I was view the RSS for my blog, and was thinking about how the tracking worked. My first thoughts where that a simple 1x1 gif is load each time the entry is rendered in my RSS reader, and that this was bad, as I might not read a entry many time before finally having the time to read a entry. This may be due to the length of the post, or the entry been more in-depth, and my desire to read when I have the time to think it over. Anyway I was think (without having read any standards) there needs to be a better tracking method for view but not marked read, and read (ie changing status).
After this I then looked at the actual URL for the counter, and noticed that the viewed entry is just a encoded string, thus you can write what you like in the content of anybody’s stats.
Only the first 44 characters of the text make it through. You can add the referrer if you please, thus
So you can now inject any valid URL you like in other peoples stats.
I’m not sure about other users, but I click each referrer to see how/why they got to me, but I’m not so sure I will now.
[Updated 15 May 2005] To remove my user name so my stats stop been hit.