AddToAny removed-from-here
When looking at my blog’s performance in Google Webmaster Tools I saw Google complained of multiple dns-lookups. I knew about stats.wordpress.com, google-analytics.com (well, yeah …) and gravatar.com, but one domain in the list didn’t make sense to me at all; media6degrees.com, so I started to investigate a bit. Grepping the wordpress-, theme- and plugin-code on my server didn’t reveal anything, so I went into Firebug to see what was happening in javascript.
Apparently the AddToAny WordPress-plugin was initiating the call:
- add-to-any requests http://static.addtoany.com/menu/page.js (which is rather big but gzipped & cache-able)
- page.js in turn contains tracking (near the end of the file), by requesting an 1X1 pixel image at http://map.media6degrees.com/orbserv/hbpix?pixId=2869&curl=<encoded URL of page>
- media6degrees then sends the pixel and … sets multiple cookies in the process
And what’s media6degrees business you ask? Maybe they’re just providing the add-to-any author with statistics? Well, not exactly. This is what media6degrees writes on their website: “We deliver scalable custom audiences to major marketers by utilizing the online connections of their consumers.” So by using AddToAny, you’re providing media6degrees with data about your site’s visitors, which they can use to sell targeted communication to their customers.
If visitors of small-time blogs like mine would be the only ones affected by this, the damage would be limited. But AddToAny is also implemented on large local news-outlets such as deredactie.be or De Standaard Online and no doubt on some big international sites as well. Somehow I doubt those organizations know they’re feeding their visitors to media6degrees and I bet some of them would even strongly disagree.
I’m not happy about this, that much is clear. AddToAny offers great functionality, but:
- it adds unneeded requests to my page, causing the page to finish loading later (dns-request + http-request)
- it enrolls my site visitors in a targeted communication platform without anyone knowing (or agreeing)
- none of this is communicated on the AddToAny website or on the AddToAny WordPress plugin page
I mailed the author about this earlier this week (when i didn’t even know about media6degrees tracking cookies yet), but got no feedback up until now and I logged an issue on the wordpress.org support forum as well. And I decided to pull the plug on AddToAny off course, replacing it with sociable, making my blog render yet another millisecond faster, while at the same time protecting my visitors from this sneaky behavioral tracking by AddToAny and media6degrees.
Tom Hermans
22 Jan 10 at 19:03
Thanks for this useful information. I always built the “share”-section-code by hand and included that code in the sites I built. No surprises..
uberVU - social comments
23 Jan 10 at 01:25
Social comments and analytics for this post…
This post was mentioned on Twitter by netlash: Waarschuwing over Add-to-any: http://bit.ly/5QpQLo...
frank
27 Jan 10 at 12:10
add-to-any’s developer mailed me yesterday; there’ll be an opt-out mechanism for publishers, documentation should be up on the add-to-any site next week?
Rob
28 Jan 10 at 22:04
Great digging Frank. In this era of increasing openness, I find hiding a tracking mechanism this way a bad mistake. It’s enough for me to loose my confidence in them and to look for alternatives.
frank
15 Feb 10 at 18:24
AddToAny now has an option in the javascript api to disable 3rd party tracking, see http://blog.futtta.be/2010/02/15/addtoany-removing-the-spy-from-the-share-ware/
JT
26 Apr 10 at 20:22
Another interesting thread about AddtoAny’s sneaky tactics, this time regarding a rogue Google Adsense publisher ID being swapped with that of a website owner.
Have a look:
http://tinyurl.com/25mc3d7
frank
21 May 10 at 18:52
the post linked to above has been updated after the author was contacted by pat of a2a. the midway-conclusion now reads:
so the hijacking is not addtoany-related after all.
Shawn
12 May 10 at 15:59
Free is NEVER free
. Thanks for this post. I noticed the media6degress link in the safari activity window as well and decided to go digging. Though I don’t mind the tracking as much as not being upfront about it. Track all you want, share etc….but the added weight to the page really bothers me. Its a handy widget, I’ll keep it for now, any thoughts on “share this”?
boy kuripot
19 May 10 at 04:07
Man, thanks for sharing this. I’ve been wondering why my page loads so slow. I when I look at the bottom of the page, I see map.media6degrees loading. I didn’t know that it was the add to any button that was requesting it until I read this blog post. Damn!
Addtoany word press plugin seems to have tracking builtin | The MasterBlanker
2 Jun 10 at 02:17
[...] am not happy about how the plugin works and have decided to pull it from the site. After reading Futta’s blog I decided to swap over to “Sociable” which seems to have all the same functionality. As [...]
Removing Secret Behavioral Marketing from Wordpress’ AddToAny | Thoughts of a Neo-Academic
20 Jun 10 at 16:37
[...] just that media6degrees was the website being called. A quick Google search later led me to a very informative post. Here’s the short version: And what’s media6degrees business you ask? [...]
Mazda
3 Jul 10 at 03:07
I noticed the media6degress link in the safari activity window as well and decided to go digging.
recuperar archivos eliminados
4 Jul 10 at 12:06
AddtoAny…deleted permanently from my site. Unbelievably corrupt practice. Never will use anything they offer again. Thank you so much for pointing this out…
E-TARD
9 Jul 10 at 15:31
Let me start off by saying thank you for this nice blog post.
I am piss off to no end about this!!
I found this out the same way you did with “Google Webmaster Tools, performance”
I’m like WTH is this o_0
then I looked more into the matter & found your blog post.
I see no where on the plugin or on there website saying anything about media6degrees.
I have Deactivated the plugins & may just uninstall them for I do not see them changing anything any time soon.
I did looked into seeing if there was an easy way to remove that bit out of the code but I say F it
I will find something better or use nothing at all.
rNasty
12 Jul 10 at 16:29
“AddToAny removed-from-here”
I am going the same road. Off AddToAny, probably to SexyBookmarks.