Schneier on Security
A blog covering security and security technology.
« Data Privacy as a Prisoner's Dilemma |
| Hacking Apple Laptop Batteries »
July 28, 2011
ShareMeNot is a Firefox add-on for preventing tracking from third-party buttons (like the Facebook "Like" button or the Google "+1" button) until the user actually chooses to interact with them. That is, ShareMeNot doesn't disable/remove these buttons completely. Rather, it allows them to render on the page, but prevents the cookies from being sent until the user actually clicks on them, at which point ShareMeNot releases the cookies and the user gets the desired behavior (i.e., they can Like or +1 the page).
Posted on July 28, 2011 at 2:02 PM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@curious: hahahaha! :-)
An option to plugins like this is to just not stay logged in to google/fb/twitter/.... I typically use either another browser or a "private" window when I want to log in to sites.
Peter, to clarify for others, logging out of Google or Facebook will not disable their ability to track you on other sites, as the cookies still exist. You must log out and then delete all related cookies, or use a different browser with no cookies, or a browser functionality that disables cookies.
@Ben: point. I was thinking of the "presence" cookies. Other cookies do remain after logging out.
I actually added these filters to my Firefox adblock.
They are Facebook targeted, as I made ther in the pre-plus era.
The last one is presumabley the most important one, as it prevents any coockies being sent to fb.com from any third part site.
I like this, because I can share it with my friends that are concerned, but not savvy enough (or too lazy - it is work) to use NoScript and other kill-it-with-fire approaches. Sometimes they actually want to click the like button.
A BAD add on, A SINGLE USE shutoff, effectively.
Is this SMART? Wrong culture of defaults, and round-tripping.
FireFox, I like Lynx.
Cant you just block 'third party cookies'? I think NoScript works for this as well.
Nice add-on, but I thought this functionality was already covered by some others such as Ghostery in combination with NoScript and BetterPrivacy.
if you don't want to be tracked then why visit FB and/or google?
The problem is that a lot of website include google, Facebook or other 3rd party script in their websites. Like google analytics.
And those scripts can track you all around the web even if you don't visit FB or google thanks to those websites.
The Noscript and BetterPrivacy addons for Firefox can help tho.
I think I'll stick with NoScript and CookieMonster, I prefer the "kill it with fire" approach. If I really needs scripts of cookies, I'll add them myself.
I think the main advantage is that NoScript is much more granular.
Sadly there are increasing numbers of sites that will now refuse to load until you enable scripting from the Google analytics domain... you can get round this with another addon I've got on my laptop but can't remember the name of, but I prefer just not to use those sites.
@S: "Sadly there are increasing numbers of sites that will now refuse to load until you enable scripting from the Google analytics domain..."
I thought Noscript would have those "surrogates" to simulate the effects of certain blocked scripts.
NoScript may well do it these days, although as I said I use another addon on the (rare) occasions it's necessary, I just can't remember the name of it!
Usually if a site doesn't fire up once I've enabled site.com, site.net & maybe sitecdn.com, I'll go elsewhere for whatever I was trying to achieve.
Couldn't you get similar results from those embedded links by using a custom HOSTS file that effectively blacklists those links, by redirecting them to 127.0.0.1 (localhost)?
Check out this site to read more about it:
Click on the "There's no place like 127.0.0.1" button, if it isn't obvious.
There are a few strange side effects if you use this hosts file, like needing to click the "back" button a few times if you are drilled down in a web page. You will notice a message in the lower corner of your browser saying something about "connecting to 127.0.0.1", which shows you that each level of the web page has embedded links to third-party web sites that your computer is trying to fetch something from. Personally, I'm happy to trade this inconvenience in exchange for _not_ leaving my IP address in somebody's log.
Yes, it is getting irritating that Web sites now link to so MANY other Web servers - and those servers invariably have inadequate server power or bandwidth, so your page sits there "loading..." forever.
NoScript takes them out of action, but it's still a pain to have to figure out which site is holding up whatever you want to do on the main site. I end up doing "temporarily enable everything" just to get things working again.
I go to Web sites to do something specific, not play "20 Questions" with their page design so I can prevent them from hijacking my browser...
And these cretins who try to force me to stay on their page...God help them I ever meet them in person. Zimbio, I'm looking at you!
Interesting, though determined data miners could still be tracking you as you're still loading the third-party image.
Use Firefox with cookies/cache/etc. (everything) set to clear everytime FF is shut down. Use ctrl-shift-del everytime before logging into and after logging out of any site that requires login. Firefox plugins:
"Flash cookie" settings restricted pretty tight (not to mention flashblock to begin with)
Anywhere on the web I can't get to with all of these in place, I probably don't want to go anyway. Surprisingly, I don't notice any plugin-induced slowdown!
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.