2 min read

Researchers Find Thousands of Websites that Record Everything You Type

Radu CRAHMALIUC

May 16, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researchers Find Thousands of Websites that Record Everything You Type

Have you ever wondered how some websites know so much about you? Sure, they collect the information you give them when registering an account, and they track your visits using cookies, but that’s all, right?

Wrong. Some might also be key-logging you, a behavior that you’d expect from malware but not a legitimate website.

According to shocking new research conducted by a team of specialists from KU Leuven, Radboud University, and the University of Lausanne, key-logging sites aren’t just a hypothesis. They’re a reality. In fact, a significant number of websites, actively record everything you type during your visit, including email addresses and passwords, even without clicking the “Submit” button.

How does the tracking work?

Let’s say, for example, you want to register for a newsletter, and you type your e-mail address, but at the last moment, you change your mind and delete it. Chances are, that site still recorded your e-mail address, even if you didn’t tap the “Submit” button. Do you have to fill out a form but you abandon it halfway there? It doesn’t matter because everything you typed has been submitted anyway.

“If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it,” says Güneş Acar, a professor, and researcher in Radboud University's digital security group. “We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”

According to the research, out of 100,000 tested websites, 1,844 websites gathered an EU user's email address without their consent, and 2,950 logged a US user's email in some form. On top of that, the researchers also found 52 websites in which third parties, including the Russian giant Yandex, were collecting password data before submission.

But who’s doing this? And why?

Surprisingly enough, many of the sites have no intention of data-logging users, however, they incorporate third-party marketing and analytics services that force the behavior. Furthermore, a difference in legislation between the US and the EU, which has tougher privacy regulations, including the EU's General Data Protection Regulation (GDPR) might explain the regional differences, as some companies are probably more careful when tracking users.

Phasing out cookies altogether, however, isn’t a universal solution for boosting privacy, says Güneş Acar, a researcher that has unmasked keylogging before. In his opinion, this will only force marketers and advertisers to rely more on static IDs like phone numbers and email addresses.

“The privacy risks for users are that they will be tracked even more efficiently; they can be tracked across different websites, across different sessions, across mobile and desktop,” Acar says. “An email address is such a useful identifier for tracking, because it’s global, it’s unique, it’s constant. You can’t clear it like you clear your cookies. It's a very powerful identifier.”

How can you protect yourself?

Interested in protecting your Online Privacy and learning about your Digital Footprint? Visit Cyberpedia, our dedicated educational zone, and find out more about how your personal information can be exploited, how a VPN can boost your online privacy, and how our Digital Identity Protection (DIP) service can help you.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits
Silviu STAHIE

January 31, 2023

1 min read
Hackers steal 10 million customer details from JD Sports Hackers steal 10 million customer details from JD Sports
Graham CLULEY

January 30, 2023

2 min read
North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read