Home Webiste Trackers Stealing users Data
Post
Cancel

Webiste Trackers Stealing users Data

Trackers are Everywhere on the Internet

TrackersEye Trackers Eye

According to a recently conducted study, around 3% of the website trackers might be collecting people’s form inputs even before they hit the “Submit” button. Even if users type something and then delete it, these websites would still record their keystrokes and remember the fields they chose not to give inputs for. This data collected without their consent might contain some sensitive or personal information, which could be later used for targeted ads and sometimes for nefarious purposes. The study called “Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission” was conducted by university researchers with a sample size of 100,000 of the highest-ranking websites in the world, which makes a total of 2.8 million pages. With the help of a website crawler, the team of researchers found these results. While most users believe that websites only record things they type when they submit them, up to 2,950 sites out of the 100,000 sampled sites were doing more than that. Around 3% of the time, trackers collect data right from the moment users start typing into the form. Websites make use of these trackers for several reasons, but majorly, they are used to personalize browsing for users and collect information about visitor activity. Trackers allow website developers to know what kind of content users are engaging in. But third-party trackers help advertisers to make sure the ads users see are targeted to things they are more likely to buy. The researchers attached a machine learning classifier to the tracker. This classifier was earlier trained to detect email and password fields and intercept any possible script access to those fields. Several third-party trackers are using scripts that keep track of the keystrokes when users type within the form. If the trackers save the information before users submit it, some of them might be able to gain access to email addresses and passwords without the consent of the users.

This post is licensed under CC BY 4.0 by the author.