I am not sure how/where this would be best handled, but it seems like something users of AddToAny should know about.

AddToAny serves cookies for media6degrees, which is some sort of ad tracking network. There's a potential privacy issue here, plus a performance hit.


Apparently this behavior can be disabled by adding a couple of lines to the "Additional Options".

Maybe at minimum this should be documented. Possibly it would be good if the Drupal module had a single-button option to do this. Perhaps it should be done by default!


micropat’s picture

Title: Removing media6degrees "spy" tracking » Removing 3rd party tracking pixel
Status: Active » Closed (fixed)

3rd party tracking can be disabled by adding one line to the Additional Options box:
a2a_config.no_3p = 1;

(From http://www.addtoany.com/buttons/api/)

khanz’s picture

I noticed this behavior today just by chance, and am thinking of removing the module altogether or try other alternatives. This is really unprofessional on the part of addtoany.

Merdadj’s picture

Thanks micropat for the info, that was easy enough. Tracking cookies are fine for my sites, but some clients may prefer to have it disabled in the future. I'm glad AddToAny has this option because "Add This" and "Share This" do not.

csc4’s picture

Could this be considered for adding to the read me?

GreenReaper’s picture

Title: Removing 3rd party tracking pixel » Removing and documenting 3rd party tracking pixel
Project: AddToAny Share Buttons » Drupal.org webmasters
Version: 6.x-3.x-dev »
Component: Miscellaneous » Project problem
Status: Closed (fixed) » Active
Issue tags: +privacy, +visitor privacy

The presence of this third-party tracking cookie is still not disclosed on this module's Drupal.org page. Reactivating and moving to webmasters queue. I also filed a feature request to add this as a checkbox option to the UI.

GreenReaper’s picture

Title: Removing and documenting 3rd party tracking pixel » Removing and documenting 3rd party tracking pixel on AddToAny
Gerhard Killesreiter’s picture

Title: Removing and documenting 3rd party tracking pixel on AddToAny » Removing and documenting 3rd party tracking pixel

I believe that the tracking pixel should be disabled by default.

kiamlaluno’s picture

Title: Removing and documenting 3rd party tracking pixel » Removing and documenting 3rd party tracking pixel on AddToAny
Issue tags: -privacy, -visitor privacy
johnflower’s picture

+1 default to having tracking disabled.

Gerhard Killesreiter’s picture

moving back to project so this can be acted upon.

Gerhard Killesreiter’s picture

Project: Drupal.org webmasters » AddToAny Share Buttons
Version: » 7.x-3.x-dev
Component: Project problem » Code

Please comment on whether this is still relevant.

Gerhard Killesreiter’s picture

I may be mistaken but I can not find any reference to the no_3p option in the current stable releases. The very least is that this should be documented in the admin section and on the project page.

zeroagain’s picture

Version: 7.x-3.x-dev » 6.x-3.4

This should be explicitly mentioned at http://drupal.org/project/addtoany, Drupal team should take care of such things as it affects privacy. What about users who are using this module and unaware of this thing ?

Gerhard Killesreiter’s picture

I added a notice to the project page.

zeroagain’s picture


izmeez’s picture

Yes, another thank you for this information and placing a link on the project page.

izmeez’s picture

Oh yes, just a little off topic but noticed comment #4 that it be in the readme and on first using this module noticed there is no readme. But, nevermind it truly is as simple as enable, permission, configure and use. Very well done.

Might be reassuring to some new users to know they don't need a readme; but then you'd need a readme to tell them :-)

hansrossel’s picture

Since AddtoAny has been recently acquired by Lockerz (http://www.addtoany.com/blog/addtoany-lockerz-share-universal-sharing/), I notice there is now also a connection made to http://pts.lockerz.com, so probably a second hidden tracker.

killes@www.drop.org’s picture

Status: Active » Fixed

thanks, the notice on the project site is sufficiently general. I am marking this fixed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

EvanDonovan’s picture

I added a documentation page about this at http://drupal.org/node/1833666, along with a guide to how to remove some of the services, etc.

RobertOak’s picture

They have their javascript in an iframe which also has a 1px tracking GIF beacon as well as setting a cookie, on domain lockerz.

They claim they do not collect individual data in their privacy policy.

I personally don't know what to think since "sharing" by it's nature is automatically a privacy violation, but I saw others flipping out on the javascript which is fine, the iframe is fine, it's for loading, but there is the cookie and web beacon.