Privacy concern: AddThis apparently putting flash tracking object on sites
| Project: | AddThis Button |
| Version: | 6.x-2.6 |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Recently I noticed that a Drupal site using AddThis was loading an http://bin.clearspring.com/at/v/1/svc6.swf object at the top of the page. Since I did not recall including the this in the site, I did some digging around on Google.
Apparently, Addthis was sold ClearSpring last October, and shortly after they began sending a ClearSpring Flash Tracking Object . You can read more of the details on JohnHaller.com Here is an excerpt from the site:
"As with all flash tracking objects, the ClearSpring object uses Local Shared Objects aka "Flash Cookies" to track users as they visit multiple websites using AddThis or ClearSpring widgets. These cookies are not visible within user's normal privacy options windows in their browsers and can not be cleared by using the browser's Clear Private Data (Firefox) and similar privacy options. These cookies also work across all browsers on the machine as Flash stores these LSOs in a single location."
I just wanted to sound the warning on this
#1
I don't thinks this is an issue any more. There is no sign of any Flash objects any more.
#2
I still have this problem. with version 6.x-2.6.
If you clear the session cookies and the domain cookies, the first visit displayes the following code
<object type="application/x-shockwave-flash" data="http://bin.clearspring.com/at/v/1/button1.swf" id="atff" style="width: 1px; height: 1px; position: absolute; z-index: 100000;"><param value="transparent" name="wmode"><param value="always" name="allowScriptAccess"></object>http://s7.addthis.com/js/152/addthis_widget.js is added to the page by the AddThis module.
And that compressed javascript contains:
swf:"http://bin.clearspring.com/at/v/1/button1.swf"So it seems the problem is still very active.
#3
This is a very serious issue.
Thank you for bringing it up.
www.ZuNOB.com
#4
I have forwarded this issue to Addthis.com and hopefully they will comment on this.
#5
Please have a look at the latest dev version of 6.x. The module now includes an option to disable Flash cookies.
#6
Thanks for pointing out this issue and about the dev release. I am now running the dev. I think this is a neat widget, with the logo, email, favorites and all. But, I do want to be able to control the cookies that are planted in my equipment.
#7
You can disable your flash cookies on your own computer, but I guess that doesn't help your visitors. I think this is a browser issue also. Why doesn't Firefox allow people to clear Flash cookies along with the HTTP cookies? Time to put pressure on Firefox, Safari, Opera, IE, and Adobe to integrate the clearing of Flash cookies into the browser.
#8
the question in my mind is Do we really need any flash cookies at all? Please..leave my computer out of this... Who are these folks that must poke there nose where it don't belong....
#9
The explanation of why we're setting a Flash 'cookie' is explained here: http://www.addthis.com/blog/2009/01/05/the-addthis-flash-cookie-we-need-...
Also, as Vesa posted above, you can disable setting a Flash cookie in the Drupal module.
Finally, we don't set any cookie, Flash or Browser/JS, if the domain is .gov or .mil, per our Agreement with the GSA: http://www.addthis.com/blog/2009/04/29/establishing-an-agreement-with-th...
#10
So just to be clear, if we add this module to our site but disable the flash cookie, our site visitors will not have to do anything to avoid the cookie?
#11
That is correct.
#12
ok, I'll use the latest dev version, and turn off the Flash cookie. I definitely don't want to bring N97i users some threat of privacy leaking.
#13
how is the flash cookie disabled?
#14
HI m.e. .. goto Site configuration > Add this ,, pop open the Wiget settings and the checkbox is at the bottom "disable flash cookie".
#15
There's no checkbox for disable flash cookie, at least in my installation. The only checkbox is to disable drop-down. My download was from the Drupal site, 6.x-2.6. Do I need a different version?
#16
I think you have to use the .dev version 6.x-2.x-dev , the one I am using.
http://ftp.drupal.org/files/projects/addthis-6.x-2.x-dev.tar.gz
I do like this mod, it is cool..
#17
If you use this module, you should sign up for an account at addthis and put your username(i think) in the settings for the module..
from the readme.
"For link sharing statistics registration at http://addthis.com/ is required, but the module will work even without registration."
#18
This feature has now been released in version 2.7.
The module will work without registration, but you will only get statistics from addthis.com by registering. If you don't care about the statistics there is no reason to register.
#19
Yes, 2.7 did the trick. However, please see my related post about a new behavior: http://drupal.org/node/463224
#20
Automatically closed -- issue fixed for 2 weeks with no activity.
#21
Solutions to this problem for those still using Drupal 5.x can be found here: #597872: Fixing //bin.clearspring.com/at/v/1/button1.6.swf issues