> I keep wondering: Does anyone actually use these social buttons?
The suppliers of said social buttons do; every time you see one while you're logged into FB / G+ / Twitter, a hit of you visiting that site is registered at said parties, and they can all, thanks to the prevalence of these sharing buttons, track your internet usage.
This should be regulated somehow (yeah, I know, I sound like an 19th century guy). But probably lobbyist won't give up on that easily. I have disabled all that crap in my adblock, but there are millions of people who are not that savvy / aware etc.
My friend from Germany told me that in some (but not all) the pages, there are dummy social buttons loaded by default, you have to "enable" them. Try any article at [1]. It actually displays grayed placeholders only [2], and things are fetched from G/T/FB only when you click it - you can see in HTTP console.
This is actually being used to comply with data privacy laws here in Germany, in a way. Right now it's not entirely clear whether it's legal to use these social buttons, so to be on the safe side, many sites opted for this "click to enable" system.
Learn to block Javascript selectively, for instance using NoScript you can block JS from Facebook unless you actually are on a facebook.com domain. This gets rid of the annoying social button functionality.
As a simple example, the hit gives them your IP address. Often, this is all they need in order to identify you. (My IP address is technically dynamic, but remains fixed for weeks at a time. And... even if I use a different browser to sign into Facebook, they still have that IP address as well as the relevant timeframe for my possession of it.
I could spin up a VM and route the FB or non-FB traffic through a proxy, but I haven't reached that point, yet. (Probably, foolishly and to my detriment...)
P.S. In other words, state is already stored on their servers, not (or rather, in addition to) your browser.
Disable fetching any third party resources of all sorts, problem solved.
Obviously, rulesets should be tuples of (source pattern, resource type, destination pattern), not silly lists ("allow google.com", huh?) like most browser extensions do.
I am using Ghostery, which does a pretty good job of intelligently blocking (and also notifying me) of trackers.
However, there are some sites that stupidly execute JS that is vital to the running of the page after attempting to initialize Google Analytics or other services. The end result is that they get a "Cannot call method 'bleh' of undefined" error which prevents the rest of their JS executing, hence broken page. If I'm really interested in actually loading the page, then I have to resort to allowing the trackers to run. sigh.
Unfortunately, I can't see how this could be averted, stopping short of an extension which catches all uncaught exceptions, then tries to forcefully remove all JS which is meant to interact with 3rd parties. It could be done either via pattern matching, because Google Analytics code looks much the same on most peoples sites, or it could be through something more fun, like https://github.com/mattdiamond/fuckitjs (who would of thought there would actually be a proper use case for something like that??)
For some of the bigger ones the extension could try to keep some dummy scripts that match the api properly. e.g. make it look like GA started but not actually send them anything at all. Though that sounds like a cat and mouse game.
Another is https://github.com/mischat/shareNice. They look like they do pretty much the same thing: Serve the icons themselves, and just make them a link to the respective services.
SocialCount looks like it also cares about how many times a link has been shared, and uses a server-side script to figure that out. That seems like a nice approach if you really want that info, because it doesn't let the social service track the end user.
shareNice seems to have a wider range of services that it supports.
The suppliers of said social buttons do; every time you see one while you're logged into FB / G+ / Twitter, a hit of you visiting that site is registered at said parties, and they can all, thanks to the prevalence of these sharing buttons, track your internet usage.