Some Websites Could Leak Your Data Even Before You Submit It GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security
Some Websites Could Leak Your Data Even Before You Submit It
And it might even be intentional
By Mayank Sharma Mayank Sharma Freelance Tech News Reporter Writer, Reviewer, Reporter with decades of experience of breaking down complex tech, and getting behind the news to help readers get to grips with the latest buzzwords. lifewire's editorial guidelines Published on May 20, 2022 10:36AM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Researchers found thousands of the top websites capturing and sharing form data even before users pressed the Submit button.The collection isn’t always for advertising purposes, suggest privacy experts.Many websites owned up and corrected the mistakes, but several still defy the rules. Donald Ian Smith / Getty Images Websites are getting craftier at collecting and sharing your information. An extensive study into the top 100,000 websites revealed that many leaked information people entered in the site forms to third-party trackers before people even pressed the submit button. It found thousands of such websites that leaked everything from email addresses to passwords, though thankfully, many fixed the issues once the researchers contacted them. "It is concerning to see websites leaking passwords," Rick McElroy, Principal Cybersecurity Strategist at VMware, told Lifewire over email, reacting to the research. "I am happy to see that once notified, the organizations made changes to their code to stop that practice." Enter to Leak
The study was conducted to determine whether online trackers misuse access to web forms. The researchers point to a survey where 81% of the respondents admitted to abandoning online forms at some point. "We believe it is strongly against users' expectations to collect personal data from web forms for tracking purposes prior to submitting a form," noted the researchers. "We wanted to measure this behavior to assess its prevalence." Prasit Photo / Getty Images In all, they tested 2.8 million pages on the world's highest-ranking sites. Of these, 1,844 websites allowed trackers to exfiltrate email addresses before submission, when visited from Europe. When visited from the US, the number of sites collecting information before submission increased to 2,950. The researchers note that the data leaks were apparently unintentional in some instances, with incidental password collection on 52 websites being resolved thanks to the study's findings. "Some websites told us that they were not aware of this data collection and rectified the issue upon our disclosures," wrote the researchers, who will present their findings at the upcoming USENIX Security Symposium, in Boston, Massachusetts. Stay Safe
Chris Hauk, consumer privacy champion at Pixel Privacy, said that while the data leaks are coming from the websites, there are a couple of things people can do on their end to at least slow the data leaks. "Users can visit Electronic Frontier Foundation's Cover Your Tracks website to determine how website trackers see your browser, revealing how sites can track you while online, and what you can do to at least partially prevent it,” Hauk suggested to Lifewire over email. Personal data and its value form the business model for many modern digital enterprises for the past 20+ years... The usual advice of using a VPN to cover your online tracks won’t be of much use to prevent this sort of leak. Hauk suggests using a disposable email address, separate from your usual personal email account, for use on websites that ask for such information. McElroy asked people to either use a web browser built for privacy like Brave, or to install privacy add-ons, such as Privacy Badger, on their regular browser. He also advocated for multi-factor authentication to minimize the damage of password leaks. Additionally, the researchers have developed a proof-of-concept browser add-on called Leak Inspector that warns and protects against data exfiltration. Data Economy
Expressing his surprise at the extent of the collection, McElroy said people must understand that human-generated data is a commodity that'll be collected, shared, analyzed, and used for multiple purposes. "Most of the time these purposes aren't necessarily malicious (like sharing data with a third-party advertiser) however the flow between and amongst systems with various levels of security makes all consumers vulnerable and creates a ripe landscape for attackers to take advantage of," explained McElroy. David Rickard, CTO North America at Cipher, a Prosegur company, thinks that people should presume that every form they fill out on the internet is saving data while data entry is underway, and every form they fill out becomes the property of the website and re-sold to third-parties. "Personal data and its value form the business model for many modern digital enterprises for the past 20+ years, even if their privacy policies explicitly state that they don't gather PII [Personally Identifiable Information] and sell it," Rickard told Lifewire over email. He said data aggregators work around privacy regulations by collecting several different datasets that may not include name, address, etc., which aren't PII as such, but when matched against hundreds of additional data points from other datasets, can identify individuals with a success rate of over 90%. "This gives rise to services that are something like actuarial tables (or believed to actually be actuarial tables) indicating credit worthiness, insurability, employability, likelihood of different addictions, likely political and religious affiliations, you name it," said Rickard. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Why Incognito Mode May Not Be Private and What You Can Do About It How to Upload a Podcast to Spotify How to Remove Your Information From the Web Create a 'Mailto' Email Form in Dreamweaver How to Send a Form via Email How to Manage AutoComplete in Internet Explorer 11 How to Browse the Web Anonymously 9 Best Ways to Hide Your Identity Online How to Use App Tracking Transparency on iPhone How Does the Microsoft Edge Password Monitor Work? Manage Browsing History and Private Data in Firefox How to Protect Private Info Stored on Your iPhone How to Disable WebRTC What is TLS vs. SSL in Online Security? What Are Cookies on a Computer? What Is an SWF File? (And How to Open or Play One) Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies