

Shareaholic Contains Spyware - shmichael
http://www.shmichael.com/2010/04/shareaholic-contains-spyware/

======
meattle
Shareaholic for Firefox _does not_ contain any spyware. Privacy is critically
important.

The API call that Michael refers to is related to the "Stats Monitor" feature
of Shareaholic for Firefox that can be turned off at any time.

The Stats Monitor shows users the Compete.com stats for the page they are on.
The API call is intrinsic to the functioning of this feature. For example,
only by knowing which web page the user is viewing can the browser tool show
the user information about that web page or Web site.

To disable the Stats Monitor, go to "Shareaholic Options" -> Display Options
-> Uncheck Stats Monitor.

And, all users are now made aware of this feature upfront:

<http://www.shareaholic.com/tools/firefox/welcome>
<http://www.shareaholic.com/tools/firefox/upgrade>

The Stats Monitor is only available in Shareaholic for Firefox.

~~~
windsurfer
Isn't an opt-out feature that shares user information _by definition_ spyware?

If not, what is spyware?

~~~
tzs
It's not spyware if it is necessary in order to supply functionality that was
advertised for the program. It sounds like that is the case here.

~~~
windsurfer
But the functionality does not require a unique user id to be sent to the
stats server.

~~~
meattle
Wish it was not needed, but Compete.com requires it from developers to prevent
fraud usage of their API. fwiw, the Compete Stats API is usually a
premium/paid service from Compete.com and the stats are generally not made
available for free at scale.

Anyways, that is why it was made easy to shut off completely in case people
didn't want to deal with it. Also making this behavior very clear in the next
update within the extension itself (not just the welcome/upgrade pages).
Privacy is critical.

~~~
shmichael
As far as I can tell, the "stats monitor" feature is not advertised on the
front page. In fact, I tried navigating the site for a while but couldn't hit
the Firefox welcome/upgrade pages that contain the disclaimer.

Most people upgrade their plugin via Firefox's addon manager, and skip the
"what's new" page that opens up. This is because we trust whoever made the
plugin to not introduce any malicious behavior in future updates.

Judging by the intrusive nature of this feature, I believe it should be opt-in
rather than opt-out.

------
sachinag
Did you e-mail the developers before posting this? I mean, it's really kind of
mean to post something like this without trying to resolve your issues with
the developers directly first. In this case, Jay happened to be around to
respond, but you said you wouldn't want to hurt Shareaholic's reputation
without being sure. Didn't everyone read Derek Sivers' piece? Screaming on the
phone or sending nasty e-mails or posting accusatory blog posts _is not the
first line of defense_ ; there are other humans involved.

Also, posting it to HN without the question mark in your title was totally
bogus.

~~~
arpitnext
@sachinag: :( you are wrong. We should appreciate Michael Shynar for
discovering this, else Shareaholic never mention this on their Firefox page.

~~~
mikasa
@arpitnext disagree with you, and 100% agree with @sachinag. This could have
been handled better by Michael.

