Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Look before you leap. -- Samuel Butler


rocksolid / Security / Websites that Collect Your Data as You Type

SubjectAuthor
o Websites that Collect Your Data as You TypeMiner

1
Websites that Collect Your Data as You Type

<tah8i0$8kl$1@txtcon.i2p>

 copy mid

https://www.rocksolidbbs.com/rocksolid/article-flat.php?id=259&group=rocksolid.shared.security#259

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!i2pn.org!rocksolid2!txtcon.i2p!.POSTED.127.163.152.53!not-for-mail
From: invalid@invalid.invalid (Miner)
Newsgroups: rocksolid.shared.security
Subject: Websites that Collect Your Data as You Type
Date: Mon, 11 Jul 2022 13:28:32 -0000 (UTC)
Organization: txtcon.i2p
Message-ID: <tah8i0$8kl$1@txtcon.i2p>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 11 Jul 2022 13:28:32 -0000 (UTC)
Injection-Info: txtcon.i2p; posting-account="miner"; posting-host="127.163.152.53";
logging-data="8853"; mail-complaints-to="txtcon@i2pmail.org"
 by: Miner - Mon, 11 Jul 2022 13:28 UTC

https://www.schneier.com/crypto-gram/archives/2022/0615.html#cg4

A surprising number of websites include JavaScript keyloggers
that collect everything you type as you type it, not just when
you submit a form.

Researchers from KU Leuven, Radboud University, and University of
Lausanne crawled and analyzed the top 100,000 websites, looking
at scenarios in which a user is visiting a site while in the
European Union and visiting a site from the United States. They
found that 1,844 websites gathered an EU user's email address
without their consent, and a staggering 2,950 logged a US user's
email in some form. Many of the sites seemingly do not intend to
conduct the data-logging but incorporate third-party marketing
and analytics services that cause the behavior.

After specifically crawling sites for password leaks in May 2021,
the researchers also found 52 websites in which third parties,
including the Russian tech giant Yandex, were incidentally
collecting password data before submission. The group disclosed
their findings to these sites, and all 52 instances have since
been resolved.

"If there's a Submit button on a form, the reasonable expectation
is that it does something-that it will submit your data when you
click it," says Guenes Acar, a professor and researcher in
Radboud University's digital security group and one of the
leaders of the study. "We were super surprised by these results.
We thought maybe we were going to find a few hundred websites
where your email is collected before you submit, but this
exceeded our expectations by far."

Research paper.
https://homes.esat.kuleuven.be/~asenol/leaky-forms/leaky-forms-usenix-sec22.pdf
SHA256(leaky-forms-usenix-sec22.pdf)= 4877b4854aa8e1b39ff2553c6ad84ccff9f4be3455627babee866f5917116d0c

--
Miner

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor