When typing something on the internet, be it a registration form or making an online purchase, it is normal for data to be saved only when the user clicks the submit button. However, recent research says just the opposite.
According to researchers at KU Leuven, Radboud University and the University of Lausanne, a surprising number of websites are collecting some or all of the data as Internet users type on web pages.
In all, 100,000 of the top internet sites were discovered taking advantage of this practice. The tests simulated a scenario in which the user visits these addresses from the European Union and the United States.
The results indicate that 1,844 addresses collected the e-mail typed from the European Union without the user’s consent; and, in the case of the United States, that number rose to 2,950. Many of them may not have the need to collect this information, but incorporate the third-party services that cause this behavior.
Image: FLY:D on Unsplash
The sites began to be investigated after a massive password leak in May 2021 pointed directly to these addresses as the source of the information gathering. This is because it was indicated that 52 of these sites were responsible for storing passwords before submission.
“If there is a button to submit a form, the reasonable expectation is that it will do something – that it will submit your data when you click on it. We were surprised by these results. We thought that maybe we would find a few hundred sites where your email is collected before you send it, but this far exceeded our expectations,” said Güneş Acar, professor and researcher at Radboud University’s Digital Security Group and one of the study’s leaders. .
Image: anyaberkut/iStock
The researchers raise a rather worrying point. They cite that these sites work as so-called keyloggers, which are malicious programs created to record everything the target types on the machine.
“In some cases when you click on the next field they collect the previous one, like you click on the password field and they collect the email, or you just click anywhere and they collect all the information right away,” says Asuman Senol, a privacy expert and identity researcher at KU Leuven, as well as being one of the authors of the study.
Privacy risks for website users
Photo: Pete Linforth/Pixabay
Acar also warns that the risks are high, mainly because users can be “tracked even more efficiently; they can be tracked across different websites, sessions, across multiple mobile devices and desktops. An email address is a very useful identifier for tracking, because it’s global, it’s unique, it’s constant. You cannot clear it like you clear your cookies. It is a very powerful identifier.”
He also cites that as technology companies seek to eliminate cookies out of privacy concerns, marketers and related areas will increasingly rely on other means, such as phone numbers and emails, to do their jobs.
Via: ArsTechnica
