AddThis is one of those things that’s fairly invisible on the web because it’s usually hidden in plain sight. In case you’re unfamiliar, it’s a social media linkage widget that usually lives in a sidebar or at the end of a post or someplace on the site in a fairly prominient location, but because you’re so used to seeing social media buttons on websites, you can easily miss it. Tonnes of sites use it and you’ll see it on porn sites, government sites and, yes, even on your library’s website. Some ILS solutions build the functionality right into the PAC.
Oh, and here’s the creepy bit; it’s not a cookie.
However, an important privacy issue has come to light where AddThis has been surreptitiously engaging in a little research and development using a new method of tracking people across the World Wide Web. This technology, called canvas fingerprinting, works by a website telling your browser to draw a hidden picture and then using that picture, and its ID code, to track you from website to website. Every browser and every user draws that picture a little differently so it’s a unique identifier. A website can call the draw, then follow you everywhere else thereafter. You can try it out on the ProPublica article that goes more in depth than I will here.
Oh, and here’s the creepy bit; it’s not a cookie. It doesn’t really even work like a cookie. That means it’s devilishly hard to block. As of right now, the only reliable option to block this type of functionality is Privacy Badger from the Electronic Frontier Foundation. Still, if my thus far limited research is correct, this browser extension only blocks the AddThis version of canvas fingerprinting.
A spokeswoman for AddThis stated, “we conduct R&D projects in live environments to get the best results from testing.”
In other words, they didn’t tell anybody about the tests because that could’ve led to skewed results.
My opinon: I’d strongly recommend removing AddThis from your library websites. The fact is, you don’t know whether your website was one of those exposed to this R&D and you likely won’t know because, as we can see, research apparently trumped ethics. It may not be worth removing it, but as a library web guy, I have to ask what’s best for the privacy of my patrons, and how to keep them secure… especially on the library’s website.