Thousands of Websites Are Collecting Everything You Type

pcmag.com:

You'd be forgiven for thinking websites don't take any notice of what you type until the submit button is clicked or tapped, but you'd be wrong.

As Ars Technica reports(Opens in a new window), research carried out by KU Leuven, Radboud University, and the University of Lausanne reveals thousands of websites(Opens in a new window) are collecting every character typed, as you type it. The research team looked at the top 100,000 websites and discovered that 1,844 collected email addresses without consent within the EU, and that shoots up to 2,950 in the US.

In a lot of cases the websites aren't doing this on purpose, they simply leak the information via third-party tools used for marketing and analytics. It gets worse than that, though, as 52 websites were found to be collecting passwords, too. Thankfully the researchers contacted each website doing this and the password collection has stopped in all cases.

It's a similar situation with the Meta and TikTok invisible pixels used to track users across different websites using a hashed (obscured) version of their email address. The researchers found that in the US, 8,438 websites leaked user data to Meta, and 154 sites leaked data to TikTok. Both Meta and TikTok were informed of the data leaking by the research team, but neither company has confirmed the collection has since stopped. And don't forget, Facebook already admitted it can't control where your data goes.

As well as releasing a paper(Opens in a new window), the research team will be presenting their findings at the Usenix Security '22 conference(Opens in a new window) in August.

For users concerned about their privacy online, there are steps you can take to better protect yourself. And this research clearly shows