A paper developed by researchers from multiple European universities uncovered that some of the most popular websites collect data you type in online forms, even if you don’t hit the submit button. Some websites collect partial data, but others store literally everything you type in sections such as ‘contact us, ‘comment,’ etc. Most users would think that if they do not hit that submit button, they will not be giving away the info they’ve typed, but the paper developed by the EU cyber researchers appears to prove that on many occasions, the data entered ends up linked to you.
The information left in blank spaces is often recorded and sold to third-party brokers and advertisers who use it to track the users around the internet. However, the report suggests that some websites do not intend to conduct such data-logging but are still filled with third-party services that do precisely that, effectively letting interested parties know what users might want to submit to a website.
Some of the most valuable pieces of information usually left in such forms are phone numbers and email addresses. Emails are potent identifiers as users rarely change them when moving around different sites and platforms. This may explain why advertisers have been able to catch up on your requests for a new mortgage or pool quote, even if you never submitted the information to mortgage companies or pool builders. Most known tracking domains happily receive such information and then use it to track users across different sites and social media platforms.
Logging such information is very similar to what malicious key-logger programs do. Some sites log just keystrokes, but others log all the typed information from all fields when a user moves to the next part of the form. The researchers looked predominantly at EU and US-based websites, and the results of data-collecting sites in North America were shockingly higher when compared to the numbers from the EU.
If you’ve ever typed your password in a username field by mistake, you might have accidentally exposed it to marketers and advertisers. Of course, they likely wouldn’t express much interest in your security word, but the fact that your passcode might already be out there is undoubtedly a scary thought and an excellent excuse to keep changing it at least once every three months.
The researchers have been actively trying to notify websites that express such behavior about the possible problem they may be having when it comes to guest privacy and law, especially in the EU. If you want to maintain your privacy, you may consider creating new emails from time to time and using reputable VPN services while browsing online.