Security News > 2022 > May > Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit

A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users' email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent.

LiveRamp, Taboola, Adobe, Verizon, Yandex, Meta, TikTok, Salesforce, Listrak, and Oracle are some of the top third-party trackers that have been spotted logging email addresses, while Yandex, Mixpanel, and LogRocket lead the list in the password-grabbing category.

The idea behind harvesting email addresses entered in online forms, even in cases where the users do not submit any form, has also been fueled by ongoing attempts by browser vendors to drop support for third-party cookies, forcing marketers to look for alternative static identifiers to track users.

Fast forward five years later, not much has changed, the researchers said, what with websites related to fashion/beauty, online shopping, and general news emerging as the top categories with the most "Leaky forms."

"Despite filling email fields on hundreds of websites categorized as pornography, we have not a single email leak," the findings show, noting how it lines up with previous studies that have shown that adult websites have relatively fewer third-party trackers when compared to general sites with comparable popularity.

"Users should assume that the personal information they enter into web forms may be collected by trackers-even if the form is never submitted," the researchers concluded, calling on a further investigation from browser vendors, privacy tool developers, and data protection agencies.

News URL

https://thehackernews.com/2022/05/web-trackers-caught-intercepting-online.html