THOUSANDS of websites are collecting your data as you type it, a new study claims.
If you thought typing something out on a website and then erasing it before submission keeps your information safe – think again.
1
Researchers from KU Leuven, Radboud University, and the University of Lausanne analyzed the top 100,000 websites on Google search in Europe and the United States and found some interesting statistics.
Users’ email addresses are gathered for tracking, marketing, and analytics domains before they submit any forms or give consent.
This was the case for 1,844 websites when visited from the EU and 2,950 when visited from the US.
A number of the sites did not intentionally conduct the data-logging but featured third-party marketing and analytics services that do.
The study also found incidental password collection on 52 websites by third-party session replay scripts.
Included in that list is the Russian tech giant Yandex, which faced a massive data breach earlier this year.
The study’s authors noted that after they disclosed their findings to these sites, all 52 instances have since been resolved.
“If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it,” Güneş Acar, a professor at Radboud University, and one of the leaders of the study, said.
Most read in Tech
“We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”
In a follow-up investigation, the researchers found that Meta (formerly, Facebook) and TikTok collect hashed personal information from web forms even when the user does not submit the form and does not give consent.
“In some cases, when you click the next field, they collect the previous one, like you click the password field and they collect the email, or you just click anywhere and they collect all the information immediately,” Asuman Senol, a privacy and identity researcher at KU Leuven and one of the study co-authors, noted.
“We didn’t expect to find thousands of websites; and in the US, the numbers are really high, which is interesting.”
The study authors are slated to present their findings in full at the USENIX security conference in August.
The authors added that they were inspired to investigate the study, dubbed “leaky forms”, by media reports from online publication Gizmodo.
Furthermore, they hope that their findings will raise awareness about the issue, not only for regular web users but for website developers and administrators as well.
We pay for your stories!
Do you have a story for The US Sun team?
