Shocking news: GoDaddy injected user tracking JavaScript without consent

Shocking news: GoDaddy injected user tracking JavaScript without consent


Shocking news, even for WordPress Services providers: GoDaddy has injected JavaScript right into customer websites for the purposes of tracking; which may slow down websites or damage them entirely. THEY DID IT WITH IMPLIED CONSENT – meaning it was a hidden setting automatically on, where you can opt-out. The code was tracking user browsing GoDaddy hosted websites (the visitors of GoDaddy customers). Standard Piggyback Riding, without the fun. This is a perfect example of why we check JavaScripts for our customers, with the recurrent WordPress Services.

Read the story: Popular web hosting solution GoDaddy has started injecting a JavaScript file right into the web pages of all its customers, according to Australian modern technology professional Igor Kromin. GoDaddy’s analytics system is based upon W3C Navigation Timing, but company’s practice of unilaterally opting in paying customers to an analytics service — tracking the visitors to websites hosted on GoDaddy services — without forewarning is deserving a HUGE GDPR fine!

According to programmer Igor Kromin, problems with his very own site’s admin interface, hosted by the prominent web hosting provider, triggered him to analyze the code to spot any kind of problems. GoDaddy presents it as an innovation, which it calls “Real Individual Metrics” (RUM), “[allows] us to identify internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites,” that will “measure and track the performance of your website, and collects information such as connection time and page load time,” adding that the script does not collect personal user information.

The script name “Real User Metrics” is somewhat at odds with that claim. Likewise, GoDaddy provides no definition of “user information”. And, even shockingly, their disclaimer contradicts the excuse of innovation: “The JavaScript used may cause issues including slower site performance, or a broken/inoperable website.” And we, owl power EUROPE, strive to provide decent loading times with our WordPress Services and others do the exact opposite of that.


Care for your WordPress: Delegate technical work to us. Enjoy a headache-free WP!

Upon examination, Kromin discovered that the not working JavaScript file, which loaded an unknown external JavaScript document had been loaded on his site. (Actually, the issue at fault originally was a Safari bug, rather than anything to do with GoDaddy). While there was little evidence of this file in resource code or layouts, ALL PAGES of his website’s were being served with THIS new JavaScript. Customers using cPanel Shared Hosting or cPanel Business were automatically opted-in to the service. The collection of metrics and performance information is a common technique for lots of, and also some web designers will bolt-on their very own collection systems in backend systems for increased exposure right into exactly how their web site is executing.

Nonetheless, GoDaddy openly admitted that the JavaScript code might affect internet site performance and so customers should understand what may be triggering downturns or straight-out damages. The system at hand is based on W3C Navigation Timing and while not a security issue, if website breakage is a possibility, a default opt-in was not necessarily fair or reasonable. Most customers are not expected to be impacted by RUM, but websites involved in Google‘s AMP (Accelerated Mobile Pages Project) or with pages ending with multiple ending tags might be more susceptible to breaks or slow performance issues. GoDaddy claims “most customers won’t experience issues when opted-in to RUM, but the JavaScript used may cause issues including slower site performance, or a broken/inoperable website”.

Clients of GoDaddy can opt out of RUM by most likely to, visiting, and also clicking on the hosting account that you wish to omit. From there, click the “…” switch, as well as “Aid Us, “then click on [Opt Out]”. The script will be eliminated quickly from your web site as soon as you opted out. Kromin notes that he is “not against web host providers monitoring how their servers are running,” but that “Injecting JavaScript into pages being served is far from passive and… a violation of trust between the web host and the customer”. Let’s not mention violations of GDPR rights!

After GoDaddy was made aware of concerns caused by the RUM program, the company has promised to turn off the JavaScript function with immediate effect. A GoDaddy spokesperson stated: “… After careful review of the concerns being raised around this program, we have decided to turn off the Javascript insertion on our hosting platform immediately. We will reintroduce this program in the future so that it is on an opt-in only basis. We apologize for any confusion and inconvenience to our customers”.

VERY AFFORDABLE FOR ALL THAT IT OFFERS! CHEAPER and FASTER, than designers + developers + sysadmins hired for specific WordPress tasks.

Do you inspect suspicious JavaScripts running on your site? We do this with our recurrent WordPress Services each week.

Related Posts

owl power EUROPE

error: Content is protected !!