Today’s Journal du Geek reports that some unscrupulous websites do not clutter up their webpages with a Submit button when visitors are filling in a form.
If you have already filled in a web form before changing your mind, your data has doubtless been sucked up by an unscrupulous website. In a recent study carried out by researchers from 3 European universities, which will be presented at the Usenix Security conference in August, we learn that some platforms are capable of spying on every character typed on a keyboard.
By analysing 2.8 mn. webpages on the world’s 100,000 most visited websites, the research’s assessment is definitive: in the case of a web form filled completed in Europe, nearly 2,000 of them are capable of collecting the user’s email address before that user has clicked the Send button. One of the joint authors Güne Acar of Radboud University in Nijmegen states: “We were very surprised by the results. We thought we might find a few hundred sites where your email address is collected before you send it, but the result far exceeded our expectations”.
However, the situation in Europe remains better than that in the United States. Whereas the old continent recorded “only” 1844 cases of abusive data sucking, the same request, when sent from the United States triggered 60% more instances, for a total of 2,950 cases, a difference which can be explained in particular by the presence in Europe of the GDPR , which since 2018 has obliged platforms to obtain users’ consent before collecting data..
How do websites record one’s data without consent?
For all practical purposes the majority of sites collecting data before submission forwards email addresses (encrypted or unencrypted) to third party sites are generally specialist advertising campanies, which collected the data to serve up personalised advertising (aka corporate graffiti. Ed.). In some less frequent instances a key logger is used to enable the keystrokes made to be directly recorded.
In Europe, the matter is even more sensitive since a good number of major sites, including Facebook owners Meta and TikTok were amongst the sites tested.