Stanford Researcher Finds Lots of Leaky Web Sites

Published on

The Web is porous. Remarkable information trickles in from everywhere. It also sometimes spills out without its users knowing exactly where or how.

Take for instance these findings, released on Tuesday by computer scientists at Stanford University. If you type a wrong password into the Web site of The Wall Street Journal, it turns out that your e-mail address quietly slips out to seven unrelated Web sites. Sign on to NBC and, likewise, seven other companies can capture your e-mail address. Click on an ad on and your first name and user ID are instantly revealed to 13 other companies.

These findings, released by the Center for Internet and Society at Stanford Law School, are among the leaks found on 185 top Web sites. They serve to buttress what privacy advocates have long warned of: Your online travel — your clickstream, as it’s poetically known — is not always anonymous. It can often be traced right back to rather precise parts of you, including your name and e-mail address. The study was released at an event organized by the Center for Digital Democracy in Washington.

In this case the leaks appeared to be a byproduct of the way Web browsers dealt with the handoff between one page and the next, which can result in the sharing of the first page’s address with third-party sites. If a site is set up to include personal information in the page address, then that information is shared as well.

“It’s a fact of life on the Web. Identity will leak to a third party,” said the study’s principal author, Jonathan Robert Mayer, a law and computer science student.

Companies that track Web activity commonly say that they analyze data at the macro level to better target search results and advertising: something as general as new home buyers in a particular ZIP code who may be interested in ads for home and garden products. A body of new research is beginning to show that as our digital footprint grows, it becomes ever easier for companies (and in principle, government authorities) to know more precisely who those home buyers are.

Computer scientists at AT&T Research Labs and Worcester Polytechnic University studied 120 Web sites, not including social networks, and found that over half of them leaked what the researchers called “sensitive and identifiable information to third-party aggregators.”

Meanwhile, a Carnegie Mellon University computer scientist named Alessandro Acquisti has taken photographs of random strangers on a college campus and used facial recognition technology to “re-identify” roughly a third of them from a rich trove of publicly available photographs on Facebook. Even more remarkably, so much personal data now lies scattered online that he was able to glean their Social Security numbers in about a fourth of the cases.

Latest Videos

Latest Releases

In The News

Latest Report

Support Consumer Watchdog

Subscribe to our newsletter

To be updated with all the latest news, press releases and special reports.

More Releases