The Mashshare plugin might NOT be GDPR compliant (privacy law) when you use it

  • I want to notice that the Mashshare plugin might not GDPR compliant as it is at the moment.

    The problem is caused by the file mashsb.js:
    https://graph.facebook.com/?id="+mashsb.share_url

    You can check this yourself with Ghostery plugin and loading a website with Mashshare plugin activated + for example Facebook share button activated. You will see Ghostery displays that the Ajax GET script in mashsb.js is connecting to graph.facebook.com as soon as a social media button loads.

    Already contacted support of Mashshare about this and they don’t want to build in an option not to load graph.facebook.com in some .php curl files + .js file. Their answer: GDPR is not our problem, end users are responsible.

    By using the plugin the way it is now, there is a big risk your website will not be GDPR compliant and could get you into trouble when you have visitors from the EU.

    The problem with graph.facebook.com is that IP’s, locations etc. of visitors seem to get pinged with Ajax code: Get -> Facebook Social Graph (graph.facebook.com). Info can be shared with 3rd parties.

    I don’t understand why Mashshare doesn’t want to build in an option if you want or won’t let the plugin curl shares, likes etc + option to activate / deactivate graph.facebook.com in mashsb.js if you don’t want a ping to Facebook at every load of the website at visitors side.

    Update 19-05-2018
    GDPR problem is solved + very friendly reply from Rene.

    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
    • This topic was modified 6 years, 6 months ago by DooPieDoo.
Viewing 10 replies - 1 through 10 (of 10 total)

  • @livemagazine We are releasing today a new option which makes sure that when share count is disabled no request at all are made to the facebook api. Due to recent changes in the javascript client based share count aggregation we missed a little thing with big impact regarding this.

    So as a result even when the share count aggregation is disabled, the shares were collected and a cookie was set by facebook.

    After the new release, just disable the share count visualization and its GDPR compliant again. We will also add a big admin notice about this and will disable the share count collection at all for new users.

    I am personally very sorry that you had a bad experience with our support. I just hope it was a misunderstanding and want to thank you for the heads up. It is very helpful.

    Best regards
    René

    • This reply was modified 6 years, 6 months ago by Rene Hermenau.
    Thread Starter DooPieDoo

    (@livemagazine)

    @thanks Rene
    I am very happy the problem is solved now. Gave the plugin 5 stars again.
    Thank you very much!

    Please check supporticket: 7b4b911be65bad64db0796b5cc9901a1

    In wich you can see how my question and help was waved away by the person who helped me.

    Unfortunately it was quite an arrogant developer and he didn’t care about GDPR or privacy in general. Hopefully you can speak with this developer this is not the way the Mashshare company works.

    • This reply was modified 6 years, 6 months ago by DooPieDoo.
    • This reply was modified 6 years, 6 months ago by DooPieDoo.

    Thank you for this, Rene. I dismissed that notice that you spoke of, a while ago, and needed to call it back again but couldn’t find any answers.

    Going to Documentation at Mashshare wasn’t helpful, and this was what I found when I searched for GDPR:

    View post on imgur.com

    So, the answer for now is to disable the share count visualization.

    @livemagazine Thank you very much. That is really much appreciated and a very nice move of you. I wish everyone would be so fair.

    I’ve already talked with the responsible support about this case and I am sure this will not happen again.

    @mitchpowell Thanks for the heads up. I’ve already created that missing entry in the docs: https://docs.mashshare.net/article/133-gdpr-dsgvo-compliance

    We are working hard to bring back the share counts GDPR compliant.

    Thank you all guys for your understanding. This is a difficult situation for all of us. If we work tightly together, I am sure we can resolve any issue which we are running into regarding the GDPR.

    Hey Rene,

    that is not helpful at all. The Plugin is totally useless without showing the share counts – what the heck? And virtually everyone of your users would have to disable share count, because every user could have visitors from the EU.

    When just using the curl option, the plugin should get the share counts via the server in the background without ever sending any user data to facebook or twitter thus being fully GDPR compliant. Why do you force virtually every user to disable the main feature?

    If I am wrong, please get me the whole picture.

    Regards,
    Rolf

    Hello Rolf,

    > When just using the curl option, the plugin should get the share counts via the server in the background without ever sending any user data to facebook or twitter thus being fully GDPR compliant.

    In the past this was exactly how MashShare share counts were collected but facebook has a strict api request limit which means it happened multiple times that facebook had blocked websites from accessing the facebook api completely. Not only temporarily, we have several cases where websites where even blocked permanently from requesting the facebook api any longer. This happened occasionally without any obvious reason, even though with very high caching expiration times.

    As a result several MashShare websites were not getting any share counts at all and we were flooded with support requests regarding that issue. As a solution we switched over to the javascript share count collection which was working very well but I am concerned that this against the GDPR now, at least if you do not get the consent of your visitors before the share count is requested from FB.

    I hope that sheds some light on to the issue.

    When we find a reliable GDPR valid share count solution we bring back the share count.

    I am open for any suggestions

    @reniherme, I have mashsharer developer license, and the not showing the sharecounts anymore is def. an issue. As for ideas, maybe you could possibly integrate with something like Sharecount.com? It is free for 10,000 queries daily, which for most users should be enough, but if not they could always upgrade. Maybe take a look at this plugin: https://www.ads-software.com/plugins/shared-counts/

    Just a thought. ??

    @mchelles Thank you for the suggestion. In the past we already had a built in sharedcount.com integration. Then the service discontinued and we had to remove it.
    So, I think it’s time to implement it again:-)

    We’ll do that asap.

    Thank you! Just saw the notification when I logged into my WP dashboard today. ??

    I am glad that you like it @mchelles ??

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘The Mashshare plugin might NOT be GDPR compliant (privacy law) when you use it’ is closed to new replies.