|
A new study finds 3,000 websites on which third-party tracking companies scoop up what you type into forms in real time — even if you never hit submit. This happens on about 1,800 websites for E.U. users too, likely in violation of the GDPR. https://homes.esat.kuleuven.be/~asenol/leaky-forms/leaky-forms-usenix-sec22.pdf (Via https://twitter.com/random_walker/status/1524433565668102144) 6 comments
 ^ “Our results—likely lower bounds—show that on thousands of sites email addresses are collected from login, registration and newsletter subscription forms; and sent to trackers before users submit any form or give their consent.” : @EU_Commission @rufposten Very interesting study. This might not always be the intend by the website owners themselves. Shows the need for not trusting any JS snippets and browser extensions. To me, it also shows that content security policies (CSP) not only keep your site safer, but also the visitors.  |
Gregory's Server
@rufposten yeah and it is even sold to publishers by there advertising partners as "alternate way to cookies". their tools scanning for email-fields and use the input to generate uniq advertising ids - cross platform ids.