Caution!
Websites collect the email you type - even before you send it
When we type information in forms on websites, we tend to think that the information is only sent when we submit the form.
New research reveals that thousands of sites collect what we type - even before we submit
Niv Lillian
17/05/2022
Tuesday, 17 May 2022, 12:39 Updated: 12:44
Share on Facebook
Share on WhatsApp
Share on Twitter
Share on Email
Share on general
Comments
Comments
Collect what we type - even before we send (Photo: ShutterStock)
When you sign up for a newsletter, book a hotel room or enter details before contacting the company, you probably assume that if you typed something wrong or changed your mind it does not matter, as long as you did not click "Submit", right?
well no.
According to a new study, a huge number of sites record and collect everything you type in their forms, even if you did not click the submit button on the form.
Researchers from the Universities of Luban and Lausanne examined the 100,000 most visited sites and imagined visitors from the European Union and the United States.
1,844 sites collected the email address without the permission of the mock European visitors, and close to 3,000 sites collected the email address of surfers from the United States.
Apparently most sites did not do so with malicious intent - but as a side effect of third-party marketing and measurement tools.
More on Walla!
Watch: How to turn dinner with the kids into an experiential activity?
In collaboration with Galil
1,844 sites collected the email address without the permission of the visitors (Photo: ShutterStock)
"If there's a 'Submit' button on a form, the reasonable expectation is that it does something, and it will provide the information as soon as you click on it," says Guns Acker, a researcher in the Digital Security Group at Redwood University and one of the research leaders.
"We were very surprised by the results. We thought we would find several hundred sites where your email address was collected even before you submitted the form, but it exceeded our expectations."
The researchers, who will present their findings at the Usenix conference in August, told WIRED that the inspiration to investigate the issue came from reports of "liquid forms" that third-party entities collect climbing information, regardless of delivery status.
Basically, this operation is similar to keystrokes, Keyloggers, which are mostly malware that records everything a person types.
This is behavior that you would not expect to find on the biggest sites on the net.
"Your email address was collected before you sent the form" (Photo: ShutterStock)
Similarly, the group tracked trackers originating from invisible meta (Facebook) and tic-tac-toe tracking pixels, where advertisers could enable a feature that would collect email addresses from garages from a form.
For American users, 8,438 sites suspected of leaking information to meta / Facebook, and 7,379 sites that collected addresses of European surfers, for tic tac the numbers are much lower: 154 sites for users from the United States, and 147 for surfers from Europe.
The researchers reported this to Facebook, the company has deployed an engineer to address the issue, but have not heard from them since, similarly the researchers have not received a response from Tic Tac.
WIRED contacted companies for a response, but did not receive it.
Acker notes that "an email address is a useful ID for tracking, because it is global, unique and permanent. It cannot be disposed of like cookies. It is a very powerful ID."
Acker further notes that as companies move away from the use of cookies, they are moving to using more permanent IDs - such as phone numbers and email addresses.
technology
Privacy and security
Tags
securing
privacy