WordPress.com Stats Quietly Includes Quantcast

Dec 30th, 201027 Comments

StatsAre you a blogger on WordPress.com or one using the WordPress software? Are you familiar with the Stats provided by the WordPress.com Stats plugin?

Over a month ago,  I started to notice something being loaded from quantserve.com on every single page while browsing TechAirlines. I never included any script from this domain name (Quantcast) so I immediately started to look into each script that was being loaded. Eventually, I figured out this was being called from the WordPress.com Stats script, which was the last place I expected it to find it in.

if(typeof _qoptions!="undefined"&&_qoptions!=null)for(var k in _qoptions)old_qoptions[k]=_qoptions.k;_qoptions={qacct:'p-18-mFEk4J448M',labels:'type.wporg'};document.write(unescape("%3Cscript src='"+document.location.protocol+"//edge.quantserve.com/quant.js' type='text/javascript'%3E%3C/script%3E"));if(typeof old_qoptions!="undefined"&&old_qoptions!=null)_qoptions=old_qoptions;

What is Quantcast?

QuantcastA bit of background first. Quantcast is a website public statistics service designed for advertisers and marketers. It collects user information and provides it for targeted advertising. It’s also a company that’s on trial for restoring “zombie cookies” from deleted files.

Privacy Invasion Issues

The main problem with Quantcast is the numerous privacy concerns with the tracking. It sets multiple cookies. One on the domain the user is browsing and another one on quantserve.com, which is detected by most anti-malware products as a third-party tracking cookie. I simply do not have any use for TechAirlines being quantified and also do not want any third party cookies from being set here.

Being aware of the background of Quantcast, I’m not comfortable with the company tracking my sites’ visitors, but I never chose to add the script to my site, and yet its there.

When I noticed the script started to be injected by WordPress.com Stats, I immediately created a thread on the WordPress forums.

Matt Mullenweg (creator of WordPress) responded to my thread with:

We’re going to use this to provide some cool features around uniques and people counting.

New features are great, but what about “less is more”?

It seems I’m not alone in this opinion. Including this script is a privacy invasion, especially since there is absolute nothing on the plugin download page that mentions Quantcast or any third party service at all.

gazouteast wrote:

Matt – this is yet another intrusive and unwanted addition to WordPress – (this time via a WordPress maintained plugin) – was this SPYWARE injection discussed on trac BEFORE inclusion? If not, why not? It goes completely against the transparency requirements of the open source declaration. Why is there no mention of this footer script injection on the plugin page? What are you hoping to garner by hiding this addition?

WordPress.com Stats was the only third party Javascript stats service that used only one script and one pixel without setting any tracking cookies. Nothing evil. Not anymore unfortunately.

Page Speed Issues

If we put the privacy issues aside, there’s also a page speed issue that comes up with WordPress.com and Quantcast.

When running a page test, I noticed two extra requests made to quantserve.com.

http://edge.quantserve.com/quant.js

http://pixel.quantserve.com/pixel;r=765847485;fpan=1;fpa=P0-1974493427-1293686832625;ns=0;url=http%3A%2F%2Fwww.techairlines.com%2F;ref=;ce=1;je=1;sr=1024x768x32;enc=n;ogl=;dst=1;et=1293686832625;tzo=300;a=p-18-mFEk4J448M;labels=type.wporg

Page Speed WaterfallAt the time of writing, the request for the tracking pixel shows a 204 No Content error, however at the time of posting the forum thread, the pixel request created a 302 Redirect to either a pixel on segment-pixel.invitemedia.com or cms.quantserve.com, meaning one additional request.

The Quantcast code means 2-3 additional DNS lookups to load one resource from each subdomain, which usually slows down the page significantly.

The WordPress.com Stats script is already slow through its use of document.write, and this sneaky Quantcast code makes it even worse. So much for “it’s one of the fastest stats system, hosted or not hosted, that you can use”.

Other Thoughts

I use this stats plugin on my websites because I love the simplicity of it and the fact it only uses one script and one pixel to record statistics. It was truly the fastest stats system.

WordPressWhy isn’t Automattic being transparent about a third party tracker being used? This wasn’t present until a few months ago and there certainly hasn’t been any new features introduced.

I have absolutely no problem with Automattic knowing how many people visit my sites or the minor performance impact caused by the plugin, but in no way did I sign up to be tracked by Quantcast. The plugin also fails to even mention third party tracking at all and does not provide a way to opt-out.

Are you a WordPress blogger using the Stats plugin or a WordPress.com blogger? What are your thoughts about the sneaky Quantcast inclusion into the script? Share your thoughts with us in the comments or leave a reply in this forum thread.

Update 8/25/11: As of Version 1.8.2 of the plugin, although not very detailed at all, the plugin page and readme file do mention the use of the Quantcast script. If you don’t want to have the Quantcast script load, you can try using this plugin created by commenter Frank.

Tags: , , , ,

By
Brian is the co-founder and editor-in-chief of TechAirlines. He is also a developer and manages most of the site’s operations. He enjoys web development in his free time and is currently trying to learn Python. He is currently a high school senior in New York City.

You Might Also Be Interested In:

  1. Blogger Gets Real-Time Stats
  2. Optimize WordPress Contact Form 7 Plugin Scripts
  3. Change WordPress Admin Username
  • http://toni.org Toni

    Like Matt mentioned in the forum thread, we (Automattic) are planning on using the Quantcast data to add new stats features, not to do ad tracking or sell user data. We’ve been using Quantcast on WordPress.com for several years without problems as a way to measure our traffic by an independent third party (http://www.quantcast.com/wordpress.com). They are used for that same purpose by about half of the top 1000 sites on the web. I think of Quantcast as an analytics service like Comscore or Google Analytics, not as an ad tracker. That said I agree with you that data privacy is an important issue. We’ll ll keep a close eye on this and will continue to evaluate various ways of capturing data for our stats system.

    PS: Unlike most top 50 sites on the web, we use zero ad trackers (see http://blogs.wsj.com/wtk/ – we use even fewer trackers than the already low number they claim for us).

    PPS: WordPress.com Stats is a free, optional plugin for WordPress. If you are uncomfortable with the way it operates you can simply not install it.

    • http://www.techairlines.com Brian Yang

      Thanks for visiting Toni!

      I’m glad to hear that the Quantcast data is just being used for new features and I’m looking forward to these features, however there should be something on the plugin download page that states the use of a third party service.

      Happy New Year!

    • http://www.chipbennett.net/ Chip Bennett

      PPS: WordPress.com Stats is a free, optional plugin for WordPress. If you are uncomfortable with the way it operates you can simply not install it.

      That’s all well and good, except for one, minor point:

      If Automattic fail to disclose this data collection, how would users know about it? And if end users don’t know about it, how on earth would they know to disable the Plugin in order to avoid it?

      Thus, since Automattic have willfully chosen not only not to disclose this data collection, but also to attempt to obfuscate it in the code, it is rather specious to point out that users have the option not to use the Plugin.

  • http://www.theapplepirates.com The Apple Pirates

    If i don’t want to use this feature…..is there a way to disable this…..

    • http://www.techairlines.com Brian Yang

      Hello. Nope, the script is hosted by wordpress.com and there is no way to disable the Quantcast feature.

      To remove Quantcast, you would have to disable the plugin.

      • http://personalcomputersos.wordpress.com Bob Zenith

        >>there is no way to disable the Quantcast feature

        That’s not entirely true. Although there is no way for the admin of a site to disable the feature for all users, individual users can opt-out of Quantcast’s tracking services here:
        http://www.quantcast.com/info/privacy

        I would not necessarily recommend this option to privacy-conscious users (because it is cookie based); there are much better options that most privacy conscious users are already aware of.

        • http://www.techairlines.com Brian Yang

          Hi there,

          That is true. Users can choose to opt out of the Quantcast tracking feature using the opt-out cookie. For me, I opt-out using NoScript by blocking the script entirely.

          Too bad there isn’t a way to disable Quantcast out of the stats script so there’s no tracking done at all, regardless of whether a user opted-out or not.

  • http://blog.futtta.be/2010/12/31/coding-for-the-new-year/ frank goossens

    the fact that the use of quantcast is not mentioned, that 3rd party tracking cannot be disabled and that automattic does not seem to want to acknowledge that there might be a problem is very troubling.

    that being said; i’ve created a small plugin that stops the quantcast-tracking and leaves wordpress stats intact. i’ve got it running on my blog and it seems to work perfectly, but it should nevertheless be considered an alpha-release. you can download it here to test, do provide me some feedback if you encounter issues with it.

    • http://www.techairlines.com Brian Yang

      Agreed. There should really be something that mentions 3rd party tracking.

      Thanks for creating that plugin. I will be downloading it and giving it a try now and will send you feedback.

      Hope you had a great New Years.
      Brian

    • http://danielpacker.org Daniel

      Thank so much for this plugin, Frank. It’s wonderful.

  • http://www.nightfallcrew.com xad

    Thanks Frank, works perfectly!

  • James

    So I tried uninstalling the wordpress.com stats completely from our domains wordpress install. But my stats are still being tracked on wordpress.com dashboard.

    How are stats still being tracked? Is there still code left on my site after uninstall?

    I would love to be notified of a reply to this comment.

    • http://www.techairlines.com Brian Yang

      Hello.

      After removing the plugin, clear any cache files you have of your site then check your site source code for any scripts loading from wordpress.com. If there aren’t any, it shouldn’t be tracking anymore.

      Because tracking was started before, the site should still appear in your WordPress.com Dashboard, however there shouldn’t be any new and updated data. It should start becoming all 0 visits for future dates.

      I’ll start running the stats plugin on my test site for a week then disable it and see if tracking still continues.

      Enjoy your week and I’ll get back to you.

  • http://www.erosblog.com Bacchus

    Thanks for this article. I was puzzling over the Google webmaster tools, trying to figure out why quantserve.js was showing up as a speed factor on my site. Was horrified to discover that WordPress.com silently slid Quantcast tracking crud into their plugin in a recent upgrade … that’s just nasty and underhanded.

    Plugin: uninstalled.

  • Pingback: Pri pra privacy | ii « net eamelje

  • Lee

    I just found out about this and I am outraged. I really thought Auttomatic was a truly transparent company and would never do such a thing but now I am disappointed. At least let the visitors know that you will be using a third-party analytics company that offers behavioral analysis to its business clients ;)

    Plugin is now uninstalled from all 4 of my properties.

    • http://www.techairlines.com Brian Yang

      Hello,

      As far as I’m concerned, the plugin script still calls Quantcast and there is still nothing on the plugin page that even remotely mentions a third party service being used. I am completely against the use of Quantcast, but the main problem is that Automattic is still not being transparent about this.

      My thread on the forums also got closed without warning.

      I love the stats it provides so I’m continuing to use the plugin for now but I also have Frank’s script installed and so far it’s working very well.

      Thanks for commenting,
      Brian

  • Pingback: WordPress.com Stats and Quantcast

  • Pingback: Is your Wordpress site embedding tracking code without your knowledge?

  • Pingback: webnik.dk | WordPress spy on its users via stats tool!

  • Bryant Grant

    Here is a different perspective, one from a person who willingly uses Quantcast to quantify numbers/demographics etc.

    I’ve used Quantcast for over 2 years now and on multiple sites. As of late I’ve noticed that ALL of the sites I have implemented this on, and ALL of the pages WHEN it calls on yet another 3rd party domain, segment-pixel.invitemedia.com, the domains/pages hang indefinitely. And this is happening almost daily! And majority of the time it is between 11 pm est and 3 am est., regularly! These sites that I chose to Quantify have major traffic and not just traffic but major unique visitors numbers 24 hours a day.

    My search for more info on segment-pixel.invitemedia.com brought me to invitemedia.com, since obviously segment-pixel is a subdomain. Well, invitemedia.com was acquired by Google, which Google has placed it under their DoubleClick Advertiser label! For more reasons than I can even begin to mention here, this is not what I expected or even opted in for under the assumption that I simply want to Quantify my sites’ numbers! Now, am I forced to, because I now KNOW that all visitors are subject to not only txt cookies but js/flash cookies, notify visitors? In reference to to you who have WP, I would be outraged that WP/Automattic have willfully chosen not only not to disclose this data collection! And have the nerve to give a blanket explanation that they are “using the Quantcast data to add new stats features, not to do ad tracking or sell user data”, that couldn’t be further from the truth!

    You who have blogs using this stats plugin from WP.. just for a minute change your thinking.. think like an advertiser/marketer for a bit, just know that WP user numbers are worth gold! Now, also think for a second about the Facebook/Twitter effect/worth, now apply this to your thinking.. IF wordpress can now, after years of ‘quantifying’ it’s reach, by showing the numbers from it’s Quantcast + Google’s notorious DoubleClick Advertising label, they are positioning themselves for being acquired (bought out) by a Google or Microsoft or just add any powerhouse’s name ready to spend in the billions for what YOU know as WordPress, the open source blah blah blah.

    It is obvious that the transparency that is required by open source declaration is not present, as claimed by WP! In short terms, sometimes it is obvious to see when a company is positioning itself to “sell” itself! And, you can take this from someone who just may be on the other side of the fence than most of you bloggers with valuable blogs etc, that even if WP sold itself, would stay with them.. from an advertiser’s / marketer’s thinking, this is a dream come true.

    Are you thinking like an advertiser / marketer? If not, try to.. and then look at WP’s actions with those set of glasses!

  • Bryant Grant

    Meant to add to my previous post.. For those who use WP, take a look at invitemedia[dot]com. When you use WP stats plugin, the trail doesn’t JUST stop at Quantcast, but Quantcast to Google’s invitemedia[dot]com! So for Matt Mullenweg / WP / Automattic to insist they’ve used Quantcast for, and I quote “years”, to at ‘someday’ provide all these new bells and whistles for ‘your’ blog’s visitors is suspect. The question is does it take “years”? Does it take “years” of not giving blog owners the option of an on/off of data collection fed straight to Quantcast for you to provide these fantastic bells and whistles? Why couldn’t you collect this data yourself, or maybe allow the WP bloggers AND sites built on WP the option of an anonymous way of tracking visitors? But most importantly, why not use a TRUE open source company in operation to track these numbers to provide for your long awaited bells and whistles?

  • http://cparente.wordpress.com/2011/08/23/the-confusing-world-of-performance-tires/ Chris Parente

    Really glad to find this conversation. I’m a long-time wp.com blogger, considering moving to wp.org. I’ve wondered for a long time why information about the Quantcast/Wordpress relationship was so hard to find in the Forums. Basically, I was told nothing.

    This lack of transparency does seem a shame, b/c the QC stats do give me more than the wp.com stats (that are based on Google Analytics, correct?)

    I suppose until I migrate there’s nothing to do, correct? Thanks for the information in this thread.

  • http://blog.futtta.be/ frank goossens

    Just to let you guys & girls know my old “donottrack” plugin has graduated to the wordpress.org plugin repository. The new version, called WP DoNotTrack, includes an options-screen under wp-admin in which you can choose between black- and whitelisting for all visitors or only for those with navigator.doNotTrack set in their browser. You can check it out here: http://wordpress.org/extend/plugins/wp-donottrack/

    • http://www.techairlines.com Brian Yang

      Thanks Frank for all your hard work with this plugin!

  • Lisbeth

    Indeed, since I installed jetpack and activated the stats module, my site (www.lisbethjveillat.eu) has been extremely slow despite it being ridiculously small. I’m a greenie in WP/PHP/SQL and ignorant about js. I researched the “WP site slow loading” and was led to yslow. Yslow had a lot to say about my site, in particular about js queries, where I noted this “quantthing”. I’m really glad you’ve explained it so that even a not that educated person can understand it. I’m deff. sharing your concerns about covert registration of visitors to my site and I’ll see if I can get “DoNotTrack” to work for me.

    On a side note I also figured out that not having a favicon was slowing my site. The solution was simple, I have a favicon now! Stupid though.

Copyright © 2009-2013 TechAirlines. Some Rights Reserved.