6th Annual Summer Kickoff Mixer July 14 at SPACES, Toronto

Leaky Forms: Thousands of Popular Websites See What You Type—Before You Hit Submit

Wired | | May 11, 2022

key loggers - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit SubmitWhen you sign up for a newsletter, make a hotel reservation, or check out online, you probably take for granted that if you mistype your email address three times or change your mind and X out of the page, it doesn't matter. Nothing actually happens until you hit the Submit button, right? Well, maybe not. As with so many assumptions about the web, this isn't always the case, according to new research.

A surprising number of websites are collecting some or all of your data as you type it into a digital form.

“If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it,” says Güneş Acar, a professor and researcher in Radboud University's digital security group and one of the leaders of the study. “We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”

See:  Modernizing Privacy Law in Canada – Striking the Right Balance

“In some cases, when you click the next field, they collect the previous one, like you click the password field and they collect the email, or you just click anywhere and they collect all the information immediately," says Asuman Senol, a privacy and identity researcher at KU Leuven and one of the study coauthors.

"We didn’t expect to find thousands of websites; and in the US, the numbers are really high, which is interesting,”

The researchers, who will present their findings at the Usenix security conference in August,  say they were inspired to investigate what they call “leaky forms” by media reports, particularly from Gizmodo, about third parties collecting form data regardless of submission status. They point out that, at its core, the behavior is similar to so-called key loggers, which are typically malicious programs that log everything a target types. But on a mainstream top-1,000 site, users probably won't expect to have their information keylogged. And in practice, the researchers saw a few variations of the behavior. Some sites logged data keystroke by keystroke.

See:  6 lessons on online privacy and digital authentication

“The privacy risks for users are that they will be tracked even more efficiently; they can be tracked across different websites, across different sessions, across mobile and desktop,” Acar says. “An email address is such a useful identifier for tracking, because it’s global, it’s unique, it’s constant. You can’t clear it like you clear your cookies. It's a very powerful identifier.”

Continue to the full article --> here

 


NCFA Jan 2018 resize - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit SubmitThe National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit SubmitFF Logo 400 v3 - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit Submitcommunity social impact - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit Submit

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit Submit



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - Leaky Forms:  Thousands of Popular Websites See What You Type—Before You Hit Submit




 

Leave a Reply

Your email address will not be published. Required fields are marked *