2 min read

Researchers Find Thousands of Websites that Record Everything You Type

Radu CRAHMALIUC

May 16, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researchers Find Thousands of Websites that Record Everything You Type

Have you ever wondered how some websites know so much about you? Sure, they collect the information you give them when registering an account, and they track your visits using cookies, but that’s all, right?

Wrong. Some might also be key-logging you, a behavior that you’d expect from malware but not a legitimate website.

According to shocking new research conducted by a team of specialists from KU Leuven, Radboud University, and the University of Lausanne, key-logging sites aren’t just a hypothesis. They’re a reality. In fact, a significant number of websites, actively record everything you type during your visit, including email addresses and passwords, even without clicking the “Submit” button.

How does the tracking work?

Let’s say, for example, you want to register for a newsletter, and you type your e-mail address, but at the last moment, you change your mind and delete it. Chances are, that site still recorded your e-mail address, even if you didn’t tap the “Submit” button. Do you have to fill out a form but you abandon it halfway there? It doesn’t matter because everything you typed has been submitted anyway.

“If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it,” says Güneş Acar, a professor, and researcher in Radboud University's digital security group. “We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”

According to the research, out of 100,000 tested websites, 1,844 websites gathered an EU user's email address without their consent, and 2,950 logged a US user's email in some form. On top of that, the researchers also found 52 websites in which third parties, including the Russian giant Yandex, were collecting password data before submission.

But who’s doing this? And why?

Surprisingly enough, many of the sites have no intention of data-logging users, however, they incorporate third-party marketing and analytics services that force the behavior. Furthermore, a difference in legislation between the US and the EU, which has tougher privacy regulations, including the EU's General Data Protection Regulation (GDPR) might explain the regional differences, as some companies are probably more careful when tracking users.

Phasing out cookies altogether, however, isn’t a universal solution for boosting privacy, says Güneş Acar, a researcher that has unmasked keylogging before. In his opinion, this will only force marketers and advertisers to rely more on static IDs like phone numbers and email addresses.

“The privacy risks for users are that they will be tracked even more efficiently; they can be tracked across different websites, across different sessions, across mobile and desktop,” Acar says. “An email address is such a useful identifier for tracking, because it’s global, it’s unique, it’s constant. You can’t clear it like you clear your cookies. It's a very powerful identifier.”

How can you protect yourself?

Interested in protecting your Online Privacy and learning about your Digital Footprint? Visit Cyberpedia, our dedicated educational zone, and find out more about how your personal information can be exploited, how a VPN can boost your online privacy, and how our Digital Identity Protection (DIP) service can help you.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read
Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside
Silviu STAHIE

June 30, 2022

2 min read