ShareMeNot: Firefox plugins takes the tracking out of social media buttons

Students in the University of Washington Computer Science project have created "ShareMeNot," a Firefox Add-On that defangs social media buttons like the Facebook "Like" button (and others) so that they don't transmit any information about your browsing habits to these services until (and unless) you click on them. That means that merely visiting a page with a Like or a Tweet or a +1 button (like this one) doesn't generate a data-trail for the companies that operate those services, but you still get the benefit of the buttons, that is, if you click them, they still work. Smart.

ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them. Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience.

ShareMeNot (via Schneier)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: firefox • privacy • web theory

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

http://twitter.com/_sequoia Sequoia M.

check out http://disconnect.me as well (see it in action: http://bit.ly/pJPfJq ). It blocks the tracking/sharing scripts also. Is sharemenot different, similar…? Can anyone speak to that?

One drawback is that it doesn’t carry settings over *by site*, so if I turn facebook blocking off to log in to turntable.fm and forget to turn it back on, facebook is now unblocked universally.
- ComradeQuestions
  
  “One drawback is that it doesn’t carry settings over *by site*…”
  
  That’s my biggest complaint about NoScript, which I otherwise love. If I visit facebook.com, suddenly it’s in my “temporarily approved list”, and ANY site which includes a *.facebook.com script permits the script instead of blocking it.
  - t3kna2007
    
    > … and ANY site which includes a *.facebook.com script permits
    > the script instead of blocking it.
    
    According to the author of NoScript, you can get around this using NoScript’s ABE feature (“Application Boundaries Enforcer”), under NoScript Options > Advanced > ABE. The general approach is to write ABE rules to allow loading of Facebook files only when on a Facebook page and to block Facebook files otherwise; then allow Javascript for *facebook.com in NoScript’s Javascript permission list, permanently. This works because NoScript checks ABE rules first, to decide whether to even load those files, before it checks your JS permission list to decide whether to execute them.
    
    It’s complicated and takes a while to get it set up right, for all the related domains used to deliver Facebook content, but there’s help available on the NoScript forum.
    
    This also works with Disqus. I’ve heard. ;)
http://goodsharer.com/ Aloisius

Awesome. *installs*
http://twitter.com/Jacsy Jax C

I wish I’d installed this before visiting this page which is totally laden with social networking clicky things…
nosehat

It’s nice to see solutions like this available as add-ons. Of course the major ad networks compile the same kinds of profiles from all the pages they serve ads to, which is possibly a more insidious problem.

Maybe I’m naive, but I always wonder why add-ons are required for these kinds of basic privacy things in the first place. Why isn’t this built-in, the default behavior of the browser? I can understand it if Internet Explorer was built with the goals of corporations more in mind than the goals of the end users. But Firefox is open source, and supposedly driven by its user community.
Blaze Curry

Awesomesauce, as the kids say. I keep telling people that I’m not paranoid, I just place greater value on my personal data than free.
oldmanraps

Any other suggested add-ons that increase browsing security?
- xenphilos
  
  If you use Chrome, I use Better Popup Blocker and Ghostery. Links:
  https://chrome.google.com/webstore/detail/nmpeeekfhbmikbdhlpjbfmnpgcbeggic
  https://chrome.google.com/webstore/detail/mlomiejdfkolichcflejclcbmpeaniij
- querent
  
  https everywhere.
  
  https://www.eff.org/https-everywhere
http://twitter.com/zamdata Sam Data

If this can be done through an extension, then it can certainly be done by the creator of the website with these buttons. The websites can be serving up these “defanged” buttons.

So BoingBoing… are you going to defang all these social networking buttons you have on your site, or are you going to continue to let Facebook et al spy on all your readers?
xenphilos

I use Ghostery on Chrome. The blocking is beta, but it seems to work well.
rrh

“Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience”

Tell me more about these traditional solutions.
- http://blog.samat.org/ Samat Jain
  
  Traditional solutions include the Antisocial list for Adblock Plus.
  
  Facebook Like buttons, etc are blocked completely.
- http://www.samuelcousinsphotography.com Sam
  
  I suspect ‘traditional’ means these:
  
  1) Adblock is probably the easiest, as you can block the string.
  
  2) You can block particular servers with your hosts file (FB connect has its own domain name, so you can block just that)
  
  3) There’s a facebook blocker plugin – You can do stuff on facebook.com – but no FB interaction on any other site.
http://twitter.com/lostexpectation steve white

i found disconnect.me makes twitter buttons stop working altogether, which is not what i want
verde

It interferes with my online banking system.
http://chadchabot.myopenid.com/ chad

Incognito for Safari 5 is something that I’ve been using for a while.

As I understand it, it does a very similar, if not the same, job.

[http://www.orbicule.com/incognito/]
menton

Nice, but only a second or third best solution. Sites should not help others spy on their users in the first place. Third party hosted and updated buttons are handy of course. You paste the code and they do the rest. Sites manually blocking that is only second best (but easy so BoingBoing should still do that today!). But even better would be to construct a privacy standard for such buttons. I suggest two features:
1. no third party hosted button images. The preformatted code copied and pasted from the third parties should instead include textencoded images.
2. third party button code should have a related rss link where updated button code is distributed. Sites that deem it safe to do so could have scripts autoimport and update the button code from that RSS.
SamSam

BoingBoing, stop allowing Facebook to spy on us! Defang these buttons server-side!
unklstuart

What is the effective result? Less data collected about me, I assume. And when I frequent those sites, the ads will be less relevant to my interests?