2022-05-18 00:00:00

Securityemail|form|Javascript|login|privacy|tracking|web site

Advertisers secretly collect email addresses from web page login forms

When you fill in a form or login to a web page, you probably expect that only the web service where you want to sign in gets your email address and password. Unfortunately, ad tech businesses that track people on the internet may capture the email address even before you hit any buttons on the page.

This data collection method applies to all forms and input fields on web pages. Information you submit to a web site may be collected by advertisers before you accept or submit the form, and before you have given your consent to collect your data. Even if you abandon the form, close it, or simply navigate to another page, your keystrokes have been recorded and stored in advertisers' databases.

The disturbing discovery was made by a group of researchers at Radboud University in The Netherlands, University of Lausanne in Switzerland and KU Leuven in Belgium. The researchers developed a program that simulated filling in login forms and other types of forms. It simultaneously monitored what happened to the user data that was processed in the background. They ran the test program on top 100,000 popular web sites, and discovered that when visited from a US address, 2950 web sites had advertisers that collected email addresses before the user clicked a button or accepted data collection. When web sites were visited from a EU address, 1844 web sites leaked email addresses to advertisers before user had pushed any button or approved data capture.

leaky forms research: number of web sites handing email addresses over to ad tech
Fashion and beauty is the business segment that most frequently leaks email addresses, followed by Online shopping, News, Computers, Business. Source: Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission.

The researches also highlight at their web page Leaky Forms that 52 web sites leaked login passwords to advertisers. When the web sites received information about the password leak, each one corrected it. After the test program had collected information from the popular web sites, the team was notified that Facebook and TikTok had started to collect data from web site forms as well.

How is this possible? When a web page is loaded to a browser, it often includes small programs that the browser executes in the user's phone or computer. Typically, these programs are implemented in Javascript. The programs can read, write and manipulate data on a web page, collect user input, and send data where they want.

The owner of the web page is responsible for the content of the page. If it includes program code that does strange things, it is likely that the owner of the web page has decided to allow advertisers access the page. It is possible - and the research also indicates - that web page owner is not aware of every activity advertisers perform on their pages.

Is it possible to prevent leaking email addresses and other personal data?

Yes, it is possible to considerably restrict or even prevent data collection. A simple and easy way to protect yourself is to use a web browser that has good privacy features. This means moving away from browsers like Google Chrome and Microsoft Edge, and making Brave, Vivaldi, or Librefox the default browser on a computer. On a mobile device, DuckDuckGo, Qwant and Vivaldi are safe choices.

One step further is to use multiple privacy-focused browsers so that each browser has its own dedicated tasks. For instance, one browser is dedicated to banking, email, calendar, and other services that deal with sensitive information. Another browser is for social media access.

Despite the EU's GDPR regulation some web sites continue collecting user data without consent. These businesses are taking a considerable risk.

News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain


Everyone loves a pretty mountain scenery

2024-10-24 16:54:02

arihak

Everyone loves a pretty mountain scenery