I read the article above. It doesn’t mention anywhere about adding b.scorecardresearch.com tracking to the header.
The plugin was described in the WordPress plugin library as share buttons, which is what i assume most people downloaded for. If they wanted all the other crap, they could have downloaded an additional plugin for affiliate links, tracking or anything else.
The fact that all this tracking garbage and affiliate linking was turned on by default with no notifications in the WordPress admin pretty much confirms that you were trying to activate this under the radar.
You protest that you were completely transparent on your blog? Who bothers to read the blog of every plugin they have installed their WordPress? This is not a suitable way to dump such a massive uninvited change on your users.
The transparent solution would have been easy –
1. Default the new features to OFF and allow users to turn it on at their own discretion.
2. Use the WordPress notifications to alert the user to the change.
As anyone who runs a site can attest the LAST this you want is to wake up one day and realize that all your links are being modified and your website is being tracked by some third-party.
This plugin is scammy, and no amount of fake ‘disclosure’ on your product blog makes up for that.