AddToAny removed-from-here
Update 01-2012: AddToAny now includes tracking by parent company Lockerz.com which cannot easily be disabled.
When looking at my blog’s performance in Google Webmaster Tools I saw Google complained of multiple dns-lookups. I knew about stats.wordpress.com, google-analytics.com (well, yeah …) and gravatar.com, but one domain in the list didn’t make sense to me at all; media6degrees.com, so I started to investigate a bit. Grepping the wordpress-, theme- and plugin-code on my server didn’t reveal anything, so I went into Firebug to see what was happening in javascript.
Apparently the AddToAny WordPress-plugin was initiating the call:
- add-to-any requests http://static.addtoany.com/menu/page.js (which is rather big but gzipped & cache-able)
- page.js in turn contains tracking (near the end of the file), by requesting an 1X1 pixel image at http://map.media6degrees.com/orbserv/hbpix?pixId=2869&curl=<encoded URL of page>
- media6degrees then sends the pixel and … sets multiple cookies in the process
And what’s media6degrees business you ask? Maybe they’re just providing the add-to-any author with statistics? Well, not exactly. This is what media6degrees writes on their website: “We deliver scalable custom audiences to major marketers by utilizing the online connections of their consumers.” So by using AddToAny, you’re providing media6degrees with data about your site’s visitors, which they can use to sell targeted communication to their customers.
If visitors of small-time blogs like mine would be the only ones affected by this, the damage would be limited. But AddToAny is also implemented on large local news-outlets such as deredactie.be or De Standaard Online and no doubt on some big international sites as well. Somehow I doubt those organizations know they’re feeding their visitors to media6degrees and I bet some of them would even strongly disagree.
I’m not happy about this, that much is clear. AddToAny offers great functionality, but:
- it adds unneeded requests to my page, causing the page to finish loading later (dns-request + http-request)
- it enrolls my site visitors in a targeted communication platform without anyone knowing (or agreeing)
- none of this is communicated on the AddToAny website or on the AddToAny WordPress plugin page
I mailed the author about this earlier this week (when i didn’t even know about media6degrees tracking cookies yet), but got no feedback up until now and I logged an issue on the wordpress.org support forum as well. And I decided to pull the plug on AddToAny off course, replacing it with sociable, making my blog render yet another millisecond faster, while at the same time protecting my visitors from this sneaky behavioral tracking by AddToAny and media6degrees.
Possibly related twitterless twaddle:
Tom Hermans
22 Jan 10 at 19:03
Thanks for this useful information. I always built the “share”-section-code by hand and included that code in the sites I built. No surprises..
uberVU - social comments
23 Jan 10 at 01:25
Social comments and analytics for this post…
This post was mentioned on Twitter by netlash: Waarschuwing over Add-to-any: http://bit.ly/5QpQLo...
frank
27 Jan 10 at 12:10
add-to-any’s developer mailed me yesterday; there’ll be an opt-out mechanism for publishers, documentation should be up on the add-to-any site next week?
Rob
28 Jan 10 at 22:04
Great digging Frank. In this era of increasing openness, I find hiding a tracking mechanism this way a bad mistake. It’s enough for me to loose my confidence in them and to look for alternatives.
frank
15 Feb 10 at 18:24
AddToAny now has an option in the javascript api to disable 3rd party tracking, see http://blog.futtta.be/2010/02/15/addtoany-removing-the-spy-from-the-share-ware/
JT
26 Apr 10 at 20:22
Another interesting thread about AddtoAny’s sneaky tactics, this time regarding a rogue Google Adsense publisher ID being swapped with that of a website owner.
Have a look:
http://tinyurl.com/25mc3d7
frank
21 May 10 at 18:52
the post linked to above has been updated after the author was contacted by pat of a2a. the midway-conclusion now reads:
so the hijacking is not addtoany-related after all.
Shawn
12 May 10 at 15:59
Free is NEVER free
. Thanks for this post. I noticed the media6degress link in the safari activity window as well and decided to go digging. Though I don’t mind the tracking as much as not being upfront about it. Track all you want, share etc….but the added weight to the page really bothers me. Its a handy widget, I’ll keep it for now, any thoughts on “share this”?
Joe
17 Dec 10 at 18:26
As far as the weight goes, I opted out of the tracking with the no_3p param and that handled it. It was just over 3 seconds and this cut it down to 125 milliseconds. I do agree that not being up front about this is a hell of a turn off– not to mention (except I am mentioning it) you have to have some understanding of javascript to opt out of the tracking.
boy kuripot
19 May 10 at 04:07
Man, thanks for sharing this. I’ve been wondering why my page loads so slow. I when I look at the bottom of the page, I see map.media6degrees loading. I didn’t know that it was the add to any button that was requesting it until I read this blog post. Damn!
Addtoany word press plugin seems to have tracking builtin | The MasterBlanker
2 Jun 10 at 02:17
[...] am not happy about how the plugin works and have decided to pull it from the site. After reading Futta’s blog I decided to swap over to “Sociable” which seems to have all the same functionality. As [...]
Removing Secret Behavioral Marketing from Wordpress’ AddToAny | Thoughts of a Neo-Academic
20 Jun 10 at 16:37
[...] just that media6degrees was the website being called. A quick Google search later led me to a very informative post. Here’s the short version: And what’s media6degrees business you ask? [...]
Mazda
3 Jul 10 at 03:07
I noticed the media6degress link in the safari activity window as well and decided to go digging.
recuperar archivos eliminados
4 Jul 10 at 12:06
AddtoAny…deleted permanently from my site. Unbelievably corrupt practice. Never will use anything they offer again. Thank you so much for pointing this out…
E-TARD
9 Jul 10 at 15:31
Let me start off by saying thank you for this nice blog post.
I am piss off to no end about this!!
I found this out the same way you did with “Google Webmaster Tools, performance”
I’m like WTH is this o_0
then I looked more into the matter & found your blog post.
I see no where on the plugin or on there website saying anything about media6degrees.
I have Deactivated the plugins & may just uninstall them for I do not see them changing anything any time soon.
I did looked into seeing if there was an easy way to remove that bit out of the code but I say F it
I will find something better or use nothing at all.
rNasty
12 Jul 10 at 16:29
“AddToAny removed-from-here”
I am going the same road. Off AddToAny, probably to SexyBookmarks.
WordPress maintenance day: improving sharing, caching and mobility – jukka.niiranen.eu
4 Aug 10 at 17:49
[...] available, AddToAny seemed to be the most up to date offering. However, it turned out to have someundesireable tracking features built in. After trying out some smaller, less commercial options like Sociable, I came to the [...]
Michael McNamara
24 Aug 10 at 06:47
Thanks for sharing your findings… like you I went looking at Google’s site performance information and was initially stumped by the reference to media6degrees until I found your post.
Cheers!
Bandini
9 Sep 10 at 09:59
I’ve been trying to remove this addtoany widget from my blogger blog but I can’t find it in my html.
frank
10 Sep 10 at 12:58
maybe the instructions on how to add addtoany to blogger can be used to find and delete the code as well?
good luck!
Joe
11 Dec 10 at 05:13
Amazing. You could be a web detective. Thank you!
Michelle
12 May 11 at 16:43
I recently did a major overhaul of my site, and removed the AddToAny plugin in the process. I replaced it with Shareaholic, which I like much better. Unfortunately, I am STILL seeing my site hit map.media6degrees.com! I thank you for writing this article to help me find out the reason for this hit, now I just need to figure out why these jerks are still tracking my site without my permission.
Of course, if anyone reading this has run into, and solved, this problem, I would love to hear about that as well!
frank
12 May 11 at 18:41
the culprit seems to be sexybookmarks (i.e. shareaholic); jquery.shareaholic-publishers-sb.min.js seems to be the file that initiates the call to media6degrees. you might be better of with add2any, which can at least be configured not to do 3rd party tracking.
Michelle
12 May 11 at 19:11
Looks like I got out of the frying pan and into the fire…completely unintentionally. I thank you for your superior knowledge of how to find which javascript is doing what, and I’ll now set about disabling media6degrees’ tracking on all of my blogs. Many thanks!
teezee
26 May 11 at 06:33
Thanks this helped me. I switched back to AddToAny and used the code from your other post. I’m happy with it. I think it’s a better plugin than “sexy”.
Bad online behavior - gambrinous with griffonage
22 Jun 11 at 07:07
[...] to send to advertisers to track your browsing movements. After doing some digging, I found that I'm not the only one who has noticed [...]
Liz
19 Jul 11 at 12:36
I MISTAKENLY tried out the AddToAny share widget for Blogger, I clicked on the link that automatically installs the code for the share widget below each post. How do I completely remove the code for this from my Blogger HTML???? I can’t find their code anywhere!!! HELP!!!
frank
19 Jul 11 at 13:05
hi liz; I just tested this out myself, the addtoany code is added as a gadget. to change/ remove, go to “design”, it should be visible in the right hand ‘gadget’-column. click on “edit”, then “remove” in the popup and confirm by clicking “ok”. hope this helps!
Totti Anh Nguyen
2 Sep 11 at 19:13
Totally agree with you man, I was just trying to find out why the page.js loads so slow. Thanks for the explanation regarding the tracking thing.
plots in Hosur
13 Dec 11 at 10:52
Great digging Frank. In this era of increasing openness, I find hiding a tracking mechanism this way a bad mistake.
Sai AddToAny, entra Sociable
18 Dec 11 at 21:35
[...] (tempo de carregamento das páginas e uso das estatísticas para fins escusos) relacionados ao AddToAny, resolvi colocar em seu lugar o [...]
runbei
6 Jan 12 at 18:56
AddToAny has been acquired by lockerz.com, a social/$/rewards site for people age 18-30. Adding the opt-out code does not prevent a lockerz script from showing up when you have NoScript installed. If you don’t want your users to have NS block this script (it will show in the NoScript options tab in the status bar as “Allow lockerz.com” – then you should uninstall AddToAny and use something else.
frank
7 Jan 12 at 09:43
that is very interesting info, i’ll follow up on this and include lockerz in the default wp donottrack blacklist as well. thanks runbei!