Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet

GoDaddy is Injecting Site-Breaking JavaScript Into Customer Websites (techrepublic.com) 74

Web hosting service GoDaddy is injecting JavaScript into customer websites that could impact the overall performance of the website or even render it inoperable, according to Australian programmer Igor Kromin. From a report: GoDaddy's analytics system is based on W3C Navigation Timing, but the company's practice of unilaterally opting in paying customers to an analytics service -- tracking the visitors to websites hosted on GoDaddy services -- without forewarning is deserving of criticism. GoDaddy claims the technology, which it calls "Real User Metrics" (RUM), "[allows] us to identify internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites," that will "measure and track the performance of your website, and collects information such as connection time and page load time," adding that the script does not collect user information. The script name "Real User Metrics" is somewhat at odds with that claim; likewise, GoDaddy provides no definition of "user information."

GoDaddy claims "most customers won't experience issues when opted-in to RUM, but the JavaScript used may cause issues including slower site performance, or a broken/inoperable website," particularly for users of Accelerated Mobile Pages (AMP), and websites with pages containing multiple ending tags.

This discussion has been archived. No new comments can be posted.

GoDaddy is Injecting Site-Breaking JavaScript Into Customer Websites

Comments Filter:
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Monday January 14, 2019 @01:27PM (#57960376)
    Comment removed based on user account deletion
    • I've already done that, back on one of the other times they pulled some nonsense that was a big middle finger extended towards the customer base.
    • by Anonymous Coward

      I moved all of mine from GoDaddy to here... https://www.secureserver.net/?prog_id=2rosenthals&isc=wwbb1902&utm_source=plocp&utm_medium=email&utm_campaign=en-US_x_email_base_pl&utm_content=180602_1902_x_x_x_x_wwbb1902_5FPCIY2iu4ridD8S08hFBn

      Nathan

    • by zekica ( 1953180 )
      I would suggest a great alternative I used for 8 years, but they got bought by GoDaddy :(
    • by fermion ( 181285 )
      It was time five years ago. Godaddy has value if you need free and your time it worth nothing. I move to namecheap a long time ago, when I forgot to renew my domain name and godaddy held it hostage.

      I pay these people to register my domain names, and I pay s fair amount. I know it is hard to make a profit, but really what do they actually do that costs so much? I don't need someone trying to monetize me when I am already paying them.

    • Re:Well then... (Score:5, Informative)

      by bobbied ( 2522392 ) on Monday January 14, 2019 @02:51PM (#57961066)

      ... might be time to move all my domains to another company.

      My friend who was a GoDaddy customer for over a decade did just that a month ago. Mainly because they kept black holing his domains because of THEIR code change.

      He ran a business, and the website going down was a BAD thing for him. After nearly a decade of running on this hosting service, having not made any changes to his website for over 3 months all of a sudden GoDaddy TOSed him for excessive CPU usage, "No you may not access any of your data thank you". A day on the phone later, they restore him after he pleads with their customer support and appeals to his long record of service. He decides to make a backup of everything now, bad call, he gets TOSed again the next day, this time they won't restore him.

      He got to looking at his backups and notices that what happened was GoDaddy CHANGED their backup processes and modified his system by applying patches. Anytime he ran backups, the CPU usage would spike. So, because he had subscribed to GoDaddy's backup service AND then dared to actually run a backup manually the bug they installed caused them to TOS him.

      He's not on GoDaddy now, after decades of trouble free service. Their loss..

    • You might can avoid them, but Comcast's Javascript that broke our web site is pretty much unavoidable.

    • To where? register.com? </joke>
    • by Anonymous Coward

      Be careful if you need to update your contact info first... They will bar domain transfers for 6months after a contact update.

    • I used NoMonthlyFees.com (as hokey as it sounds) for years until HostingCheck.com bought them several years back, and I still happily use them today.
  • Not Surprising (Score:5, Insightful)

    by thechemic ( 1329333 ) on Monday January 14, 2019 @01:32PM (#57960410)
    When you choose to host with a company like GoDaddy, why would expect anything less?
    • by Anonymous Coward

      The colloquial is NoDaddy
      Obligatory pun
      Also the company literally has nothing to offer except bad customer service

    • The thing is, many people chose GD a long time ago, then just extend.
  • by Anonymous Coward on Monday January 14, 2019 @01:34PM (#57960430)

    This is yet another reason why I block javascript in my browser.

    I pretty much hit a page, check the parasites, block any new ones I've not yet blocked ... and then reload and do it again.

    I consider pretty much all third party stuff, especially javsascript, as unwanted parasites ... they exist to track me and sell my data, and they can't do any of that when I block their domains from my browser.

    Your domain registrar has no fucking business knowing who I am.

    And eventually marketing says "hey, if we can do that, why can't we insert our own ads?".

    Of course, in a sane legal environment, modifying someone's copyrighted web page in transit for your own purposes would be illegal. I view it the same as wiretapping.

  • by ITRambo ( 1467509 ) on Monday January 14, 2019 @01:45PM (#57960512)
    Damn them. No company should inject code into any website that customer actually pay for. If they want to host for free, that's another story. And yeah. My website is a lot slower than it was. I thought it was my ISP, but the speeds are in spec. Transferring a complex website is a real time consuming PITA. I'll do it anyway, if they break my site.
  • All for it (Score:5, Funny)

    by SuperKendall ( 25149 ) on Monday January 14, 2019 @02:01PM (#57960678)

    At first I was against it, but after reading that it breaks AMP I say - Bravo, sir. Bravo.

  • Fuck godaddy (Score:5, Insightful)

    by damn_registrars ( 1103043 ) <damn.registrars@gmail.com> on Monday January 14, 2019 @02:06PM (#57960714) Homepage Journal
    Fuck them sidways, upside down, and backwards. I started managing a website for a local nonprofit a while ago that was setup through godaddy (prior to my helping them) and it's been a disaster. A few weeks ago the website suddenly became only sporadically responsive, and only for certain types of connections. A lot of users (including me from some locations) were getting nothing when trying to connect (no 404, no error, just a blank page with no source).

    I then spent 2 hours in their "support chat" where I was bumped through three different support people. They tried to blame the problem on me and made me jump through a bunch of arbitrary hoops to prove them wrong. Then they said it was due to "website plugins" and left it to me to figure out what plugins needed attention (even though all the plugins run through their fucking servers).

    Then after that, they disconnected me; their chat system leaving me no transcript of the support session.

    This is appalling. We're ready to move our domain and site elsewhere.
  • I wouldn't be surprised if they were just using New Relic APM for this purpose. If so, they are probably doing this just for the purpose they stated. Perhaps they still should have made it opt-in, but there's a reasonable chance nothing nefarious was intended.
  • by kurkosdr ( 2378710 ) on Monday January 14, 2019 @02:08PM (#57960736)
    GoDaddy acts as if they own their customers' websites and as if their customers are mere "content providers" for the sites GoDaddy "owns". For example, they will register the domain that a customer chose to themselves, and if they think the customer breached their TOS for whatever reason they will take over the domain and fill it with ads. Avoid GoDaddy if you can. And that's a big "if", since GoDaddy aggressively hoards (parks) domains which they never relinquish even if you "register" the domain with them (I put "register" in quotes because you are not really registering any domain to your name).
  • ... but I left them because of the types of business practices I saw.
  • by Anonymous Coward

    Just verified that the instructions in the article work. My site is now opted out. IT SHOULD NEVER HAVE BEEN OPTED IN !!!

    Looking for a new hosting service.

    Fuck you GoDADDY

  • by Anonymous Coward
    Post as AC for reasons. None of the employees at GoDaddy host there. When they finally got around to offering employee discounts it wasn't enough to tempt anyone to move off their existing hosts. When the people who run the stuff won't use it then it's a big clue that the product isn't the best.

1 Word = 1 Millipicture

Working...