Is PicLens Malware?
I recently installed the PicLens Firefox extension. It is an incredibly useful way to browse image collections, the interface is both very responsive and well thought, and the integration into existing websites is unobtrusive enough to convince me.
Then, as I was monitoring requests on one application I develop on my local server, I noticed that each time I requested a page, two requests were received by the web server (in addition to requests for web assets such as JavaScript, CSS and image files). After investigation, I realized that the PicLens extension detected a <link> tag in the page content, and automatically fetched the RSS feed linked by that tag. It does so everytime it detects an application/rss+xml link.
I made the test with pages including more than one RSS feed (try php.net for instance) and noticed the same behavior, only at a larger scale. So PicLens does basically what Google Web Accelerator does: it prefetches web resources (in this case: RSS feeds) to accelerate the navigation experience.
I emailed the PicLens support about the issue, and here is their response:
Hi Francois,
Thank you so much for your kind words and for using PicLens! We really appreciate you taking the time to send us your thoughts.
I’m sorry to hear you are worried about PicLens’s prefetching behavior. We prefetch all tags that have a content type of “application/rss+xml” because we use that to match up mediarss feeds with items on the page. It’s not a bug at all, nor have we heard of it causing any problems for anyone. Is there a specific reason you feel that it jeopardizes websites?
Hope to hear back from you soon.
All the best, Meg & The PicLens Team
I can think of many reasons why link prefetching is bad, among which wrong statistics, additional bandwidth and server load. But maybe I’m being too extremist on that one. What do you think? Can prefetching be considered as an acceptable practice nowadays? Or is the PicLens extension something that should not be installed?
Possibly related posts (automatically generated):
They’re totally wrong, of course. They cannot grab and waste all this bandwidth like this in the back of the user. My main concern is that a lot of apps or even users seem to think this is totally fair…
I’m not a PicLens user (no Linux version, too bad), but I think you can avoid that bandwidth waste with some simple robots.txt tricks (just like with Fasterfox add-on)
So what if you have user specific rss links ? And what is the behavior of the web application changes if the user has already visited the rss link or not ? For exemple, it could be a link “did you think about adding our feed to your feeder ?” that would disappear once you’ve added it.
Furthermore, it can give really interesting statistics to webmasters, knowing how many of your user has already read the specific rss link, compared to how many still have it in there reader.
Prefetching is bad, whatever the content prefetched.
I thought this kind of practice had disappeared, mainly due to high speed connections. It seems that some people still don’t see the point.
Browsers grab images, CSS and JavaScript files if your HTML source refers to them, and favicon.ico without any reference. Is it really that different with feeds?
I think the PicLens behavior you describe is less obnoxious than feed readers that poll your feed obsessively 24/7 even if the user never looks at it.
First, I must say that I absolutely LOVE PicLens, even to the point of enabling it on my own website: http://www.gasteroprod.com/blog/piclens-fonctionne-maintenant-sur-gastero-prod.html
What I don’t understand from your experiment and their response is that their documentation tells us to add an id=”gallery” to the link tag refering the mediarss feed, so why are they loading also the other feeds?
Maybe it’s because they try to enable their tool on websites that don’t have this additional id and then claiming to work everywhere…