ShareMeNot

ShareMeNot is a Firefox add-on for preventing tracking from third-party buttons (like the Facebook "Like" button or the Google "+1" button) until the user actually chooses to interact with them. That is, ShareMeNot doesn't disable/remove these buttons completely. Rather, it allows them to render on the page, but prevents the cookies from being sent until the user actually clicks on them, at which point ShareMeNot releases the cookies and the user gets the desired behavior (i.e., they can Like or +1 the page).

Posted on July 28, 2011 at 2:02 PM • 21 Comments

Comments

PeterJuly 28, 2011 2:36 PM

@curious: hahahaha! :-)

An option to plugins like this is to just not stay logged in to google/fb/twitter/.... I typically use either another browser or a "private" window when I want to log in to sites.

Ben BrockertJuly 28, 2011 2:54 PM

Peter, to clarify for others, logging out of Google or Facebook will not disable their ability to track you on other sites, as the cookies still exist. You must log out and then delete all related cookies, or use a different browser with no cookies, or a browser functionality that disables cookies.

PeterJuly 28, 2011 3:33 PM

@Ben: point. I was thinking of the "presence" cookies. Other cookies do remain after logging out.

altjiraJuly 28, 2011 4:40 PM

I like this, because I can share it with my friends that are concerned, but not savvy enough (or too lazy - it is work) to use NoScript and other kill-it-with-fire approaches. Sometimes they actually want to click the like button.

PackagedBlueJuly 28, 2011 5:24 PM

A BAD add on, A SINGLE USE shutoff, effectively.

Is this SMART? Wrong culture of defaults, and round-tripping.

FireFox, I like Lynx.

EdJuly 28, 2011 6:13 PM

Cant you just block 'third party cookies'? I think NoScript works for this as well.

Dirk PraetJuly 28, 2011 7:23 PM

Nice add-on, but I thought this functionality was already covered by some others such as Ghostery in combination with NoScript and BetterPrivacy.

hm.July 28, 2011 7:55 PM

But using 'sharemenot' means that the page still loads the iframe (and runs javascripts unless you're also blocking them with eg. noscript) and they log which ip from where did that. Afterwards, user logins from the same ip to fb/whatever, and information can be correlated, once again..

ArkhJuly 29, 2011 4:58 AM

@John
The problem is that a lot of website include google, Facebook or other 3rd party script in their websites. Like google analytics.

And those scripts can track you all around the web even if you don't visit FB or google thanks to those websites.

The Noscript and BetterPrivacy addons for Firefox can help tho.

MeJuly 29, 2011 9:38 AM

I think I'll stick with NoScript and CookieMonster, I prefer the "kill it with fire" approach. If I really needs scripts of cookies, I'll add them myself.

SJuly 29, 2011 9:48 AM

I think the main advantage is that NoScript is much more granular.

Once you've been using it for a few days, it quickly becomes apparent that most sites, even full-on Web 2.0 AJAX ones with all the Javascript bells & whistles, function perfectly fine with one or two domains whitelisted, out of the twenty different domains they want to execute scripts from.

Sadly there are increasing numbers of sites that will now refuse to load until you enable scripting from the Google analytics domain... you can get round this with another addon I've got on my laptop but can't remember the name of, but I prefer just not to use those sites.

PaeniteoJuly 29, 2011 9:58 AM

@S: "Sadly there are increasing numbers of sites that will now refuse to load until you enable scripting from the Google analytics domain..."

I thought Noscript would have those "surrogates" to simulate the effects of certain blocked scripts.

SJuly 29, 2011 10:21 AM

NoScript may well do it these days, although as I said I use another addon on the (rare) occasions it's necessary, I just can't remember the name of it!

Usually if a site doesn't fire up once I've enabled site.com, site.net & maybe sitecdn.com, I'll go elsewhere for whatever I was trying to achieve.

anonJuly 29, 2011 10:28 AM

Couldn't you get similar results from those embedded links by using a custom HOSTS file that effectively blacklists those links, by redirecting them to 127.0.0.1 (localhost)?

Check out this site to read more about it:
http://winhelp2002.mvps.org/

Click on the "There's no place like 127.0.0.1" button, if it isn't obvious.

There are a few strange side effects if you use this hosts file, like needing to click the "back" button a few times if you are drilled down in a web page. You will notice a message in the lower corner of your browser saying something about "connecting to 127.0.0.1", which shows you that each level of the web page has embedded links to third-party web sites that your computer is trying to fetch something from. Personally, I'm happy to trade this inconvenience in exchange for _not_ leaving my IP address in somebody's log.

Richard Steven HackJuly 29, 2011 10:38 AM

S: "Once you've been using it for a few days, it quickly becomes apparent that most sites, even full-on Web 2.0 AJAX ones with all the Javascript bells & whistles, function perfectly fine with one or two domains whitelisted, out ofNoSc the twenty different domains they want to execute scripts from."

Yes, it is getting irritating that Web sites now link to so MANY other Web servers - and those servers invariably have inadequate server power or bandwidth, so your page sits there "loading..." forever.

NoScript takes them out of action, but it's still a pain to have to figure out which site is holding up whatever you want to do on the main site. I end up doing "temporarily enable everything" just to get things working again.

I go to Web sites to do something specific, not play "20 Questions" with their page design so I can prevent them from hijacking my browser...

And these cretins who try to force me to stay on their page...God help them I ever meet them in person. Zimbio, I'm looking at you!

Andrew SJuly 30, 2011 3:51 AM

Interesting, though determined data miners could still be tracking you as you're still loading the third-party image.

William LeeJuly 31, 2011 3:03 AM

Use Firefox with cookies/cache/etc. (everything) set to clear everytime FF is shut down. Use ctrl-shift-del everytime before logging into and after logging out of any site that requires login. Firefox plugins:
NoScript
AdBlock Plus
Ghostery
Flashblock
BetterPrivacy
HTTPS-Everywhere

Also:
Privoxy
"Flash cookie" settings restricted pretty tight (not to mention flashblock to begin with)

Anywhere on the web I can't get to with all of these in place, I probably don't want to go anyway. Surprisingly, I don't notice any plugin-induced slowdown!

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..