VigLink Injecting 3rd party tracking JS

[stoo2000]

A client was recently complaining that his users were getting some pop-up surveys on his website, after looking into this it was discovered that Viglink are inserting 3rd party tracking software into every site their integration is used on.

If you use VigLink look via Firebug at your page and you will discover

<script type="text/javascript" src="//b.scorecardresearch.com/beacon.js">

Which is inserted by the following code:

window.vglnk.partners_plugin = function (k, e) {
    var b = "https:" === document.location.protocol,
        w = {
            setup: function () {
                window._comscore = window._comscore || []
            },
            run: function () {
                var h = window._comscore;
                h && "function" === e.type(h.push) && (h.push({
                    c1: 8,
                    c2: 17570528,
                    c3: 1
                }), e.jsonp("//" + (b ? "sb" : "b") + ".scorecardresearch.com/beacon.js"))
            }
        };
    w.setup();
    return function () {
        w.run()
    }
};

According to scorecardresearch.com

Web Tags

Scorecard Research primarily collects data through the use of web tags. A web tag is code placed by partners on their websites to collect information about general visitation patterns. Web tags are commonly used by companies across the Internet to understand the visitation on their website.

Cookies

In addition, the ScorecardResearch web tag utilizes a cookie. A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a web site and stored on your computer's hard drive. ScorecardResearch uses a combination of web tags and cookies to help websites count users who have visited and seen a page or various parts of a page. We require that any website using our web tags include a notice about their use to collect anonymous traffic data and to state what choices are available to users regarding the use of the information collected. You can opt-out of participating in ScorecardResearch’s web tagging market research by clicking here.

Surveys

From time to time, you may see a ScorecardResearch survey invitation pop-up on your computer screen when you are visiting a participating web site. These surveys are intended to ask questions about you and your Internet usage, but will never ask for any personally identifiable information. You can choose whether you wish to participate and can opt-out from receiving these surveys at any time

So, not only is the 3rd party popping up unsolicited surveys, they're also setting a tracking cookie on members machines. So many people going on about the EU cookie law may be inadvertently serving a tracking cookie without their knowledge.

It's a shame that they are trying to use the trust you have in them and their code for serving up this 3rd party tracking code.

[xtech]

Thank you for this info. Probably they want to enhance their retargeting ability....

[MisterPhilip]

What's interesting is nowhere do they disclose it, at least from what I've found. It's easy to block but sadly it's technically against their ToS :sad:

I had just enabled it to test to see how it would do on my site... but I don't approve of BS popunder/overs.

[Rhett]

I'm not sure why this is shocking? If you use a third party advertisement code, they are full of items like this. ???

[stoo2000]

I'm not sure why this is shocking? If you use a third party advertisement code, they are full of items like this. ???

Because it's not advertisement code, fair enough AdSense etc needs to know what ads to show. But this data isn't required for a link to a website.

[Rhett]

I would suggest asking vigalink, I'm guessing it's nothing new and included in their terms.

[Makoto]

Hey guys, guess what? I have something for you all.

It's a cookie. Freshly generated just for you. And all I had to do to give you this cookie without your knowing or consent, was embed an image in my post!

I could even include an invisible 1x1 image in my signature to send tracking cookies to you all, and you'd probably never know about it.

So if you really care about following the EU cookie regulations strictly, you should prevent members from being able to link to external images anywhere on your forum.

Because these kind of extreme measures are what it's really going to take.

[MisterPhilip]

So if you really care about following the EU cookie regulations strictly, you should prevent members from being able to link to external images anywhere on your forum.

It's not the cookie that gets me, it's this:

Surveys

From time to time, you may see a ScorecardResearch survey invitation pop-up on your computer screen when you are visiting a participating web site. These surveys are intended to ask questions about you and your Internet usage, but will never ask for any personally identifiable information. You can choose whether you wish to participate and can opt-out from receiving these surveys at any time

I get adding cookies to help better identify a visitor and let them see more relevant ads. But never, ever should something be presented to the user without my knowledge.