Blogger websites

Websites that collect your data as you type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form.

Researchers from KU Leuven, Radboud University and the University of Lausanne explored and analyzed the top 100,000 websites, examining scenarios in which a user visits a site while in European Union and visits a site from the United States. They found that 1,844 websites harvested an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form or another one. Many sites apparently do not intend to log data, but integrate third-party marketing and analytics services that cause the behavior.

After specifically crawling sites for password leaks in May 2021, researchers also found 52 websites where third parties, including Russian tech giant Yandex, accidentally collected password data before to submit them. The group disclosed its findings to those sites, and all 52 cases have since been resolved.

“If there is a submit button on a form, it is reasonably expected to do something – to submit your data when you click on it,” says Güneş Acar, a professor and researcher with the group. digital security from Radboud University and one of the leaders. of the study. “We were super surprised by these results. We thought we might find a few hundred websites where your email is collected before you submit it, but this far exceeded our expectations.

Research paper.

*** This is a syndicated security blog from Schneier’s Security Bloggers Network written by Bruce Schneier. Read the original post at: