[Foundation-l] Wikipedia tracks user behaviour via third party companies

[John at Darkstar]

> 
> Hmm? There's no reason to do anything like that. The AbuseFilter would
> just prevent sitewide JS pages from being saved with the particular URLs
> or a particular code block in them. It'll stop the well-meaning but
> misguided admins. Short of restricting site JS to the point of
> uselessness, you'll never be able to stop determined abusers.
> 

A very typical code fragment to make a stat url is something like

document.write('<img scr="' + server + digest + '">');

- server is some kind of external url
- digest is just some random garbage to bypass caching

This kind of code exists in so many variants that it is very difficult
to say anything about how it may be implemented. Often it will not use a
document.write on systems like Wikipedia but instead use createElement()
Very often someone claims that the definition of "server" will be
complete and may be used to identify the external server sufficiently.
That is not a valid claim as many such sites can be referred for other
purposes. Note also that the number of urls will be huge as this type of
service is very popular, not to say that anyone that want may set up a
special stat aggregator on an otherwise unknown domain.

Basically, simple regexps are not sufficient for detecting this kind of
code.

Otherwise, take a look at Simetricals earlier post.

John