A team of university
researchers examined more than 100 "popular" Websites and found three-quarters
of the sites leaked private information or users' identifying data to
third-party tracking sites.
The survey results were
released shortly after Facebook came under fire for inadvertently passing user data to other parties.
More than half (56 percent) of
sites "directly leak" private information, and the number goes up to 75 percent
if the user ID is included under private data, according to an academic paper.
The researchers, Balachander Krishnamurthy of AT&T Labs, and Konstantin
Naryshkin and Craig E Wills of Worchester
Polytechnic Institute, found that information is leaked in various ways to
third-party sites that track user behavior for advertisers. The researchers
presented the report at the Web 2.0 Security and Privacy conference in Oakland,
Calif., on May 26.
"No site should be
exposing user information to a third party," Wills, a professor of
computer science at Worcester Polytechnic Institute, told eWEEK.
In some cases, information
was passed "deliberately" to other sites, but in others, it was included as
part of routine information exchange. The researchers were unable to tell
conclusively whether the inclusion was deliberate or inadvertent. Data leaks
could have occurred as users were creating, viewing, editing or just logging
into their accounts. They could also have occurred while navigating the site as
many of them exposed search terms.
"We believe it is time to
move beyond what is clearly a losing battle with third-party aggregators and
examine what roles the first-party sites can play in protecting the privacy of
their users," said Wills.
For more, read the eWeek article: Most Web Sites Regularly Leak Sensitive Personal Data Survey.
