ShareMeNot

Protecting against tracking from third-party social media buttons while still allowing you to use them

Frequently Asked Questions

Installation

  1. How do I install ShareMeNot, and which browsers are supported?

Background

  1. What is a cookie?
  2. What is third-party web tracking?
  3. Why do some people consider web tracking a privacy concern?
  4. Why isn’t it enough to block third-party cookies?
  5. Why can’t I just use NoScript or Ghostery or Disconnect any of these other anti-tracking extensions?
  6. What does ShareMeNot do differently, and how does it work?
  7. If a website can track me, does that mean it is developing a profile of me?
  8. Can Facebook’s “Like” Button and other buttons track me if I’m logged out?

About ShareMeNot

  1. How do I use ShareMeNot?
  2. How can I tell if ShareMeNot is working?
  3. Which buttons does ShareMeNot support?
  4. Can ShareMeNot be extended to support other buttons?
  5. How fragile is ShareMeNot to changes in the buttons?
  6. Does ShareMeNot prevent all tracking by these trackers?
  7. What does ShareMeNot do if I have JavaScript disabled?

Troubleshooting

  1. Why isn’t ShareMeNot blocking this button?
  2. ShareMeNot is breaking the layout of webpages!
  3. Why do I have to click some buttons twice?
  4. I’m using Firefox 4 (or later) and can’t find the ShareMeNot icon in the status bar. Where is it?
  5. Why are buttons displaying incorrectly, even after I disabled ShareMeNot?
  6. ShareMeNot isn’t working on my computer!

Installation

How do I install ShareMeNot, and which browsers are supported?

ShareMeNot is supported on Firefox (versions 12.0 and above) and Chrome (version 17 and above). Using Firefox, click on the “Add to Firefox” download link on our Download page, and then click “Allow” to install the add-on. Using Chrome, click on the “Add to Chrome” download link on our Download page, and then “Install” to install the extension.

Background

What is a cookie?

A cookie is a small text file stored on your computer. Most websites set one or more cookies on your computer when you visit them. Once set, these cookies are automatically sent to the website that created them every time you visit that website. The website uses the information in the cookies to remember information about you (such as which account you’re logged in with or what you placed in your shopping cart last time you visited this site).

First-party cookies are cookies created by the site you’re visiting directly (whose address you see in the browser’s address bar).

Third-party cookies are cookies created by any other sites that may be embedded within the site you’re visiting directly (for example, an advertisement embedded in another site).

What is third-party web tracking?

When websites other than the ones you directly visit gather information about you as you browse the web, this is third-party web tracking. For example, when you visit websiteA.com, the site may embed third party content, like advertisements from advertisers, buttons from social networks, or web analytics code from web analytics engines. These third-parties are invisible to you when you visit websiteA.com — the web page looks just like a regular web page to you. But these third parties gather information about your visit to websiteA.com (and to any other websites on which they are embedded).

These trackers generally set a cookie in your browser, which is simply a small file that contains text, often including a unique identifier. This identifier might identify you anonymously or, if you are logged in to the tracker’s site, as a specific user of that site. Whenever a request is made to a website, including the embedded third-party trackers, your browser automatically attaches the cookies to the request. This mechanism lets the tracker that set the cookie identify you again and thus link your visits between websites.

As a concrete example, suppose websiteA.com and websiteB.com both embed ads from some advertisement company. When you visit websiteA.com, the embedded advertisement will set a cookie with a unique identifier on your computer. When you visit websiteB.com, the embedded advertisement will send that cookies—which includes your unique identifier—back to the advertiser. This allows the advertiser to link your visit to websiteA.com with your visit to websiteB.com.

Why do some people consider web tracking a privacy concern?

By tracking you across the web, a tracker can compile a profile of your browsing behavior, generating an accurate profile of you even if they are tracking you anonymously. Some people are uncomfortable with third parties compiling this much information about them, often without their knowledge. For example, this Wall Street Journal article discusses the privacy concerns surrounding web tracking.

Why isn’t it enough to block third-party cookies?

A common misconception is that you are free from tracking if you disable third-party cookies or opt into “Do Not Track”. This is not actually true in all browsers.

When you block third-party cookies, any website that you don’t directly visit cannot set cookies in your browser. For example, if you visit websiteA.com and it embeds ads from advertiserX.com, advertiserX.com will not able to set cookies. Blocking third-parties cookies can help with tracking by third parties whose sites you never directly visit (like advertiserX.com in this example).

However, blocking third-party cookies cannot always help with tracking by third parties whose sites you do visit directly, such as Facebook, Google, Twitter, etc. This is because these sites set first-party cookies when you visit them directly and can then use these cookies to track you as you browse the web. This latter category of trackers—ones that can set first-party cookies—is the one that ShareMeNot targets.

Note that while these websites can set cookies, not all browsers allow them to read these cookies when they are embedded as third parties. For example, blocking third-party cookies in Firefox (but not in Chrome) prevents this type of tracking—however, it prevents some of the buttons from functioning correctly. ShareMeNot aims to prevent tracking by these buttons while allowing them to function correctly.

(Note also that there are other ways that third parties advertiserX.com can track you without third-party cookies, such as using the browser’s LocalStorage mechanism, Flash cookies, or other tricks. ShareMeNot does not address this issue.)

Why can’t I just use NoScript or Ghostery or Disconnect any of these other anti-tracking extensions?

NoScript, Ghostery, and Disconnect are all great browser add-ons that can be used in conjunction with ShareMeNot. They help protect you from third-party tracking by allowing you to block advertisers and other trackers. However, all of these add-ons completely block the tracker that you choose to block. This means, for example, that if you block Facebook, the “Like” buttons will appear to have disappeared from the web. This prevents Facebook from tracking you via the “Like” button, but it also prevents you from clicking any “Like” buttons. ShareMeNot is designed to protect you from tracking while allowing you to choose to click the button (thereby allowing you to “Like”, tweet, or “+1” a page, but with the necessary side-effect of allowing the creator of the button to track your visit to that page).

What does ShareMeNot do differently, and how does it work?

ShareMeNot blocks requests to the trackers completely, but it replaces the real buttons with local versions of the buttons. When you click on one of these stand-in buttons, ShareMeNot either emulates the normal button by opening a page with sharing options (for Twitter, Stumbleupon, LinkedIn, and Digg) or reloads the normal button (for Facebook and Google). Thus, ShareMeNot makes no requests at all to trackers until you choose to click on a button, keeping your IP address and other information from being sent to the trackers until you click a button. Optionally, you can ask ShareMeNot not to replace the social buttons, but simply to remove cookies from requests the browser makes while loading the real buttons. Choose this option (by unchecking the "Replace social buttons with local versions" box in ShareMeNot's settings) if you notice that ShareMeNot causes problems with page layout. It is less privacy-preserving, because the requests made while loading the real buttons reveal information like your IP address, browser, and other information that can also be used to track you.

If a website can track me, does that mean it is developing a profile of me?

Different websites have different privacy policies with respect to the data they collect about you. Some explicitly use the data they collect to track you (for instance, for the purpose of targeted advertising). Others state that they use the data only for diagnostics and discard all data after a short period of time (e.g., Google). ShareMeNot does not distinguish between trackers with different privacy policies. Rather, it aims to prevent the sites that provide the buttons from having the ability to track you, regardless of what they actually do with the data they collect via the buttons.

Can Facebook’s “Like” Button and other buttons track me if I’m logged out?

Yes, because when you log out of a tracker's site, this does not necessarily delete the cookies that the tracker has set on your computer. This means that while the website (like Facebook or Twitter) treats you as logged out, it can still read the cookies that remain on your machine. The remaining cookies may include unique identifiers that continue to identify you to the tracker. Furthermore, websites may set cookies when you visit them even if you do not log in and have never logged in. In some cases, these cookies contain unique identifiers that can be used to track you. (As a reminder, the fact that a website is tracking you does not necessarily mean that it is creating a profile of you.)

About ShareMeNot

How do I use ShareMeNot?

After you install ShareMeNot, you can continue to use your browser as usual. It will automatically protect you from tracking done through any of the supported buttons (see below for a list). If you wish to click on one of these buttons (to “like”, “tweet”, or “share” something), ShareMeNot will automatically allow the tracker to identify you so that the sharing action you expect will complete normally. Once you click on a button, you opt in to allow the corresponding tracker to track you on that site only. This is necessary if you wish to use the button for its intended purpose, such as to “like” or tweet the page.

ShareMeNot for Firefox has an icon in the add-on bar. ShareMeNot for Chrome displays an icon in the location bar whenever a tracker is blocked on the page you are viewing.

In the popup menu that appear when you click the icon in either browser, you can allow particular buttons on this page. You can do so by clicking on the icon and then clicking on the name of the tracker whose buttons you wish to allow; an option to allow the buttons and reload the page will appear.

How can I tell if ShareMeNot is working?

You can check if ShareMeNot is working on the test page, which includes instructions for determining if the add-on is working correctly. Remember that ShareMeNot does not remove buttons from the web page. Rather, it prevents the tracking cookies from being sent until you choose to interact with the buttons. This means that you will still see buttons even when ShareMeNot is working correctly. If you have the "Replace social buttons with local versions" option set, these buttons may appear slightly different from the normal buttons, as they are local stand-ins provided by ShareMeNot.

Which buttons does ShareMeNot support?

ShareMeNot currently supports the following buttons:

  • Facebook’s “Like” button
  • Stumbleupon’s share button
  • LinkedIn’s share button
  • Twitter’s “tweet” button
  • Google’s “+1” button
  • Digg’s share button
  • Pinterest “Pin it” button
  • AddThis's share buttons

Can ShareMeNot be extended to support other buttons?

Yes, ShareMeNot can be extended to support most similar buttons; how complicated this extension would be depends on how the button is implemented by the tracker. If you’d like to see a particular button supported, please let us know (but realize that this is a research project and that we may not be able to respond to all requests).

How fragile is ShareMeNot to changes in the buttons?

ShareMeNot works by recognizing the requests your browser makes to the trackers to display the button, as well as the requests your browser makes when you click the button. If a tracker changes the format of these requests substantially, ShareMeNot may no longer function correctly for that button. If ShareMeNot fails, it is designed to not break the buttons; rather, it just allows the buttons to display and you to be tracked as you would without ShareMeNot installed.

Does ShareMeNot prevent all tracking by these trackers?

ShareMeNot prevents tracking that is done via the buttons listed above. However, there are still other ways that some of the providers of these buttons can track you. For example, Facebook provides a broader set of social plugins such as a “recommendations plugin” or an “activity feed”. If another website has embedded one of these social plugins in addition to the “Like” button, ShareMeNot does not necessarily prevent Facebook from tracking you on that site. (However, it will successfully block some Facebook plugins other than the “Like” button—you may notice that a Facebook button has been blocked even though you don’t see a “Like” button.) There may also be other buttons not supported by ShareMeNot that allow these trackers to track you—if there is something in particular that you would like to bring to our attention, please let us know.

What does ShareMeNot do if I have JavaScript disabled?

Most of the buttons targeted by ShareMeNot rely on JavaScript to work. If you have JavaScript disabled in your browser, you will not see the buttons on the test page or elsewhere on the web. However, while the button scripts are not run when you have JavaScript disabled, they are still requested from the trackers. ShareMeNot prevents the cookies set on your computer by that tracker from being sent with that request, so you still cannot be tracked. However, since the buttons do not function without JavaScript, there is no way to enable them using ShareMeNot.

Troubleshooting

Why isn’t ShareMeNot blocking this button?

If ShareMeNot does not appear to be blocking a particular button, you may have authorized this tracker to track you on that site.

Navigating away from and back to the page will clear authorized trackers.

Furthermore, some custom buttons on web pages look like the buttons supported by ShareMeNot but in fact make no requests to the trackers until you click on them. ShareMeNot does not need to block these buttons. If you do believe you have found a button that is not correctly blocked, please let us know.

ShareMeNot is breaking the layout of webpages!

If you have the "Replace social buttons with local versions" option enabled, ShareMeNot replaces all social buttons with local stand-in versions. Because ShareMeNot sometimes has to guess about the size of the button that would normally have loaded, ShareMeNot can make mistakes that affect the layout of the webpage. To fix this problem, you can either allow tracking only on the current page, or you can change ShareMeNot's settings by unchecking the "Replace social buttons with local versions" box. If this box is unchecked, ShareMeNot will load the real buttons, but will protect your privacy by removing cookies from the requests made while loading those buttons.

Why do I have to click some buttons twice?

ShareMeNot must load the Facebook “Like” button and the Google “+1” button before you can really click on them, so you will first need to click the ShareMeNot stand-in button and then click again on the real button.

Unrelated to tracking, we do recommend that you enable secure browsing for your Facebook account (on Facebook, check the “Secure Browsing” box under Account > Account Settings > Account Security). Here’s why.

I’m using Firefox 4 (or later) and can’t find the ShareMeNot icon in the status bar. Where is it?

The add-on bar is not visible in Firefox 4 by default. Go to View > Toolbars > Add-on Bar to enable it.

Why are buttons displaying incorrectly, even after I disabled ShareMeNot?

Some versions of Firefox have a bug that causes cached iframe elements to display incorrectly. Because many of the buttons use iframe elements, you may be more likely to encounter this bug when testing ShareMeNot. You can reload the page properly using the keyboard shortcut Ctrl+F5 (or Cmd+Shift+R on Mac OS X), which refreshes both the page and the cache.

If you see similar problems in ShareMeNot for Chrome, you can use the same technique to reload both the page and the cache.

ShareMeNot isn’t working on my computer!

First, check for updates to ShareMeNot from the Firefox add-on menu (Tools > Add-ons) or the Chrome extension menu (Wrench button > Tools > Extensions), and make sure that ShareMeNot is enabled (in the same menu). If this doesn’t work, try uninstalling and reinstalling the add-on. If ShareMeNot still appears not to be working, please let us know.