Security News > 2022 > May > Third-party web trackers log what you type before submitting
The purpose of website trackers is to monitor visitor activity, derive data points related to preferences, log interactions, and maintain a persistent anonymous ID for each user.
The sites use trackers to provide a more personalized online experience to their users, but they also allow third-party trackers to help advertisers serve targeted ads to their visitors and increase monetary gains.
Many of these third-party trackers are using scripts that monitor for keystrokes when inside a form, and save the content, even before the user presses the submit button.
The data collected by the university researchers shows that the problem stems from a small number of trackers that are prevalent on the web.
LiveRamp's trackers were found in 662 sites whose email addresses were logged, Taboola was present in 383, Verizon collected data from 255 sites, and Adobe's Bizible ran in 191 sites.
The typical 'we share your personal data with selected marketing partners' doesn't cut it for GDPR. According to the study, the email exfiltration by third parties via trackers breaches at least three GDPR requirements, namely the transparency principle, the purpose limitation principle, and the absence of consent requests.