9 out of 10 websites leak user data

New research from the University of Pennsylvania (Exposing the Hidden Web: An Analysis of Third-Party HTTP Requests on One Million Websites) has found that “nearly nine in ten websites leak user data to parties of which the user is likely unaware [and sites that] leak user data contact an average of nine external domains.”

Explaining his research to Motherboard, Tim Libert said:

“If you visit any of the top one million sites there is a 90 percent chance largely hidden parties will get information about your browsing. […] Most troubling is that if you use your browser setting to say ‘Do Not Track’ me, the explicitly stated policy of nearly all the companies is to flat-out ignore you.”

And according to Libert, “The worst perpetrator is Google, which tracks people on nearly 80 percent of sites”.

The commercial use of tracking information isn’t surprising – every organization wants to better understand its customers in order to provide a better service. The more troubling issue for many is the fact that so many third parties also use Google tracking information – including, as Edward Snowden revealed, the NSA.

As the debate about the trade-off between security and privacy rumbles on – consider the collapse of the EU/US Safe Harbor agreement in October and the amount of comment elicited earlier this month when the Senate passed the Cybersecurity Information Sharing Act (CISA) for two recent examples – the extent to which users’ browsing information is shared could well inform further legislation.

As Libert concludes: “user privacy is widely compromised by numerous parties in tandem, users often have limited means to detect these privacy breeches, a handful of powerful corporations receive the vast majority of user data, and that state intelligence agencies such as the NSA may be leveraging this commercial surveillance infrastructure for their own purposes. Furthermore, current privacy protections are wholly inadequate in light of the scale and scope of the problem.”