A downvote stalker. Many comments in fubarobfusco’s recent posting history have multiple upvotes, some have one or none, but almost all of them have at least one downvote, and usually no more than one. (Hover over the karma score; unfortunately it’s a percentage rather than a raw vote count.)
My usual browsers are pretty much locked down all the time, but I dug out IE and looked at some LW pages. Didn’t see any ads, video or not.
I would suspect malware, but it’s also possible that other browser tabs (e.g. Facebook) are playing games...
P.S. Oh, a plug-in I have says there are three “requests” on this page from SpecificMedia (http://specificmedia.com/) and it does seem to specialize in video advertising.
I’m leaning towards it being part of the website. The video doesn’t seem to play very often, but every time the page loads, there is a script tag from “vindicosuite.com″ at the bottom, which contains links to specificmedia.com. Both of these domains are related to video advertisement.
To see the tag, I load the page in Chrome, rightclick->Inspect Element, and scroll to the bottom of the HTML view.
I see this both under Firefox on my laptop and Chrome on my office computer, it seems unlikely that they would both have the same malware at the same time.
I am also suspicious because the vindicosuite code is very clearly appended to the end of the page, just stuck onto the end. It’s not integrated with the page in any way.
YO, ADMINS!! Are you quite sure lesswrong.com hasn’t been pwned?
I just loaded http://lesswrong.com/ in both my Iceweasel and Chromium (Debian testing), and C-u, C-f ‘suite’, ‘specific’ - I see nothing? Nothing in curl either.
You will not see it with View Source (C-u). Try right-clicking on the page and selecting Inspect Element (in either Firefox or Chrome). (The tag is added by some Javascript, so it’s only present in the DOM, not in the original source).
Interesting. I just looked on an entirely different computer and there’s nothing.
Since the connection is http (and not https) I wonder whether there’s some code injection going on...
But on the computer I used during the day there was a call to x.vindicosuite.com with a bunch of parameters. It was at the very end of the page, right before the closing tag.
Did they add auto-playing video ads to the LessWrong frontpage, or do I have malware?
SiteMeter in the sidebar was the cause of this. It has been removed.
Thank you!
Who downvotes a thank you to one of the site maintainers? Sheesh.
A downvote stalker. Many comments in fubarobfusco’s recent posting history have multiple upvotes, some have one or none, but almost all of them have at least one downvote, and usually no more than one. (Hover over the karma score; unfortunately it’s a percentage rather than a raw vote count.)
Huh. I wonder how common that is?
Yeah, same here. Little video on the bottom-right corner starts playing randomly. Not related to any LW topic I can think of.
I’m not seeing anything like that. (Windows 7 running Chrome)
Likewise. This is what I see.
I’m using Firefox on MacOS. I see the same thing, but not repeatably (it’s appeared a couple of times so far).
Phew, I guess I’m safe then. Thanks.
Or you both have malware. LW has no other ads at all, so how likely is it that their first ad is an auto-playing video?
EDIT: And I personally see no video ads ever, FWIW.
I have this too and it started recently. It doesn’t happen anywhere apart from LW. If there’s malware it’s something to do with LW
My usual browsers are pretty much locked down all the time, but I dug out IE and looked at some LW pages. Didn’t see any ads, video or not.
I would suspect malware, but it’s also possible that other browser tabs (e.g. Facebook) are playing games...
P.S. Oh, a plug-in I have says there are three “requests” on this page from SpecificMedia (http://specificmedia.com/) and it does seem to specialize in video advertising.
I’m leaning towards it being part of the website. The video doesn’t seem to play very often, but every time the page loads, there is a script tag from “vindicosuite.com″ at the bottom, which contains links to specificmedia.com. Both of these domains are related to video advertisement.
To see the tag, I load the page in Chrome, rightclick->Inspect Element, and scroll to the bottom of the HTML view.
I see this both under Firefox on my laptop and Chrome on my office computer, it seems unlikely that they would both have the same malware at the same time.
Um. That doesn’t look nice.
I am also suspicious because the vindicosuite code is very clearly appended to the end of the page, just stuck onto the end. It’s not integrated with the page in any way.
YO, ADMINS!! Are you quite sure lesswrong.com hasn’t been pwned?
I just loaded http://lesswrong.com/ in both my Iceweasel and Chromium (Debian testing), and C-u, C-f ‘suite’, ‘specific’ - I see nothing? Nothing in curl either.
You will not see it with View Source (C-u). Try right-clicking on the page and selecting Inspect Element (in either Firefox or Chrome). (The tag is added by some Javascript, so it’s only present in the DOM, not in the original source).
Ok, it seems the culprit is this fragment
Commenting it out will get rid of the vindicosuite stuff. So I guess this is sitemeter.com gone rogue.
Some Googling found at least one other person who noticed the same problem.
There are a few other blogs complaining about this.
AdBlock can handle it with this pattern:
Interesting. I just looked on an entirely different computer and there’s nothing.
Since the connection is http (and not https) I wonder whether there’s some code injection going on...
But on the computer I used during the day there was a call to x.vindicosuite.com with a bunch of parameters. It was at the very end of the page, right before the closing tag.
I’m not seeing anything like that on Windows 8/Firefox, Ubuntu/Firefox, or iOS/Safari. What OS and browser are you using?
MacOS/Firefox. I have only seen it a few times, not every time I load the page. But I never saw this style of ad on any other website.