The University of Nijmegen, together with the University of Lausanne, conducted a study that found that many of the 100,000 most popular websites on the global network collect data from web forms before the user who fills them out clicks the submit button. And this happens without his knowledge.
Many websites have been found to collect personally identifiable information, including users’ email addresses, via built-in third-party trackers used for advertising and marketing purposes. Universities automatically analyzed the behavior of 100,000 popular websites when visited by US and EU users. It turned out that 1844 resources “collected” data, including email addresses, from visitors from the EU. In the case of US visitors, 2,950 of those sites actually stole data.
In most cases, the trackers were owned by meta-companies.* and TikTok, which receive user data from the pages they visit. However, the researchers identified 41 previously unknown tracker domains. In conducting the study, the experts deliberately ignored instances where websites likely had “legitimate” reasons for collecting information, such as searching the website’s database for a similar username or email address.
In the US, trackers are known to collect data on USA Today, Business Insider, Fox News, Time, and Trello, and in the EU on Independent, Shopify, Newsweek, and Marriott. Third-party services are said to have collected passwords from forms at 52 locations.
Based on the results of the study, the experts recommended that users should always assume that the information entered into the web form will be collected by trackers, even if the user never initiates the submission – an issue that has received increased attention from browser developers, cybersecurity specialists and others requires special security software.
In addition to the “normal” collection of addresses, in some cases meta trackers* and TikTok collected hashed personal data. It is assumed that the survey is due to the fact that the Facebook script* mistakenly interpreted button clicks as confirmation of form submission. meta representative* and TikTok have not yet commented on media inquiries.
It’s well known that Apple and other companies have already started blocking third-party cookies and trackers to keep users safe, but the idea of collecting email addresses is too attractive to be fully embraced by marketers to be abandoned.
It is also known that email addresses serve as the “perfect identifier” for long-term tracking of visits across platforms, especially when compared to other parameters. Detailed information will be presented at the Usenix conference in August.
* It is included in the list of public associations and religious organizations for which the court made a final decision, activities on the grounds of Federal Law No. 114-FZ of July 25, 2002 “On Combating Extremist Activity”.