Are you a blogger on WordPress.com or one using the WordPress software? Are you familiar with the Stats provided by the WordPress.com Stats plugin?
Over a month ago, I started to notice something being loaded from quantserve.com on every single page while browsing TechAirlines. I never included any script from this domain name (Quantcast) so I immediately started to look into each script that was being loaded. Eventually, I figured out this was being called from the WordPress.com Stats script, which was the last place I expected it to find it in.
What is Quantcast?
A bit of background first. Quantcast is a website public statistics service designed for advertisers and marketers. It collects user information and provides it for targeted advertising. It’s also a company that’s on trial for restoring “zombie cookies” from deleted files.
Privacy Invasion Issues
The main problem with Quantcast is the numerous privacy concerns with the tracking. It sets multiple cookies. One on the domain the user is browsing and another one on quantserve.com, which is detected by most anti-malware products as a third-party tracking cookie. I simply do not have any use for TechAirlines being quantified and also do not want any third party cookies from being set here.
Being aware of the background of Quantcast, I’m not comfortable with the company tracking my sites’ visitors, but I never chose to add the script to my site, and yet its there.
When I noticed the script started to be injected by WordPress.com Stats, I immediately created a thread on the WordPress forums.
Matt Mullenweg (creator of WordPress) responded to my thread with:
We’re going to use this to provide some cool features around uniques and people counting.
New features are great, but what about “less is more”?
It seems I’m not alone in this opinion. Including this script is a privacy invasion, especially since there is absolute nothing on the plugin download page that mentions Quantcast or any third party service at all.
Matt – this is yet another intrusive and unwanted addition to WordPress – (this time via a WordPress maintained plugin) – was this SPYWARE injection discussed on trac BEFORE inclusion? If not, why not? It goes completely against the transparency requirements of the open source declaration. Why is there no mention of this footer script injection on the plugin page? What are you hoping to garner by hiding this addition?
Page Speed Issues
If we put the privacy issues aside, there’s also a page speed issue that comes up with WordPress.com and Quantcast.
When running a page test, I noticed two extra requests made to quantserve.com.
At the time of writing, the request for the tracking pixel shows a 204 No Content error, however at the time of posting the forum thread, the pixel request created a 302 Redirect to either a pixel on segment-pixel.invitemedia.com or cms.quantserve.com, meaning one additional request.
The Quantcast code means 2-3 additional DNS lookups to load one resource from each subdomain, which usually slows down the page significantly.
The WordPress.com Stats script is already slow through its use of document.write, and this sneaky Quantcast code makes it even worse. So much for “it’s one of the fastest stats system, hosted or not hosted, that you can use”.
I use this stats plugin on my websites because I love the simplicity of it and the fact it only uses one script and one pixel to record statistics. It was truly the fastest stats system.
Why isn’t Automattic being transparent about a third party tracker being used? This wasn’t present until a few months ago and there certainly hasn’t been any new features introduced.
I have absolutely no problem with Automattic knowing how many people visit my sites or the minor performance impact caused by the plugin, but in no way did I sign up to be tracked by Quantcast. The plugin also fails to even mention third party tracking at all and does not provide a way to opt-out.
Are you a WordPress blogger using the Stats plugin or a WordPress.com blogger? What are your thoughts about the sneaky Quantcast inclusion into the script? Share your thoughts with us in the comments or leave a reply in this forum thread.
Update 8/25/11: As of Version 1.8.2 of the plugin, although not very detailed at all, the plugin page and readme file do mention the use of the Quantcast script. If you don’t want to have the Quantcast script load, you can try using this plugin created by commenter Frank.