2 min read

Researchers Find Thousands of Websites that Record Everything You Type

Radu CRAHMALIUC

May 16, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researchers Find Thousands of Websites that Record Everything You Type

Have you ever wondered how some websites know so much about you? Sure, they collect the information you give them when registering an account, and they track your visits using cookies, but that’s all, right?

Wrong. Some might also be key-logging you, a behavior that you’d expect from malware but not a legitimate website.

According to shocking new research conducted by a team of specialists from KU Leuven, Radboud University, and the University of Lausanne, key-logging sites aren’t just a hypothesis. They’re a reality. In fact, a significant number of websites, actively record everything you type during your visit, including email addresses and passwords, even without clicking the “Submit” button.

How does the tracking work?

Let’s say, for example, you want to register for a newsletter, and you type your e-mail address, but at the last moment, you change your mind and delete it. Chances are, that site still recorded your e-mail address, even if you didn’t tap the “Submit” button. Do you have to fill out a form but you abandon it halfway there? It doesn’t matter because everything you typed has been submitted anyway.

“If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it,” says Güneş Acar, a professor, and researcher in Radboud University's digital security group. “We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”

According to the research, out of 100,000 tested websites, 1,844 websites gathered an EU user's email address without their consent, and 2,950 logged a US user's email in some form. On top of that, the researchers also found 52 websites in which third parties, including the Russian giant Yandex, were collecting password data before submission.

But who’s doing this? And why?

Surprisingly enough, many of the sites have no intention of data-logging users, however, they incorporate third-party marketing and analytics services that force the behavior. Furthermore, a difference in legislation between the US and the EU, which has tougher privacy regulations, including the EU's General Data Protection Regulation (GDPR) might explain the regional differences, as some companies are probably more careful when tracking users.

Phasing out cookies altogether, however, isn’t a universal solution for boosting privacy, says Güneş Acar, a researcher that has unmasked keylogging before. In his opinion, this will only force marketers and advertisers to rely more on static IDs like phone numbers and email addresses.

“The privacy risks for users are that they will be tracked even more efficiently; they can be tracked across different websites, across different sessions, across mobile and desktop,” Acar says. “An email address is such a useful identifier for tracking, because it’s global, it’s unique, it’s constant. You can’t clear it like you clear your cookies. It's a very powerful identifier.”

How can you protect yourself?

Interested in protecting your Online Privacy and learning about your Digital Footprint? Visit Cyberpedia, our dedicated educational zone, and find out more about how your personal information can be exploited, how a VPN can boost your online privacy, and how our Digital Identity Protection (DIP) service can help you.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read