In general, no website owners or webmasters want any unknown things to be added to their sites, even if it's only a single dot (".").
The internet domain registrar and web hosting company GoDaddy went far beyond that, as it was found injecting JavaScript codes into customer websites, and worse, as the codes may slow down websites or even break them entirely.
According to those who hosted their sites on GoDaddy, their administrator interface which is hosted by the popular web hosting service, prompted them to examine certain codes on their sites to detect problems.
Upon closer investigation, it was found that GoDaddy has this ability due to it injecting an unknown JavaScript files to users' websites.
The file in question came from GoDaddy's Real User Metrics (RUM) system, which the company describes as a means to "identify internal bottlenecks and optimization opportunities by inserting a small snippet of JavaScript code into customer websites."
Customers in the United States and those using cPanel Shared Hosting or cPanel Business were automatically opted-in to this particular service.
According to GoDaddy:
Using JavaScript to collect metrics to measure performance is a common practice in the modern days of the internet, as it many ways, enable web owners and webmasters understand how their websites work and perform in real time.
But as for GoDaddy's JavaScript file, the company isn’t transparent about letting customers know about RUM, although it does offer a help document.
Making thing worse, GoDaddy publicly admitted that it may impact website performance, and it's advising users to be aware of what might be causing slowdowns or outright breakages.
"The JavaScript used may cause issues including slower site performance, or a broken/inoperable website," GoDaddy explained.
In other words, this JavaScript is unwanted, and the RUM feature provides no actual benefit to site owners.
While the system GoDaddy uses is based on W3C Navigation Timing and may not be a security issue, if website breakage is a possibility, a default opt-in was not necessarily fair or reasonable.
As web owners and webmasters want their sites to perform at their peak without hiccup, they aren't expecting anything to impact their site's performance; they are not expecting GoDaddy's RUM to affect their sites in one way or another.
Other examples include Google Analytics or Google's AMP. While there can be hiccups once in a while, the technology is meant to be a passive technology that is invisible to the end user.
Injecting JavaScript into pages being served is far from passive, and can be considered a violation of trust between a web hosting company and its customers.
GoDaddy made this as an automatically opt-in option. But after the outrage, the company became aware of the concerns caused by this RUM program, and promised to turn off the JavaScript function entirely.
"We only collect performance data, nothing more. We don't collect personal information. The data we collect is used to monitor our internal systems, optimize DNS resolution, improve network routing and server configurations, and help us improve the performance of our customers' websites."
"After careful review of the concerns being raised around this program, we have decided to turn off the Javascript insertion on our hosting platform immediately. We will reintroduce this program in the future, so that it is on an opt-in only basis. We apologize for any confusion and inconvenience to our customers."