Commonly, it is believed that your data is collected only if you hit the ‘submit’ or similar button on a web page. But, you may be wrong. Because, that is not always the case with the web, says new research. According to the new study, many websites collect some or all of your data as you type it into a digital form.
Researchers from KU Leuven, Radboud University, and the University of Lausanne studied 100,000 websites in two scenarios – visiting a site from the European Union and visiting a site from the United States. And, they found out that 1,844 websites gathered an EU user’s email address without consent while 2,950 captured a US user’s email in some form. It is mostly third-party marketing and analytics services that cause the behaviour. The researchers specifically crawled websites for password leaks in May 2021 and found 52 ones where third parties collected data before submission. Those 52 instances have been resolved so far.
The researchers will submit their findings at the Usenix Security Conference in August. They started the research to investigate ‘leaky forms’ by media reports. In their opinion, this data collection is similar to keyloggers, the malicious programs that log everything targets type. Although this phenomenon exists, users of mainstream websites may not be expecting this. The researchers say that the regional differences could be because of regulations in different countries. But, that is not an adequate explanation in terms of privacy.
The group also had a discovery about Meta Pixel and TikTok Pixel, invisible marketing trackers used to track users across the web and show them ads. These tracking pixels grab hashed email addresses, an obscured version of email addresses used to identify web users across platforms, before submission. When it comes to the US users, 8,438 sites may have been leaking data to Meta, Facebook’s parent company. For EU users, 7,379 sites do the same. TikTok Pixel works in 154 sites for US users and 147 for EU users.