like a confidence scam designed to make you part with your personal details and be pleased for the privilege. There is a quiet revolution happening in computing, and these ideas are genuinely changing the way we do things for the better. But there are billions of dollars involved, and plenty of hands reaching for a piece of the pie – not everyone can be trusted, and we need to start choosing our web applications with the same scrutiny we use for our desktop ones.

(NB: Because it’s inevitably going to be mentioned, I’m not calling this up because of Explode. The two applications have different purposes, and we don’t consider MyBlogLog a competitor. If you have any concerns about our script itself and what it might be doing, check out our code – it just displays some HTML, and doesn’t perform any click tracking at all.)

Most Commented Posts

0 Comments

No comments yet.

Leave a comment