Slashdot Mirror

← Back to Stories (view on slashdot.org)

GoDaddy is Injecting Site-Breaking JavaScript Into Customer Websites (techrepublic.com)

Posted by msmash on from the closer-look dept.

Web hosting service GoDaddy is injecting JavaScript into customer websites that could impact the overall performance of the website or even render it inoperable, according to Australian programmer Igor Kromin. From a report: GoDaddy's analytics system is based on W3C Navigation Timing, but the company's practice of unilaterally opting in paying customers to an analytics service -- tracking the visitors to websites hosted on GoDaddy services -- without forewarning is deserving of criticism. GoDaddy claims the technology, which it calls "Real User Metrics" (RUM), "[allows] us to identify internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites," that will "measure and track the performance of your website, and collects information such as connection time and page load time," adding that the script does not collect user information. The script name "Real User Metrics" is somewhat at odds with that claim; likewise, GoDaddy provides no definition of "user information."

GoDaddy claims "most customers won't experience issues when opted-in to RUM, but the JavaScript used may cause issues including slower site performance, or a broken/inoperable website," particularly for users of Accelerated Mobile Pages (AMP), and websites with pages containing multiple ending tags.

6 of 74 comments (clear)

  1. Well then... by TimMD909 · · Score: 4, Insightful

    ... might be time to move all my domains to another company.

  2. Not Surprising by thechemic · · Score: 4, Insightful

    When you choose to host with a company like GoDaddy, why would expect anything less?

    --
    Let's make like a bird... and get the flock outta here.
  3. Yet another reason ... by Anonymous Coward · · Score: 5, Insightful

    This is yet another reason why I block javascript in my browser.

    I pretty much hit a page, check the parasites, block any new ones I've not yet blocked ... and then reload and do it again.

    I consider pretty much all third party stuff, especially javsascript, as unwanted parasites ... they exist to track me and sell my data, and they can't do any of that when I block their domains from my browser.

    Your domain registrar has no fucking business knowing who I am.

    And eventually marketing says "hey, if we can do that, why can't we insert our own ads?".

    Of course, in a sane legal environment, modifying someone's copyrighted web page in transit for your own purposes would be illegal. I view it the same as wiretapping.

    1. Re:Yet another reason ... by thechemic · · Score: 4, Insightful

      I agree with the act, though the method you're using (black-listing) seems a bit backward. It would be more secure and a lot less laborious to block all javascript, and then white-list the URLs/Domains that you trust (bank, etc.).

      --
      Let's make like a bird... and get the flock outta here.
  4. Fuck godaddy by damn_registrars · · Score: 4, Insightful

    Fuck them sidways, upside down, and backwards. I started managing a website for a local nonprofit a while ago that was setup through godaddy (prior to my helping them) and it's been a disaster. A few weeks ago the website suddenly became only sporadically responsive, and only for certain types of connections. A lot of users (including me from some locations) were getting nothing when trying to connect (no 404, no error, just a blank page with no source).

    I then spent 2 hours in their "support chat" where I was bumped through three different support people. They tried to blame the problem on me and made me jump through a bunch of arbitrary hoops to prove them wrong. Then they said it was due to "website plugins" and left it to me to figure out what plugins needed attention (even though all the plugins run through their fucking servers).

    Then after that, they disconnected me; their chat system leaving me no transcript of the support session.

    This is appalling. We're ready to move our domain and site elsewhere.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  5. Not surprised at all... by kurkosdr · · Score: 4, Insightful

    GoDaddy acts as if they own their customers' websites and as if their customers are mere "content providers" for the sites GoDaddy "owns". For example, they will register the domain that a customer chose to themselves, and if they think the customer breached their TOS for whatever reason they will take over the domain and fill it with ads. Avoid GoDaddy if you can. And that's a big "if", since GoDaddy aggressively hoards (parks) domains which they never relinquish even if you "register" the domain with them (I put "register" in quotes because you are not really registering any domain to your name).