Silently adds intrusive tracking Javascript

  • sjmurdoch

    (@sjmurdoch)


    8 years ago

    Since version 1.8 the plugin adds tracking Javascript from sharethis.com. It is obfuscated so I can’t tell exactly what it does, but seems to be accessing cookies, plugins and using font-fingerprinting to circumvent users’ tracking preferences. I think this sort of behaviour is underhanded and bordering on abusive.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author socialmediafeather

    (@socialmediafeather)

    Hi sjmurdoch,

    Thanks for providing great feedback, I’d be happy to clarify a bit on our end! We have recently joined forces with ShareThis and can confirm that the cookie you’re referencing is one of the cookies that is served as part of our ShareThis integration.

    In order to continue providing free tools to our amazing users, and for us to continue to invest in these tools, we provide data services (anonymous and in aggregate) to other companies. This practice is similar to what other popular sharing services does as well.

    Hopefully this provides clarification, please let us know if you have any more questions.

    Steve

    (@stevejohnson)

    Doing so appears to run afoul of WordPress’s plugin Guidelines:

    7. The plugin may not “phone home” or track users without their informed, explicit, opt-in consent.

    In the interest of protecting user privacy, plugins may not contact external servers without the explicit consent of the user via requiring registration with a service or a checkbox within the settings. This method is called ‘opt in.’ Documentation on how any user data is collected, and used, should be included in the plugin’s readme, preferably with a clearly stated privacy policy.

    This restriction includes the following:

    No unauthorized collection of user data. Users may be asked to submit information but it cannot be automatically recorded without explicit confirmation from the user.
    Intentionally misleading users into submitting information as a requirement for use of the plugin itself is prohibited.
    Images and scripts should be loaded locally as part of the plugin whenever possible. If external data (such as blocklists) is required, their inclusion must be made clear to the user.
    Any third party advertisement mechanisms used within the plugin must have all tracking features disabled by default. Advertisement mechanisms which do not have the capability of disabling user tracking features are prohibited.

    I will be reporting the plugin to WP. They can sort it out.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Silently adds intrusive tracking Javascript’ is closed to new replies.