I recently wrote a tutorial on how to make AddThis work with AJAX.
Shortly thereafter I discovered that AddThis uses Flash Cookies ( see AddThis Privacy Policy under the header Cookies ).
Flash Cookies explained
Flash Cookies as they are commonly known ( technically called Local Shared Objects or LSO for short ) aren’t really cookies, although they function similarly.
Why LSOs are good
- Unlike cookies they are browser independent
- Like cookies they are not cross site enabled
Whey LSOs are terrible
- Most browsers ( possibly all ) do not delete LSO files when you clear your cookies
- LSOs take up more space ( up to 100k by default but unlimited if the user complies ) than a regular cookie ( up to 4k )
- LSOs have no expiration date
- When you disable cookies in your browser, you haven’t disabled LSO files
- Some websites use LSO files to respawn cookies that you have deleted. this is extremely shady.
- In order to globally disable LSO files you have to use the Global Storage Settings panel on Adobe’s website
AddThis uses Clearspring LSO files to track user stats. By the way, Clearspring acquired AddThis in September of 2008. And in case you weren’t aware: in addition to offering a “viral distribution product” Clearspring is also an Ad network.
Solutions on preventing flash cookies in AddThis
After learning the information about AddThis and Clearspring I realized that I faced three choices.
- Keep using AddThis and ignore the fact that it was using LSOs to track people who had visited my sites
- Pass settings to AddThis to prevent it from using LSO files
- Remove AddThis from all of my sites
If you choose to keep AddThis but want to prevent Flash Cookies, use this within the head tags of any page displaying the AddThis button:
addthis_config = {
data_use_cookies:false,
data_use_flash:false
}I opted for choice #3 and removed AddThis from all of my sites. Even though #2 is possible, I was afraid that AddThis could change the way they handle settings and LSOs would make their way to the computers of anyone visiting my sites.
I am now using ShareThis instead and I suggest you do the same.
Where to go from here
I highly recommend installing the BetterPrivacy FireFox extension. This extension will allow you to view and delete LSO files that have been stored on your computer. You can set it up to auto delete all LSO files on start or exit of FireFox. You can also set it up to alert you when new LSO files are being stored.
If you are not a FireFox user I recommend you become one.
Your only other solution ( short of monitoring the directories which contain LSOs on a regular basis manually ) is to disable LSO files by using the Global Storage Settings on Adobe’s site ( as mentioned above ).
One important thing to note: certain sites use LSOs in a less malicious way than other sites. Some banks use them to identify your computer. Sites like YouTube use them to store your Flash player settings.
This whole issue boils down to your right to privacy. Your right to know what is going on behind the scenes with your computer and to choose what is stored on it.