Hacker News new | comments | show | ask | jobs | submit login
Shareaholic Contains Spyware (shmichael.com)
11 points by shmichael on Apr 3, 2010 | hide | past | web | favorite | 10 comments

Shareaholic for Firefox does not contain any spyware. Privacy is critically important.

The API call that Michael refers to is related to the "Stats Monitor" feature of Shareaholic for Firefox that can be turned off at any time.

The Stats Monitor shows users the Compete.com stats for the page they are on. The API call is intrinsic to the functioning of this feature. For example, only by knowing which web page the user is viewing can the browser tool show the user information about that web page or Web site.

To disable the Stats Monitor, go to "Shareaholic Options" -> Display Options -> Uncheck Stats Monitor.

And, all users are now made aware of this feature upfront:

http://www.shareaholic.com/tools/firefox/welcome http://www.shareaholic.com/tools/firefox/upgrade

The Stats Monitor is only available in Shareaholic for Firefox.

Isn't an opt-out feature that shares user information by definition spyware?

If not, what is spyware?

It's not spyware if it is necessary in order to supply functionality that was advertised for the program. It sounds like that is the case here.

But the functionality does not require a unique user id to be sent to the stats server.

Wish it was not needed, but Compete.com requires it from developers to prevent fraud usage of their API. fwiw, the Compete Stats API is usually a premium/paid service from Compete.com and the stats are generally not made available for free at scale.

Anyways, that is why it was made easy to shut off completely in case people didn't want to deal with it. Also making this behavior very clear in the next update within the extension itself (not just the welcome/upgrade pages). Privacy is critical.

As far as I can tell, the "stats monitor" feature is not advertised on the front page. In fact, I tried navigating the site for a while but couldn't hit the Firefox welcome/upgrade pages that contain the disclaimer.

Most people upgrade their plugin via Firefox's addon manager, and skip the "what's new" page that opens up. This is because we trust whoever made the plugin to not introduce any malicious behavior in future updates.

Judging by the intrusive nature of this feature, I believe it should be opt-in rather than opt-out.

Did you e-mail the developers before posting this? I mean, it's really kind of mean to post something like this without trying to resolve your issues with the developers directly first. In this case, Jay happened to be around to respond, but you said you wouldn't want to hurt Shareaholic's reputation without being sure. Didn't everyone read Derek Sivers' piece? Screaming on the phone or sending nasty e-mails or posting accusatory blog posts is not the first line of defense; there are other humans involved.

Also, posting it to HN without the question mark in your title was totally bogus.

Technically, I think the title is very accurate. The fact that Shareaholic has an option to turn it off, makes it less sinister, but in my book, collecting my surfing statistic is spying on me. The post states facts, and doesn't bash Shareaholic.

@sachinag: :( you are wrong. We should appreciate Michael Shynar for discovering this, else Shareaholic never mention this on their Firefox page.

@arpitnext disagree with you, and 100% agree with @sachinag. This could have been handled better by Michael.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact