A study conducted by researchers revealed that some of the top 100,000 websites collect data from their online forms even before you hit the submit button. In some cases, many of these most-visited sites even collect visitors’ password data without consent. A large number of websites that collect personal data (including their users’ email addresses) without their users’ prior permission appear to have this behavior due to the integration of third-party trackers for advertising and marketing purposes.

The study, conducted by researchers from the Universities of Leuven, Radboud and Lausanne, is based on a system capable of crawling and analyzing the top 100,000 websites from two different locations (EU and US). It showed that of the total number of websites analysed, as many as 1,844 websites obtained data without consent, including the email addresses of visitors from the EU region. According to the study, for visitors from the United States, this number increases to 2,950 websites.

In most cases, the followers came from companies like Meta and TikTok, which took data from the top sites analyzed. However, the researchers also noted that 41 previously unknown tracker domains were found to be involved in capturing user data from top-tier websites before the user clicked the submit button.

In conducting the study, the researchers specifically avoided considering situations where a website might have a legitimate reason to collect users’ email addresses prior to submission. For example, in some cases, the website checks whether the email or username already exists in the database.

Still, researchers have found many popular websites where online trackers capture email addresses before users consent.

See also  Thailand’s new cryptocurrency regulations require users to open accounts in person – regulations bitcoin news

In the US, the top 10 sites with email addresses leaked to trackers include USAToday, Business Insider, Fox News, Time and Trello, while in the EU the list includes Independent, Shopify, Newsweek and Marriott.

The researchers also found 52 websites where third parties, including Russia’s Yandex, accidentally collected passwords before submitting them. Yandex has out a fix to prevent password collection when contacted by the research team.

“Based on our findings, users should assume that personal information they enter into web forms may be collected by trackers — even if the form is never submitted,” the researchers detail their study in an 18-page paper. “Given its scale, intrusiveness, and unintended side effects, the privacy issues we investigate deserve more attention from browser vendors, privacy tool developers, and data protection authorities.”

In addition to regularly capturing email addresses, the researchers noticed that Meta and TikTok’s trackers in some cases collected hashed personal information from web forms. This is due to the “ matching” feature found to be responsible for capturing hashed data, including email addresses, prior to submission.

“We believe the leak is due to Facebook’s script interpreting unrelated button clicks as ‘submit button click’ events,” the researchers said.

Advertisement Shout has reached out to Meta and TikTok to clarify this research and will update this article when the companies respond.

Apple and other tech giants have started blocking third-party cookies and trackers to help reduce online tracking of users. However, despite ongoing limitations, the idea of ​​tracking online visitors by email address can help marketers develop effective solutions.

See also  Unmarshal raises $2.6 million from industry heavyweight companies to build a multi-chain data indexing protocol – press release bitcoin news

The researchers also noted in their co-authored paper that email addresses are an “ideal identifier” that could help fill in the gaps of online trackers, as compared to other such parameters, they allow for cross-platform updates. long tracking.

The findings will be presented in detail at the Usenix Security Conference in August.



Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/advertis/domains/advertisementshout.com/public_html/wp-includes/functions.php on line 5275

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/advertis/domains/advertisementshout.com/public_html/wp-includes/functions.php on line 5275

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/advertis/domains/advertisementshout.com/public_html/wp-content/plugins/really-simple-ssl/class-mixed-content-fixer.php on line 110