Sign In

Communications of the ACM

ACM TechNews

Login Managers Abused By Third-Party Scripts For Tracking Purposes

View as: Print Mobile App Share:
browser password manager, illustration

Credit: The Verge

Researchers at Princeton University have found that Web trackers are exploiting browser login managers, and that a long-known vulnerability is being abused by third-party scripts for tracking websites.

The researchers note the tracking scripts can collect information provided by a browser's login manager to create a persistent identifier, tracing users as they move between Web pages. The researchers examined two different scripts designed to get information from browser-based password managers, which inject invisible login forms in the background of the Web page and gather whatever data the browsers autofill into the available slots. That data can be used as a persistent ID to track users from page to page.

The researchers examined 50,000 sites from the Alexa top 1 million and visited all of the top 15,000 sites, they randomly sampled 15,000 sites from the Alexa rank range of 15,000 to 100,000, and they also randomly sampled sites from the range of 100,000 to 1 million.

From Tech Xplore
View Full Article


Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


No entries found