Posts Tagged ‘’

Citizen privacy: three questions for AddThis

August 28, 2009

addthislogoWhile reviewing a new opt-out process that Add This implemented a few weeks back, I came across an interesting statement:  “The White HouseFBI, and Navy trust and use AddThis.” Not a surprise, since the AddThis service is useful and user friendly, and the Obama administration has made it a priority to bring government sites into Web 2.0.

At the same time, the issue of data collection by the government on official websites has been in the news lately, and even the subject of a recent NY Times editorial. Obviously when the government is collecting data, it raises special concerns. But what are the rules when, in the course of providing a useful service for a government site, advertising companies are enabled to collect user information from citizens?

After taking a look at the network privacy profile for and other top government sites (stay tuned for more on that effort), I confirmed that AddThis is indeed coded into quite a few government sites. But on none of the government sites I reviewed was there any direct reference to the AddThis data collection practices, privacy policy or opt-out process. Also I found no reference to any special policies applicable to operation of the AddThis service on government websites versus other commercial sites.

This proposition shouldn’t be controversial: When private companies collect data on government sites, they should comply with best industry privacy practices for disclosure and choice.

With that in mind, here are three questions that should be addressed by AddThis and any other companies seeking to collect user information on government websites.

1. Is information about citizen activities shared with third parties?

The answer to this should obviously be “no,” particularly insofar as AddThis is installed on government sites that may touch sensitive areas like health ( or But that answer is not clearly confirmed by a reading of the AddThis privacy policy:

We may share the following information with third parties, including, but not limited to, vendors that support the operation of our website and Services, and entities involved in the delivery of advertisements: Log Data collected on both our websites and Services, as well as aggregated anonymous information resulting from the analysis of such Log Data for a variety of purposes, including, but not limited to, usage patterns, behavioral patterns, traffic and demographic analysis, and enabling web publishers to deliver to advertisers audience segments that are appropriate for their products or services. (Emphasis added.)

It is clear enough that directly identifiable information like name and email address may not be shared. But the implication remains that Log Data (which includes pages accessed, IP address and “other statistics”), at at individual level, may be shared with other companies  for the purpose of ad targeting. For example, could they share with a health-related advertisers the fact a computer at my IP address researched a particular malady on and emailed a family member? I don’t expect that there is any conscious effort to do this, but the policy statement should clearly address and resolve the point.

2. Is your opt-out process the best it can be?

Like nearly 100 other companies who collect user information across sites, AddThis provides an opt-out process using browser cookies. But their implementation falls short of best practices in important ways. (For more detail on best practices, see a full list.) Here are the issues:

  • Since consumers may come looking for the opt-out, why not include a reference to the opt-out feature on your top page, like other companies?  Why bury the link in the middle of your privacy policy?
  • Why require users to take the separate step of checking a box? (Out of all of the opt-out processes we track, only a handful require such a step.)
  • Why write an unique opt-out cookie, when it destroys any semblance of anonymity for the user? (The vast majority of companies with opt-out cookies write non-unique cookies, to eliminate any possibility that the opt-out cookie itself can be used for tracking a unique user.)
  • Is the effect of opting out adequately explained in your policy? Here’s how the privacy policy reads:

Cookie opt-out option

If you prefer not to receive interest based content and advertisements enabled by AddThis data, you can always opt-out by clicking on our “Opt-Out” link click here. Note that if Flash is not installed in your browser, this marketing preference is not applicable.

After you opt-out, you will not receive interest based content and targeted advertisements enabled by AddThis data. Please note that opting-out does not turn off other advertisements. Also, if you change your computer, change your internet browser (e.g. from Internet Explorer to Firefox), or delete all your cookies, you will need to renew your preferences.

The foregoing opt-out does not cover the collection of Log Data (though no ads are sent to you in connection with such services).

  • If I opt-out, does that mean that my activities across different AddThis-enabled sites (including government sites) are not logged and associated as those of a single (anonymous) user? Or are they still logged and filed, but just not used for advertising purposes?
  • What is meant by the reference to Flash in the first paragraph? Why would the normal cookie opt-out only apply if Flash is present? Was this sentence intended to be included in the section about Flash cookies (see below)?

3. Why do you use Flash cookies and how does it relate to the opt-out process?

The AddThis privacy policy acknowledges the use of of Flash cookies:

In addition, we use Flash cookies in connection with our Services. Similar to browser cookies, Flash cookies are used to remember settings, preferences and usage, but are managed through a different interface than the one provided by your web browser. If you want to delete Flash cookies, please access your Flash Player settings management tool available on Adobe’s web site. However, if you do not accept cookies (whether browser or Flash cookies), you may not be able to use all portions of our website or all functionality of the Services.

As noted in an earlier post , Flash cookies (“local shared objects” set and managed by the Flash player) are particularly troublesome because browsers provide no native means for users to delete or control them. Many consumers believe they have cleared cookies with browser controls when, in fact, Flash cookies persist.

A quick check confirmed that Flash cookies are being written by AddThis on once you first interact with the AddThis widget. This prompts me to ask:

  • Are Flash cookies really necessary to your delivery of the service in ways that regular browser cookies cannot fulfill?
  • Why don’t you at least provide a link to the Adobe page where users can delete and manage Flash cookies?
  • When I opt-out via normal browser cookies, do you delete all information associated with the Flash cookie?

* * *

The public/private cooperation pioneered by companies like AddThis is, in my opinion, a very good thing for both government and the Web. But this opportunity entails responsibility to provide effective privacy disclosure and choices for citizen users. For companies like AddThis, this means bringing their disclosures and processes into line with industry best practices (or better). For government agencies, this means a closer review not only of how they directly gather and handle citizen data, but also how their private-company partners do so.