I’ve used SlideShare for a while, and enjoy embedding the viewer into blog posts about my conference presentations. But lately I’ve noticed weird behavior in the WordPress editor and set out to determine what was going on. It appears that SlideShare is injecting a tracking code from “ScoreCard Research” when their slideshow embed code is used. This would be bad enough on its own, but this embedded JavaScript seems to interfere with the WordPress editor and I saw no indication of an opt-in or privacy policy regarding this.
The embedded script is automatically added to the bottom of the editor window when the slide share embed code is pasted in. It appears to re-add the script multiple times as images are uploaded and inserted or one switches between the visual and HTML displays of the WordPress editor. My latest such post, a summary of my Interop presentation on FCoE versus iSCSI, contained half a dozen copies of this script code!
Here’s a copy of the injected code:
<script src=”http://b.scorecardresearch.com/beacon.js?c1=7&c2=7400849&c3=1&c4=&c5=&c6=”></script>
SlideShare took exception at being labeled a malware injector, claiming this is “just a comscore analytics link”, but malware is as malware does, and this tracking script interferes with the operation of the WordPress editor and is added without consent. I call that malware, and I call foul. If SlideShare wants to monitor the use of their embedded slideshows, they should simply add tracking to their own JavaScript code, rather than clumsily adding a third-party script.
I recommend switching to HTML mode and removing the script before pressing “Publish” whenever using SlideShare embeds. And I suggest reconsidering whether you want to use a service that does this sort of thing. I know I’m considering dumping SlideShare and deleting my account!