A project dump

Current endeavors

  • ClarityAd, Creative verification software for the online ad industry

Past experience

  • 2008-2011
    CFO then GM at Fotolog and Allopass USA
  • 2004-2008
  • 2000-2004
    Audencia business school-France
Let's talk!

Nixing the dataholic sharing widgets

Data leakage-free sharing buttons for your site


As I finally got serious to write my first blog article, I candidly looked for a social sharing widget.

In fact, I wanted to avoid addthis and sharethis as I was very much aware of the tricky business model that the market leaders use to subsidy this free service for publishers.

So I picked Shareaholic without a second thought. Now that I took the time to look into it, here are my findings and some solutions to protect your business and your visitors' privacy.

Data leakage?

"Data leakage" is a rampant problem in the display ad industry.
Here's a scenario: You're a publisher in a highly targeted, highly valuable niche. Agency X is super interested in working with you with favorable terms. The setup may include passing some user info to their ad tag (gender, age range, etc.) so that they can target appropriately (and justify higher eCPMs).

After a month, the agency abruptly stops the relationship. What happened? The agency supercharged their database with highly qualified fresh unique visitors. With the massive reach of today's largest ad platforms, there's a good chance that they will be able to retarget these users via cheaper means. Whoever brings the data gets the bigger chunk of revenue.

Sharing buttons screw publishers over

The sharing companies operate "Publisher Networks", with sites neatly sorted by category. The only real purpose of these lists of sites is to associate visitors with interests and retarget them in the wild based on those interests:
A sophisticated, high scale, data-leakage scheme. These companies quietly describe their business model for compliance reasons but most publishers are not careful about this (but should be).

How they qualify my visitors

The sharing companies scrape pages to categorize and qualify content, in the same way that Google operates its contextual Adsense network.

Making things right

If those sharing widgets are so dodgy about how they treat their publishers, it feels right to me to take any action required to defend myself and my visitors: Let's get rid of the tracking! There's probably a hundred different ways to do this, here goes one for each of the main providers, Shareaholic, ShareThis and AddThis.


Each time your page loads, Shareaholic places its own third-party cookie. If this is a new visitor (no cookie yet), Shareaholic loads tracking pixels from AppNexus and DataXu.

Shareaholic comes with a set of javascript files and classes that seem to be dedicated to third-party cookie management / tracking: recipe, dough, oven - The cookie allegory! These scripts are fired by a hidden iframe with no other purpose. When creating the iframe tag, it checks for an html element with id "shr-analytics" and if it exists, then the whole cookie allegory is defeated.

It will look like this:
<div class='shareaholic-canvas' data-shareaholic-widgets='share_buttons'></div>
<div id='shr_oven'></div>
In bold red, our additional code. Also, move the javascript code to the end of your body tag or else it won't work - added benefit, it won't block the page when loading.

Update July 24, 2013, Shareaholic changed their script (as a reaction to this article?). The invisible html element was rename from id "shr-analytics" to "shr_oven". Oh well...


ShareThis fires a ScoreCardResearch tag, once for each new visitor. Here is how to nix it:

<script type="text/javascript">var switchTo5x=true;</script>
<script type="text/javascript" src=""></script>
<script type="text/javascript">
stLight.log = function(a, b) {};
stLight.options({publisher: "ffffffff-ffff-ffff-ffff-ffffffffffff", doNotHash: false, doNotCopy: false, hashAddressBar: false});
In bold red, our additional code that overwrites the culprit function, effectively removing the scorecardresearch tracking pixel.


AddThis loads a shocking number of third-party tags, once for each new visitor, here is the complete list:

  • AppNexus
  • BlueKai
  • Demdex
  • DoubleClick
  • Invite Media
  • Media6Degrees
  • Microsoft Atlas
  • NextAction
  • Resonate Networks
Here is how to nix it:
<script type="text/javascript" src="//"></script>
<script type="text/javascript"> = "about:blank";

In bold red, our additional code that overwrites the culprit iframe URL, effectively setting us free from all those 3rd-party tags.

Keeping an eye on third-parties

My instinct tells me that this modification doesn't align with Shareaholic's interests. Let's keep an eye on our modified tag.

It might not be a big deal for my blog (I don't monetize it), but what happens if a publisher controls third-party cookies once, only to find out that the behavior changes some days later. Are you going to hire a cookie controller that verifies ads over and over again?

My SaaS product, ClarityAd does exactly that. It will monitor the modified Shareaholic tag, and if it ever drops a cookie, I'll receive an alert.

Even in a healthy relationship with an ad buyer, trust doesn't exclude control. Whoever brings the data keeps the revenue, you really want to get this straight. ClarityAd protects publishers against bad practices and bad ads.

Join the discussion on HackerNews!

Now why don't you share this article ;-)

...with Shareaholic (nixed)

...with ShareThis (nixed)

...with AddThis (nixed)

All Rights Reserved. - Hosted by