AddThis Add TOO Much

I have a web-site which breaks every first visit because a mysterious rogue flash app was appearing (and presumably it's creators intended to be hidden) that traced back to Clearspring.com. There was absolutely no reference in the code (or in any user entered CMS area) relating to clearspring so this was bamboozling until I nailed it down to the javascript call out for the supposedly reputable AddThis.com. I thought that I was getting a convenient way to add pages to facebook, myspace, twitter etc. but OH YES AND MORE it seems once installed on your page they feel at liberty to put any manner of junk on your site.

Firstly, I don't want my pages broken.
Secondly, I don't want me or my customers to be tracked (presuming that's what this flash app does) without my knowledge
Thirdly, I don't know how well this (now trusted) intruder is written, and what potential security holes that entails. Hell, JUST RUNNING FLASH on a site that currently has none is a security risk in itself.

Basically - AddThis, you've added way too much, and that's not playing fair. Gits.

Comments

Justin Thorp said…
Hi, my name is Justin Thorp. I'm the Community Manager at Clearspring Technologies for the AddThis sharing platform.

My apologies if we were not as forthright with letting you know about the Flash cookie as we should have been.

The Flash cookie is a legacy system that we used with our previous platform Launchpad that we added to AddThis when we acquired it back in October 2008. The purpose of the Flash cookie it do things like provide better analytics for you about who's using your site and aide in things like personalizing the AddThis menu.

Over the last year, we've been working to really have a dialog with our users over this issue. We're committed to finding alternate ways of collecting the same information so that we can provide you with the same quality analytics that you and the industry desires. We hope to have advancements with that this year so that we won't have to use the Flash cookie.

That being said, there is a way to disable the Flash cookie on your blog when you install it. There is a call within our API. -
http://addthis.com/help/menu-api#configuration-ui

We really value your business and would love to continue to work with you. I hope that we can win your trust back. If you have any questions, feel free to e-mail me personally at justin@addthis.com.
31 January 2010 at 13:04
Post a Comment

Popular posts from this blog

Installing LAMP Apache/MySQL/PHP on Chromebook/Chromebox

Google Chromebook / Chromeboxes make excellent mini web-servers for development/testing/office use, or for using in kiosks / taking to tradeshows etc. Amazingly there is enough space on them for a reasonable sized web-site and database, and the oomph is comparable to a medium-size virtual server from one of the popular web-hosts. Firstly, get your Chromebox / Chromebook running Linux by installing Chrubuntu: Follow this guide here ->  http://webonaut.blogspot.co.uk/2012/11/installing-ubuntu-linux-on-your.html Bring up a Terminal. (Remember, your user is called "user" with password "user" by default). Type: sudo apt-get install tasksel sudo  tasksel Use the cursors to select "LAMP" (dom't deselect the default options or you may take away your desktop!) then hit return. (BTW: Now is a good time to try Edubuntu as it is cool, and openssh-server is useful too ;) Give the mysql root user a password when prompted. Test it out! Try this
Read more

Installing Ubuntu Linux on your ChromeBox/ChromeBook

NOTE: THIS WILL WIPE YOUR BOX! (but you only store stuff in the cloud, right?) Switch the developer switch on your machine (it's in a little hole on the back of the Chromebox. Use a paper clip and BE CAREFUL - it's not a strong switch) Switch the machine on. The unhappy face means you are in developer mode (sweet!). You can wait (and put up with the loud double-beep) or press Ctrl+D to continue Log into ChromeOS as normal Open a browser window and press Ctrl+Alt+T to bring up the mildly rubbish in-browser crosh terminal type "shell" to get a decent bash shell type "sudo bash" to get an even better root shell! type " chromeos-firmwareupdate --mode=todev " to update and properly enter developer mode Note: switch back later by typing the reverse into an Ubuntu shell, e.g. " chromeos-firmwareupdate --mode=normal " type "reboot" and follow steps 4,5 and 6 again The next steps are a bit convoluted, but here's a handy
Read more

Changing your Mac OSX Terminal's default text editor

For just this session, simply type: export EDITOR=emacs (or replace emacs with vim , nano or whatever) Personally, I like to use emacs on servers, but on my Mac TextWrangler is way more helpful. One of the great things about TextWrangler is that you can get it to magically pop edit requests out of the Terminal simply by installing it and typing "edit". To make all other programs use this method try: export EDITOR="edit -w" For a more permanent fix, add the same line to your .bashrc file. If you've not already got one of those, type: edit ~/.bashrc (The one exception is git, which you'll need to configure thus:) git config core.editor "edit -w"
Read more