WordPress.com Stats trojan horse for Quantcast tracking

Suppose you’re a blogger who values website performance and online privacy. You may have ditched Google Analytics because you think the do-no-evilers do not have to know who is on your site. Maybe you removed AddtoAny because of the 3rd party tracking code that slows down your site ever oh so slightly. And you don’t want the omnipresent Facebook Like widget for all the above reasons. No, the only 3rd party javascript you allow is the one pushed by the WordPress.com Stats plugin; one javascript-file  and one pixel and you get some nice stats in return. And come on, WordPress, those are the good guys, right?
Well, apparently not. While performing a test on for example webpagetest.org, you’ll see two requests to the quantserve.com domain;

http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel;r=705640318;fpan=1;fpa=P0-450352291-1292419712624;ns=0;url=http%3A%2F%2Fblog.futtta.be%2F;ref=;ce=1;je=1;sr=1024x768x32;enc=n;ogl=;dst=1;et=1292419712624;tzo=300;a=p-18-mFEk4J448M;labels=type.wporg

Ouch, that hurts! But surely Quantcast aren’t in the same league as AddtoAny’s media6degrees, who do behavioral advertising based on data captured all across the web? Well … Quantcast might be better known, but they do exactly the same thing; collecting user information and providing that info for targeted advertising. And just so you know, Quantcast is one of the companies that is on trial for restoring deleted cookies using Flash (“zombie cookies”). So no, I’m not comfortable with Quantcast collecting data on my blog’s visitors.
Now I know that I opted in on user-tracking by WordPress (or rather Automattic). And I can live with them knowing who visits my blog, I can live with the small performance-impact that the stats-plugin has on my site that way. But I did not sign up for 3rd party tracking, the plugin-page conveniantly fails to mention the extra tracking, there’s no opt-out mechanism in the plugin and there’s no info to be found on how to disable Quantcast tracking users on my own blog. I am not a happy WordPress-blogger!
So Automattic; please fess up and at least provide instructions on how to disable 3rd party tracking, just like AddtoAny’s Pat gracefully did?


Update 20 january 2011; Automattic seems unwilling to acknowledge there is a problem, the thread on wordpress.org forums where this was discussed has been closed. I created a small WordPress plugin, DoNotTrack, to stop Quantcast tracking. you can download it here.