AddToAny removed-from-here

Update 01-2012: AddToAny now includes tracking by parent company Lockerz.com which cannot easily be disabled.

When looking at my blog’s performance in Google Webmaster Tools I saw Google complained of multiple dns-lookups. I knew about stats.wordpress.com, google-analytics.com (well, yeah …) and gravatar.com, but one domain in the list didn’t make sense to me at all; media6degrees.com, so I started to investigate a bit. Grepping the wordpress-, theme- and plugin-code on my server didn’t reveal anything, so I went into Firebug to see what was happening in javascript.

Apparently the AddToAny WordPress-plugin was initiating the call:

  1. add-to-any requests http://static.addtoany.com/menu/page.js (which is rather big but gzipped & cache-able)
  2. page.js in turn contains tracking (near the end of the file), by requesting an 1X1 pixel image at http://map.media6degrees.com/orbserv/hbpix?pixId=2869&curl=<encoded URL of page>
  3. media6degrees then sends the pixel and … sets multiple cookies in the process

And what’s media6degrees business you ask? Maybe they’re just providing the add-to-any author with statistics? Well, not exactly. This is what media6degrees writes on their website: “We deliver scalable custom audiences to major marketers by utilizing the online connections of their consumers.” So by using AddToAny, you’re providing media6degrees with data about your site’s visitors, which they can use to sell targeted communication to their customers.

If visitors of small-time blogs like mine would be the only ones affected by this, the damage would be limited. But AddToAny is also implemented on large local news-outlets such as deredactie.be or De Standaard Online and no doubt on some big international sites as well. Somehow I doubt those organizations know they’re feeding their visitors to media6degrees and I bet some of them would even strongly disagree.

I’m not happy about this, that much is clear. AddToAny offers great functionality, but:

  • it adds unneeded requests to my page, causing the page to finish loading later (dns-request + http-request)
  • it enrolls my site visitors in a targeted communication platform without anyone knowing (or agreeing)
  • none of this is communicated on the AddToAny website or on the AddToAny WordPress plugin page

I mailed the author about this earlier this week (when i didn’t even know about media6degrees tracking cookies yet), but got no feedback up until now and I logged an issue on the wordpress.org support forum as well. And I decided to pull the plug on AddToAny off course, replacing it with sociable, making my blog render yet another millisecond faster, while at the same time protecting my visitors from this sneaky behavioral tracking by AddToAny and media6degrees.

36 thoughts on “AddToAny removed-from-here

  1. Pingback: uberVU - social comments

  2. frank Post author

    add-to-any’s developer mailed me yesterday; there’ll be an opt-out mechanism for publishers, documentation should be up on the add-to-any site next week?

    Reply
  3. Rob

    Great digging Frank. In this era of increasing openness, I find hiding a tracking mechanism this way a bad mistake. It’s enough for me to loose my confidence in them and to look for alternatives.

    Reply
    1. frank Post author

      the post linked to above has been updated after the author was contacted by pat of a2a. the midway-conclusion now reads:

      “However, having been in contact with AddToAny, I don’t believe they are the ones who are being dishonest, in spite of the coincidences implicating their button code, or other services it uses.”

      so the hijacking is not addtoany-related after all.

      Reply
  4. Shawn

    Free is NEVER free :). Thanks for this post. I noticed the media6degress link in the safari activity window as well and decided to go digging. Though I don’t mind the tracking as much as not being upfront about it. Track all you want, share etc….but the added weight to the page really bothers me. Its a handy widget, I’ll keep it for now, any thoughts on “share this”?

    Reply
    1. Joe

      As far as the weight goes, I opted out of the tracking with the no_3p param and that handled it. It was just over 3 seconds and this cut it down to 125 milliseconds. I do agree that not being up front about this is a hell of a turn off– not to mention (except I am mentioning it) you have to have some understanding of javascript to opt out of the tracking.

      Reply
  5. boy kuripot

    Man, thanks for sharing this. I’ve been wondering why my page loads so slow. I when I look at the bottom of the page, I see map.media6degrees loading. I didn’t know that it was the add to any button that was requesting it until I read this blog post. Damn!

    Reply
  6. Pingback: Addtoany word press plugin seems to have tracking builtin | The MasterBlanker

  7. Pingback: Removing Secret Behavioral Marketing from Wordpress’ AddToAny | Thoughts of a Neo-Academic

  8. E-TARD

    Let me start off by saying thank you for this nice blog post.

    I am piss off to no end about this!!
    I found this out the same way you did with “Google Webmaster Tools, performance”

    I’m like WTH is this o_0
    then I looked more into the matter & found your blog post.

    I see no where on the plugin or on there website saying anything about media6degrees.
    I have Deactivated the plugins & may just uninstall them for I do not see them changing anything any time soon.

    I did looked into seeing if there was an easy way to remove that bit out of the code but I say F it
    I will find something better or use nothing at all.

    Reply
  9. Pingback: WordPress maintenance day: improving sharing, caching and mobility – jukka.niiranen.eu

  10. Michael McNamara

    Thanks for sharing your findings… like you I went looking at Google’s site performance information and was initially stumped by the reference to media6degrees until I found your post.

    Cheers!

    Reply
  11. Michelle

    I recently did a major overhaul of my site, and removed the AddToAny plugin in the process. I replaced it with Shareaholic, which I like much better. Unfortunately, I am STILL seeing my site hit map.media6degrees.com! I thank you for writing this article to help me find out the reason for this hit, now I just need to figure out why these jerks are still tracking my site without my permission.

    Of course, if anyone reading this has run into, and solved, this problem, I would love to hear about that as well!

    Reply
    1. frank Post author

      the culprit seems to be sexybookmarks (i.e. shareaholic); jquery.shareaholic-publishers-sb.min.js seems to be the file that initiates the call to media6degrees. you might be better of with add2any, which can at least be configured not to do 3rd party tracking.

      Reply
      1. Michelle

        Looks like I got out of the frying pan and into the fire…completely unintentionally. I thank you for your superior knowledge of how to find which javascript is doing what, and I’ll now set about disabling media6degrees’ tracking on all of my blogs. Many thanks!

      2. teezee

        Thanks this helped me. I switched back to AddToAny and used the code from your other post. I’m happy with it. I think it’s a better plugin than “sexy”.

  12. Pingback: Bad online behavior - gambrinous with griffonage

  13. Liz

    I MISTAKENLY tried out the AddToAny share widget for Blogger, I clicked on the link that automatically installs the code for the share widget below each post. How do I completely remove the code for this from my Blogger HTML???? I can’t find their code anywhere!!! HELP!!!

    Reply
    1. frank Post author

      hi liz; I just tested this out myself, the addtoany code is added as a gadget. to change/ remove, go to “design”, it should be visible in the right hand ‘gadget’-column. click on “edit”, then “remove” in the popup and confirm by clicking “ok”. hope this helps!

      Reply
  14. Pingback: Sai AddToAny, entra Sociable

  15. runbei

    AddToAny has been acquired by lockerz.com, a social/$/rewards site for people age 18-30. Adding the opt-out code does not prevent a lockerz script from showing up when you have NoScript installed. If you don’t want your users to have NS block this script (it will show in the NoScript options tab in the status bar as “Allow lockerz.com” – then you should uninstall AddToAny and use something else.

    Reply
  16. Pingback: AddToAny Killed My SiteFrank Haywood

  17. Pingback: AddtoAny Wordpress Plugin – Auf nimmer wiedersehen « Harald Jenk

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>