No boundaries for user identities: Web trackers exploit browser login managers

Gunes Acar, Freedom to Tinker, Dec 27, 2017
Commentary by Stephen Downes
files/images/Autofill-blog-post2-1024x667.png

The first item in this series, describing how websites record your sessions by tracking keyboard clicks and mouse movements - was an eye-opener. This article talks about how your browser betrays you. "Third-party scripts exploit browsers’ built-in login managers (also called password managers) to retrieve and exfiltrate user identifiers without user awareness." I tested it myself on their live demo page and it certainly appears to work. There's a list of sites that use this technique for grabbing email addresses and using them for tracking. Using ad blockers can help prevent this. But the best defense is to disable browser auto-fill options and use a third party password manager like 1password instead. Via Ben Werdmuller.

Views: 1 today, 382 total (since January 1, 2017).[Direct Link]