Study Finds Some Websites Leaking Personal Information to Third Parties
A recent study conducted by researchers at Stanford University’s Center for Internet and Society found many websites “leak” information in referrer headers sent to third parties. The researchers looked at 185 websites (selected from the Quantcast top 250) to see if what personal information, if any, those websites leaked to third parties via referrer headers and request URIs. The results of the study showed that the most frequently leaked information was a username or userID (leaked to third parties on 113 of the 185 websites studied). The study also found that websites leaked other identifying information, e.g., email address, first and last name, birthday, address, gender, and, in a few cases, even passwords, to third parties.
The researchers also reviewed the posted privacy policies and statements of several first party websites and third party trackers. In several cases, the policies and statements contained representations about not sharing personally identifiable information that appear to be contradicted by the results of the study.