To facilitate the constitution of the behavioral profile of Internet users, some marketing companies do not hesitate to extract the identifiers stored in the password manager of browsers.
How it works
To connect to its online accounts (merchant sites, administrations, banks, etc), what is more practical than using the automatic entry that offer password managers built into browsers? Chrome, Firefox or Edge have indeed been able for a long time to save your login and password, and return them automatically when they fall on the authentication form of the site in question.
The problem is that this approach presents the risk of seeing its identifiers sucked by marketing companies specializing in advertising targeting. This is what researchers Gunes Acar, Steven Englehardt and Arvind Narayan from Princeton University have just revealed. They have detected two statistical analysis and marketing scripts, AdThink and OnAudience, which are able to retrieve user login credentials for a given site.
The principle is quite simple: once connected to a site, the user navigates on different pages, one of which contains the famous marketing script. This generates an invisible login form that the browser will automatically fill. The script captures the identifier - which is often an email address - and generates from it a mathematical fingerprint (hash MD5, SHA1, SHA256) that will be sent to the servers of the marketing provider.
Why ?
These scripts will also collect other information about browser configuration and user actions. The advantage of recovering the fingerprint of the identifier is that all this information will be able to be associated with a unique value that is far from being anonymous. "To find out if a user is in the data set, just hash the user's email address and perform a search," say the researchers in a blog note. This collection thus greatly facilitates the behavioral and advertising targeting of Internet users. The fingerprint makes it possible for marketing companies to compare their data sets with each other and to establish a complete profile of the user.
This extraction works if the site editor takes no precaution when it integrates the script of its marketing partner. Logically, the browser should consider this code as coming from a third party and, in accordance with the principle of separation of origins (Same Origin Policy), do not insert the identifiers in the form. "However, if a publisher integrates the third-party script without isolating it in an iframe, it is considered as coming from it," explain the researchers.
The next time that your browser asks you if you want to save your password,think twice !
Picture source : Phonandroid
Thanks for reading
done :) upvote back :)
@OriginalWorks
The @OriginalWorks bot has determined this post by @sofdz to be original material and upvoted it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
Good piece of content
Thanks!
Ohh my God I did that always.. Im afraid to lose my secret accounts :( .. By the way thanks for the post
Well try to earse your browser data and avoid saving your passwords again ! you're welcom :)
Where should i erase in what settings please guide me thanks again
Congratulations @sofdz! You received a personal award!
Click here to view your Board of Honor
Congratulations @sofdz! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!