Sensitive, Personal Data Leaked from Majority of Web Sites

By Channel Insider Staff  |  Print this article Print

A new study finds that it's not just third-party Facebook apps thta are leaking user data to third-party networks and advertisers. Most Web sites do it.

A team of university researchers examined more than 100 "popular" Websites and found three-quarters of the sites leaked private information or users' identifying data to third-party tracking sites.

The survey results were released shortly after Facebook came under fire for inadvertently passing user data to other parties.

More than half (56 percent) of sites "directly leak" private information, and the number goes up to 75 percent if the user ID is included under private data, according to an academic paper. The researchers, Balachander Krishnamurthy of AT&T Labs, and Konstantin Naryshkin and Craig E Wills of Worchester Polytechnic Institute, found that information is leaked in various ways to third-party sites that track user behavior for advertisers. The researchers presented the report at the Web 2.0 Security and Privacy conference in Oakland, Calif., on May 26.

"No site should be exposing user information to a third party," Wills, a professor of computer science at Worcester Polytechnic Institute, told eWEEK.

In some cases, information was passed "deliberately" to other sites, but in others, it was included as part of routine information exchange. The researchers were unable to tell conclusively whether the inclusion was deliberate or inadvertent. Data leaks could have occurred as users were creating, viewing, editing or just logging into their accounts. They could also have occurred while navigating the site as many of them exposed search terms.

"We believe it is time to move beyond what is clearly a losing battle with third-party aggregators and examine what roles the first-party sites can play in protecting the privacy of their users," said Wills.

For more, read the eWeek article: Most Web Sites Regularly Leak Sensitive Personal Data Survey.