A quick follow up on last week’s post outlining questions about the privacy practices of AddThis when installed on government websites. As a result of a FOIA request by the Electronic Privacy Information Center, the General Services Administration has now released its contract with AddThis. As EPIC points out, this contract is one of the few disclosed contracts to provide that persistent cookies will not be used on .gov sites.
Here’s the problem: As you can see from the screen grab, as of the time of this post, AddThis is indeed writing cookies — Flash cookies no less — on usa.gov, doing so upon interaction with the AddThis widget. (Note: Clearspring is the parent company of AddThis and the formal party to the GSA contract.)
Hopefully AddThis will move quickly to resolve this issue and also to shore up their relatively weak privacy disclosures and opt-out processes.