Slashdot Mirror

← Back to Stories (view on slashdot.org)

GoDaddy is Injecting Site-Breaking JavaScript Into Customer Websites (techrepublic.com)

Posted by msmash on from the closer-look dept.

Web hosting service GoDaddy is injecting JavaScript into customer websites that could impact the overall performance of the website or even render it inoperable, according to Australian programmer Igor Kromin. From a report: GoDaddy's analytics system is based on W3C Navigation Timing, but the company's practice of unilaterally opting in paying customers to an analytics service -- tracking the visitors to websites hosted on GoDaddy services -- without forewarning is deserving of criticism. GoDaddy claims the technology, which it calls "Real User Metrics" (RUM), "[allows] us to identify internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites," that will "measure and track the performance of your website, and collects information such as connection time and page load time," adding that the script does not collect user information. The script name "Real User Metrics" is somewhat at odds with that claim; likewise, GoDaddy provides no definition of "user information."

GoDaddy claims "most customers won't experience issues when opted-in to RUM, but the JavaScript used may cause issues including slower site performance, or a broken/inoperable website," particularly for users of Accelerated Mobile Pages (AMP), and websites with pages containing multiple ending tags.

10 of 74 comments (clear)

  1. Well then... by TimMD909 · · Score: 4, Insightful

    ... might be time to move all my domains to another company.

    1. Re:Well then... by bobbied · · Score: 4, Informative

      ... might be time to move all my domains to another company.

      My friend who was a GoDaddy customer for over a decade did just that a month ago. Mainly because they kept black holing his domains because of THEIR code change.

      He ran a business, and the website going down was a BAD thing for him. After nearly a decade of running on this hosting service, having not made any changes to his website for over 3 months all of a sudden GoDaddy TOSed him for excessive CPU usage, "No you may not access any of your data thank you". A day on the phone later, they restore him after he pleads with their customer support and appeals to his long record of service. He decides to make a backup of everything now, bad call, he gets TOSed again the next day, this time they won't restore him.

      He got to looking at his backups and notices that what happened was GoDaddy CHANGED their backup processes and modified his system by applying patches. Anytime he ran backups, the CPU usage would spike. So, because he had subscribed to GoDaddy's backup service AND then dared to actually run a backup manually the bug they installed caused them to TOS him.

      He's not on GoDaddy now, after decades of trouble free service. Their loss..

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  2. Not Surprising by thechemic · · Score: 4, Insightful

    When you choose to host with a company like GoDaddy, why would expect anything less?

    --
    Let's make like a bird... and get the flock outta here.
  3. Yet another reason ... by Anonymous Coward · · Score: 5, Insightful

    This is yet another reason why I block javascript in my browser.

    I pretty much hit a page, check the parasites, block any new ones I've not yet blocked ... and then reload and do it again.

    I consider pretty much all third party stuff, especially javsascript, as unwanted parasites ... they exist to track me and sell my data, and they can't do any of that when I block their domains from my browser.

    Your domain registrar has no fucking business knowing who I am.

    And eventually marketing says "hey, if we can do that, why can't we insert our own ads?".

    Of course, in a sane legal environment, modifying someone's copyrighted web page in transit for your own purposes would be illegal. I view it the same as wiretapping.

    1. Re:Yet another reason ... by thechemic · · Score: 4, Insightful

      I agree with the act, though the method you're using (black-listing) seems a bit backward. It would be more secure and a lot less laborious to block all javascript, and then white-list the URLs/Domains that you trust (bank, etc.).

      --
      Let's make like a bird... and get the flock outta here.
  4. I was wondering why my website on GoDaddy was slow by ITRambo · · Score: 3, Informative

    Damn them. No company should inject code into any website that customer actually pay for. If they want to host for free, that's another story. And yeah. My website is a lot slower than it was. I thought it was my ISP, but the speeds are in spec. Transferring a complex website is a real time consuming PITA. I'll do it anyway, if they break my site.

  5. Re:What's in a Name? by mick232 · · Score: 3, Informative

    The term RUM is a pretty standard term in the application performance monitoring industry. And yes, it refers to the fact that performance data of real users is collected instead of synthetic tests.

  6. All for it by SuperKendall · · Score: 5, Funny

    At first I was against it, but after reading that it breaks AMP I say - Bravo, sir. Bravo.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  7. Fuck godaddy by damn_registrars · · Score: 4, Insightful

    Fuck them sidways, upside down, and backwards. I started managing a website for a local nonprofit a while ago that was setup through godaddy (prior to my helping them) and it's been a disaster. A few weeks ago the website suddenly became only sporadically responsive, and only for certain types of connections. A lot of users (including me from some locations) were getting nothing when trying to connect (no 404, no error, just a blank page with no source).

    I then spent 2 hours in their "support chat" where I was bumped through three different support people. They tried to blame the problem on me and made me jump through a bunch of arbitrary hoops to prove them wrong. Then they said it was due to "website plugins" and left it to me to figure out what plugins needed attention (even though all the plugins run through their fucking servers).

    Then after that, they disconnected me; their chat system leaving me no transcript of the support session.

    This is appalling. We're ready to move our domain and site elsewhere.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  8. Not surprised at all... by kurkosdr · · Score: 4, Insightful

    GoDaddy acts as if they own their customers' websites and as if their customers are mere "content providers" for the sites GoDaddy "owns". For example, they will register the domain that a customer chose to themselves, and if they think the customer breached their TOS for whatever reason they will take over the domain and fill it with ads. Avoid GoDaddy if you can. And that's a big "if", since GoDaddy aggressively hoards (parks) domains which they never relinquish even if you "register" the domain with them (I put "register" in quotes because you are not really registering any domain to your name).