Three-quarters of websites directly leak private information to third-party trackers, according to a study.
The study by the Worcester Polytechnic Institute in the US looked at 120 popular websites and found that 75% leaked information - including email addresses, physical addresses, and the unique configuration of a user's web browser.
The news comes as lawmakers on both side of the Atlantic investigate the way cookies are regulated, but according to the researchers the problem goes further than tracking cookies.
"Despite a number of proposals and reports put forward by researchers, government agencies, and privacy advocates, the problem of privacy has worsened significantly," said WPI computer science professor Craig Wills.
"With the increasing and increasingly worrisome linkage of personal information from all sorts of websites, we believe it is time to move beyond what is clearly a losing battle with third-party aggregators and examine what roles first-party sites can play in protecting the privacy of their users."
Third-party sites have a powerful economic incentive to continue to collect and aggregate user information, so relying on them to protect user privacy will continue to be a losing battle
The study found that websites permitted tracking sites to link many disparate pieces of information, including browsing histories contained in tracking cookies and the contents of searches on health and travel sites, to create detailed profiles of individuals.
According to the report, 56% of the sites directly leak pieces of private information, such as names and email addresses, with the result growing to 75% if site user IDs were included.
The study also claimed that sensitive search strings sent to healthcare websites and travel itineraries on flight reservation sites were leaked by nine of the top ten sites studied for each category.
“In some cases, information was passed deliberately to the third-party sites,” said Wills. “In others it was included, either deliberately or inadvertently, as part of routine information exchanges with these sites.
According to Wills, the problem has yet to be addressed by officials, and even proposals to stem the flow of information, such as a Do Not Track system, are inadequate because participation is not mandatory.
"A key failure of the FTC (Federal Trade Commission) report is that it largely ignores the responsibility of websites in safeguarding the privacy of their users," he said. "These sites should play a custodial role in protecting their users and preventing the leakage of their sensitive or identifiable information.
“Third-party sites have a powerful economic incentive to continue to collect and aggregate user information, so relying on them to protect user privacy will continue to be a losing battle."
0 comments:
Post a Comment