ShareMeNot: Firefox plugins takes the tracking out of social media buttons

Students in the University of Washington Computer Science project have created "ShareMeNot," a Firefox Add-On that defangs social media buttons like the Facebook "Like" button (and others) so that they don't transmit any information about your browsing habits to these services until (and unless) you click on them. That means that merely visiting a page with a Like or a Tweet or a +1 button (like this one) doesn't generate a data-trail for the companies that operate those services, but you still get the benefit of the buttons, that is, if you click them, they still work. Smart.
ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them. Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience.
ShareMeNot (via Schneier)


  1. check out as well (see it in action: ).  It blocks the tracking/sharing scripts also.  Is sharemenot different, similar…? Can anyone speak to that?

    One drawback is that it doesn’t carry settings over *by site*, so if I turn facebook blocking off to log in to and forget to turn it back on, facebook is now unblocked universally.

    1. “One drawback is that it doesn’t carry settings over *by site*…”

      That’s my biggest complaint about NoScript, which I otherwise love.  If I visit, suddenly it’s in my “temporarily approved list”, and ANY site which includes a * script permits the script instead of blocking it.

      1. > … and ANY site which includes a * script permits
        > the script instead of blocking it.

        According to the author of NoScript, you can get around this using NoScript’s ABE feature (“Application Boundaries Enforcer”), under NoScript Options > Advanced > ABE.  The general approach is to write ABE rules to allow loading of Facebook files only when on a Facebook page and to block Facebook files otherwise; then allow Javascript for * in NoScript’s Javascript permission list, permanently.  This works because NoScript checks ABE rules first, to decide whether to even load those files, before it checks your JS permission list to decide whether to execute them. 

        It’s complicated and takes a while to get it set up right, for all the related domains used to deliver Facebook content, but there’s help available on the NoScript forum.

        This also works with Disqus.  I’ve heard. ;)

  2. It’s nice to see solutions like this available as add-ons.  Of course the major ad networks compile the same kinds of profiles from all the pages they serve ads to, which is possibly a more insidious problem.

    Maybe I’m naive, but I always wonder why add-ons are required for these kinds of basic privacy things in the first place.  Why isn’t this built-in, the default behavior of the browser?  I can understand it if Internet Explorer was built with the goals of corporations more in mind than the goals of the end users.  But Firefox is open source, and supposedly driven by its user community.

  3. Awesomesauce, as the kids say. I keep telling people that I’m not paranoid, I just place greater value on my personal data than free.

  4. If this can be done through an extension, then it can certainly be done by the creator of the website with these buttons. The websites can be serving up these “defanged” buttons.

    So BoingBoing… are you going to defang all these social networking buttons you have on your site, or are you going to continue to let Facebook et al spy on all your readers?

  5. “Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience”

    Tell me more about these traditional solutions.

    1. I suspect ‘traditional’ means these:

      1) Adblock is probably the easiest, as you can block the string.

      2) You can block particular servers with your hosts file (FB connect has its own domain name, so you can block just that)

      3) There’s a facebook blocker plugin – You can do stuff on – but no FB interaction on any other site.

  6. Incognito for Safari 5 is something that I’ve been using for a while.

    As I understand it, it does a very similar, if not the same, job.


  7. Nice, but only a second or third best solution. Sites should not help others spy on their users in the first place. Third party hosted and updated buttons are handy of course. You paste the code and they do the rest. Sites manually blocking that is only second best (but easy so BoingBoing should still do that today!). But even better would be to construct a privacy standard for such buttons. I suggest two features:
    1. no third party hosted button images. The preformatted code copied and pasted from the third parties should instead include textencoded images.
    2. third party button code should have a related rss link where updated button code is distributed. Sites that deem it safe to do so could have scripts autoimport and update the button code from that RSS.

  8. What is the effective result? Less data collected about me, I assume. And when I frequent those sites, the ads will be less relevant to my interests?

Comments are closed.