WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17623 closed defect (bug) (fixed)

Google is injecting web beacons into posts when WordPress runs its Blogger importer

Reported by: avcascade Owned by:
Milestone: WordPress.org Priority: normal
Severity: normal Version:
Component: Import Keywords: needs-testing has-patch
Focuses: Cc:

Description

When I was helping a friend move from Blogger to WordPress a few days ago, I discovered, to my surprise, that upon completion of the import, there was a 1x1 pixel image embedded at the bottom of every single post brought into the WordPress database from Blogger.

Apparently, anytime the WordPress blogger importer is being run, Google is injecting code into each post, at the bottom of the post body. I verified this by setting up a brand new WordPress blog and running the importer on a different Blogspot blog. Same result.

The injected code consists of a div with an image inside. Looks like this:

<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3275131723104366382-4989880442815077089?l=blogname.blogspot.com' alt='' /></div>

When I went back to the source blog on blogspot.com to see if this same code was being added to post footers there, I couldn't find it. That means that the code is only being injected when the importer is run.

I find this practice entirely inappropriate and unethical. I know Google did not used to do this, because I moved blogs from Blogger to WordPress years ago with the new importer and no beacons were injected.

I'm particularly concerned about more inexperienced users who don't want the Google beacons in their WordPress blogs but lack the expertise to remove them.

This obviously isn't a defect originating on our end (WordPress didn't cause this), but it is a problem nonetheless.

Maybe the importer can be modified to block the code injection? Could an official protest be lodged with Google?

Of course, a plugin could be assembled to find and remove the beacons, but I think it would be better if the beacons didn't get imported along with the content in the first place.

Change History (5)

comment:1 toscho3 years ago

  • Cc info@… added
  • Keywords changed from Google, Blogger Importer to Google Blogger Importer

comment:2 Otto423 years ago

  • Keywords Google Blogger Importer removed

This appears to be a blogger thing. Unauthenticated feeds have those tracking images in them, while authenticated feeds do not.

Now, the blogger importer is authenticated, using the older AuthSub methods. It appears that this isn't enough for Blogger to not insert the images.

However, I was able to write some OAuth code to get the feed and the resulting content did not have the images in there, so it appears that the Blogger importer should be converted to use OAuth instead of the much easier AuthSub.

comment:3 Otto423 years ago

  • Keywords needs-testing has-patch added

Turns out that I don't have to go full OAuth to fix this, just to modify which feed it uses slightly.

I made a slight modification to the trunk version of the blogger-importer plugin that will eliminate this problem.

Code here: http://plugins.svn.wordpress.org/blogger-importer/trunk/
Changeset here: http://plugins.trac.wordpress.org/changeset/394622

Needs more testing before general release, however it works for me on a test blog.

I'm working on a more fully fledged adjustment to this, as the code has become a bit dated. Google no longer supports AuthSub fully, and they recommend OAuth instead. Also, the XML parsing routines used here are strange when we have a fully fledged Atom parser in the core now (SimplePie). So I'm making a new version to use these instead, however, this interim fix should solve this interim problem for now.

Please test.

comment:4 Otto423 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Pushed quick fix for this to 0.4 version of plugin.

comment:5 ocean903 years ago

  • Milestone changed from Awaiting Review to WordPress.org
Note: See TracTickets for help on using tickets.