Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Blocks Links from LiveJournal

Posted by ryuzaki0 on from the clue-not-found dept.

Evan Martin writes "LiveJournal.com is an open-source weblog site with over a million users, some of whom use AOL. Last week, AOL began blocking all HTTP requests with "www.livejournal.com" Referer headers. This is a common practice by image hosting sites to prevent off-site linking of their images and 'bandwidth theft'. However, in AOL's case, they're blocking everything, not just images, effectively breaking all links to any AOL member's site--but only from LiveJournal. To be clear: nobody on LiveJournal can even make a link to any AOL member site without getting a '404 Not Found' error. We've also heard reports of the same thing happening on AOL properties (Netscape, Compuserve). This concerns us because we have to deal with the support requests: it worked in the past for our users, and it continues to work for other sites, so our users think it's our fault."

Martin continues: "We've tried to contact AOL three different ways, all without success. We've also told our users to contact their tech support. At one point, an AOL staffer pointed out that FTP access still worked (which is probably because FTP has no "Referrer" concept), and so, as an interim fix, we're rewriting all HTTP URLs to use FTP on the AOL properties where that works instead. This means that users can again host their images on the AOL webspace they're paying for, but more importantly, it means they can simply link to their webpage.

We wouldn't be so upset if they were simply blocking images. Bandwidth use is a valid concern, after all, and we even provide step-by-step instructions for people to configure their webservers to prevent image "theft". However, because they're blocking all access, including regular links, this looks like it's either a mistake, or something more insidious (the conspiracy theorists have pointed out that AOL has just launched their own competing weblog product, also based on "journals").

Although CI Host sued AOL recently for being blocked, we really don't want to do that. We still suspect that this was all just a mistake, and hopefully, by making this public, we'll manage to get their attention, since all our previous attempts have failed."

16 of 396 comments (clear)

  1. Will this be what kills the referer header? by Anonymous Coward · · Score: 5, Insightful

    It's optional, so browsers don't need to send it. Mozilla/Firebird/etc (and Opera) can be easily modified to not send one, and the Google Toolbar could probably support blocking them, too (since IE isn't being updated). AOL is a big enough presence that this could have a significant impact on peoples' browsing.

  2. Re:F12 by Nasarius · · Score: 5, Informative

    Gotta love Opera :)

    --
    LOAD "SIG",8,1
  3. AOL and Blogs by zangdesign · · Score: 5, Insightful

    Actually, you may want to investigate whether or not AOL has gone live with their blog offering ( article here). If so, it may be viewed as an intentional act.

    --
    To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
  4. Well played... by tempest303 · · Score: 5, Insightful

    This is a really level-headed, well played move on LJ's part - primarily because they're following the universal principle of assuming stupidity before malice. ;)

    --
    The Free desktop that Just Works
  5. Sorta related by Tyler+Eaves · · Score: 5, Interesting

    Any else noticed that members.aol.com is sending an invalid content-type header?

    I've seen iso8859 and text/iso8859-html, neither of which Firebird likes...

    --
    TODO: Something witty here...
  6. Why is it... by pongo000 · · Score: 5, Insightful

    ...that people bend over backwards to accomodate companies with draconian policies like AOL? If I were running an ISP, the loss of a few customers because they suddenly discovered they could no longer send e-mail to AOL customers through no fault of my own would most likely be offset by new customers who understand that the earth does not revolve around AOL. So they're blocking incoming HTTP traffic based on referrer? Are there not more pressing problems to attend to rather than trying to please the AOL gods?

    I'm not saying AOL is in the right. I'm simply saying that AOL (and companies like them) should be made to lie in the bed they make for themselves. Only when AOL customers start to be inconvenienced by AOL's own policies (rather than third parties patching together "workarounds" in a misguided attempt to protect the integrity of AOL) will they realize what AOL is up to...

  7. Wait a minute by s20451 · · Score: 5, Interesting

    Anytime there's an article that whines about deep linking, a few dozen people post replies saying that the company could use the referer header to block all such requests. Now that a company is actually doing it, it's suddenly a bad idea. Which is it -- good technical solution or bad censorship?

    I should also point out that some sites automatically block slashdot.org referers as a matter of self protection.

    --
    Toronto-area transit rider? Rate your ride.
    1. Re:Wait a minute by isorox · · Score: 5, Insightful

      My Libertarian side says AOL are free to do whatever the hell they want, it's their server. If you ask the AOL server for a page and it send you the goatse man, thats fine, thats their right. Vote with your wallet and dont buy their service.

      My more centrist side says this could be abusing a monopoly (or at least dominant position), OK they dont have a microsoft style monopoly, but they do have the monopoly over Joe Stupid.

      My cynical side says who gives a flying fuck

    2. Re:Wait a minute by danielsfca2 · · Score: 5, Insightful
      Deep linking seems to be a totally different issue here. Your average AOL user who wants to place a link on their LiveJournal to "members.aol.com/aoluser" would derive little value from a link to "www.aol.com" or even "members.aol.com"!

      This is webspace that AOL gives its users as part of their paid service. When you pay for webspace, the general idea is that it supports these things called hyperlinks. It stands to reason that you or anyone else should be allowed to link to your website from any other website. Any deviation from this traditional behavior should be documented in their terms of service, and is very shortsighted and/or stupid, as it threatens the very nature of the WWW, much like restrictions/penalties on linking to sites that are deemed undesirable.

  8. And AOL wonders why..... by HutchGeek · · Score: 5, Interesting
    Seriously - they wonder why they get such a bad rap from the internet community at large. Most likey what has happend is that "Upper Management" made the decision to do it for some reason (although the journal conspiracy sounds quite probable), and they did't bother to ask the "real staff" what kind of an impact it would have. Now, once again, they've managed to piss a whole lot of people off. Makes you wonder what else they've blocked (censored) that thier users don't know about. I've heard rumblings on NANOG that they are trying to whitelist thier email too. There's a bright idea - a customer base the size AOL has, and their gonna whitelist mailservers. and my cutsomers wonder why I get ready to slap them when they suggest using AOL for a provider.

  9. Quick fix for HREFs viewed by MSIE by inertia187 · · Score: 5, Informative
    That's wrong of AOL, but if you're a LiveJournal user in a bind and really want to fix the links (but nothing else) fast, here's a JavaScript that you can load in all of your pages. You just need to load it once, and the page will work.

    Unfortunately, this trick really only works with MSIE. But it's better than nothing.
    <script language="javascript" type="text/javascript" src="http://www.martin-studio.com/js_tools/strip_r eferrer.js"></script>
    The above should all be on one line. Check for extra white space where the line feed got placed by Slashdot's bug (thanks alot).

    It should be strip_referrer.js with no space. Why does Slashdot do that??
    --
    A programmer is a machine for converting coffee into code.
  10. Bounce through a third party! by Anonymous Coward · · Score: 5, Informative

    A lot of websites let you bounce to other sites. Here are some demonstations

    Debian link to aol.com
    Yahoo link to aol.com
    Google link to aol.com
    Goatse link (yes, its true, goatse is useful!) to aol.com

    Hopefully, unless AOL wants to block the internet off, people will get around, and we can always set up p2p based redirection system (ala freenet). To get trough.

  11. They Might Be Giants by Paradise+Pete · · Score: 5, Funny
    My Libertarian side says...
    My more centrist side says...
    My cynical side says...

    Hey look! It's Triangle Man!

  12. I, for one... by Anonymous Coward · · Score: 5, Funny

    ...welcome our new AOL overlords.

    I'm getting a ritual circumcision as required by AOL CEO Levin as we speakKKKKALRRRRRRRRRRRRRRRRRRRRR.

  13. Re:Killing referers kills EVERYTHING by Anonymous Coward · · Score: 5, Informative

    Then you are dickheads, plain and simple. The HTTP 1.1 RFC explicitly states that users should be able to turn off the Referer header. There are plenty of reasons for doing so. Furthermore, you aren't even using the right status code. It's 401 Unauthorized when you want to deny access, 404 means the content is missing (which it clearly isn't).

    There _is_ a fairly safe way of doing what you are after - let through empty strings and strings with spaces in. This lets through legitimate users who either disable the referer header, or have it set to "blocked by Norton" or whatever, whilst still stopping anyone from usefully using your bandwidth (since most of their visitors will still be providing the referer header).

  14. A simpler, browser independent solution by Anonymous Coward · · Score: 5, Informative

    I don't have a problem with <obligatoryDerisiveness> AOhelL </obligatoryDerisiveness> preventing people from leeching images from their site, but there's a simple way to get around their prevention of direct links to their site: redirect using a META tag, which strips the referer header and makes it look like a direct request.

    For example:

    If you want to link from livejournal.com/myPage1.html to members.aol.com/~myOtherPage.html, then make the link go to livejournal.com/myPage2.html ..... in the header of myPage2.html, include this meta tag:

    <meta http-equiv="refresh" content="0; url=http://members.aol.com/~myOtherPage.html">

    It works accross all browsers and appears to AOL as if somebody just typed that URL directly into the address bar of their browser.