What is Hitbox and why is LiveJournal using it?
Is Hitbox code on LiveJournal jeopardizing the security of personal information?
There were a number of different questions and concerns about this topic. I'll discuss the main ones in detail below, but I want to emphasize this: we would not have put Hitbox code on LiveJournal if we believed it could harm you. You hold us to a very high standard by entrusting your journals with us and we're glad that you do. We're listening carefully to your concerns. We don't want any doubt to exist about those standards, so we've removed Hitbox code from the site until we can do further work to triple-check the security of this system. We're sorry for any concern we caused.
Could I refuse the cookie from Hitbox?
Where exactly was Hitbox code on LiveJournal.com?
As a rule, we only placed Hitbox code on non-journal pages within LiveJournal. Basically, if the page had the LiveJournal logo/header, then it had Hitbox code on it. This implementation deliberately excluded all journal pages since we wanted to be doubly cautious about treating your sensitive content with the utmost respect.
What information did LiveJournal give to Hitbox's code?
LiveJournal only gave the Hitbox code three pieces of information about a given page -- a unique identifier for our account with them, the name of our site ("LiveJournal.com") and the HTML page title ("Customize Journal"). That's it. There were a few unanticipated instances where a page's title might contain sensitive information, like the subject line of a post on a S1-styled journal's Post Comment page. That was a bug -- an unfortunate oversight. I'm sorry we didn't think ahead about these isolated cases when we decided to use the page title to populate the variable that identifies the page for Hitbox. Even though this data is completely confidential between LiveJournal and Hitbox, we know that it makes some of you uncomfortable. We've fixed it by pulling Hitbox code off of those pages. We didn't want the code on those types of pages as a rule anyway. We missed a couple. I apologize.
(3) COPPA -- we completely respect the letter and spirit of COPPA (refresher). Again, we do not share personally identifiable information with Hitbox or enable Hitbox to collect it about any users, including those under 13. There are two types of under 13 users on LJ -- those whose parents have given us permission and those who have not and therefore can only view public pages but cannot use the application. For the former, we have permission even though we don't share info with Hitbox. For the latter, we don't have any personal info to collect or share. Just to be safe though, we have added code to turn off Hitbox for users with the COPPA flag set.
Third-party software/services on LiveJournal
We'd all prefer to have a homegrown solution doing this -- in fact, we already have spent serious money on servers for this purpose, but we put things that would quickly improve your experience on LJ, like the My LJ feature, the datacenter move and ScrapBook improvements, ahead in line. Some dead-simple log processing could give us a fraction of what we'd get from Hitbox, but to get equivalent detail ourselves is a big project given the size and complexity of our log files. We decided that the benefits to LiveJournal of having the Hitbox data now were too many to wait. Hitbox is a service that's already being used by our parent company, Six Apart, and 1,000 other major web sites. It's run by a public company that must satisfy the scrutiny of huge customers, strict audits, and tough regulators. That's good enough for most, but it's probably not good enough for LiveJournal. You have a very high expectation of us and so we need to dig deeper into this technology and make sure it lives up to those standards. I'm sorry that we didn't do that before implementing -- my mistake. I'm confident that the safeguards we have -- not putting the code on sensitive content pages and legal contraints -- are strong, but we should also do this investigation. If we're not satisfied, we won't put the code back on the site. To the concerns that Hitbox is flagged by spyware programs, I won't speak for Hitbox, but I'd say that we believe that our implementation of Hitbox does not in any way fall in the category of spyware and our uses are quite the opposite of the "malicious" label often added to that term. If people want to block them, that's fine with us. (As an aside: spyware-detection companies have very diverse definitions of what qualifies as spyware, which makes it very tough for reputable companies like Hitbox to satisfy these vague and shifting requirements and so they're often included unfairly or fairly.)
Does Hitbox slow down LiveJournal?
Some users have reported that they believe Hitbox code caused loading a LiveJournal page to timeout for them. The code itself is small and adds little to the weight of any given page. It should in theory also execute very quickly. We didn't see slowness problems ourselves, but we're going to do more testing on that issue to try to get to the bottom of any problems.
We didn't communicate well with you when we implemented Hitbox. We weren't trying to pull a fast one on you -- the changelog commits are there in the open -- but we just didn't take the time to spell it all out clearly. I know that some folks might assume that we were trying to sneak something by them. We weren't, but what's done is done. I apologize for the poor communication. It felt slimy to some of you and that's a big bummer for me -- I know you love LiveJournal and I do too. The communication (and the site) will improve.
I also want to aplogize in particular to our great volunteers in Support and Abuse. I should have thought about this situation ahead of time, anticipated that we should have discussed it in detail, and worked with you to address concerns before we did anything. You all rock. Thank you for doing what you do.