This article was published on November 5, 2015

Research reveals 9 of 10 websites leak user data to third parties

Research reveals 9 of 10 websites leak user data to third parties
Bryan Clark
Story by

Bryan Clark

Former Managing Editor, TNW

Bryan is a freelance journalist. Bryan is a freelance journalist.

The idea of websites tracking users without their knowledge or permission isn’t new, but you might be surprised at just how big a problem it really is.

Tim Libert, a privacy researcher at the University of Pennsylvania, published new peer-reviewed research that attempted to quantify just that. His conclusion borders on sensational, I think. Let the data speak for itself

9 out of 10 websites leak user data to a third-party and typically without the user having any knowledge of this.

To perform the research, Libert used his own open source software creation called webXray, a program he’d used previously to analyze trackers on health and porn websites. Not only did he find that most websites were leaking user data, but they were sharing it (sometimes unknowingly) all over the web.

“Sites that leak user data contact an average of nine external domains, indicating that users may be tracked by multiple entities in tandem,” Libert wrote in his new paper.

“If you visit any of the top one million sites there is a 90 percent chance largely hidden parties will get information about your browsing,” Libert told Brian Merchant, Senior Editor at Motherboard. “Most troubling is that if you use your browser setting to say ‘Do Not Track’ me, the explicitly stated policy of nearly all the companies is to flat-out ignore you,” he told me, referring to your chosen browser setting.

“The worst perpetrator is Google, which tracks people on nearly 80 percent of sites, and does not respect DNT [Do Not Track]  signals,” he said.

Google didn’t respond to TNW’s request for comment, but a similar request from Motherboard led to a representative pointing to its Terms of Service, which states it’s against Google policy to send personally identifiable information to third-parties. They also offer extended privacy controls, data sharing settings and an opt-out browser extension for Chrome.

Facebook, on the other hand, doesn’t offer any of these tools and warns users in its own Terms of Service that it can and will track you on and off the site.

Technologies like cookies, pixel tags (“pixels”), device or other identifiers and local storage (collectively, “Cookies and similar technologies”) are used to deliver, secure, and understand products, services, and ads, on and off the Facebook Services.

Twitter chose an entirely different way to deal with privacy concerns and Do Not Track, by… surprise, not ignoring them entirely.

“That said, the positive takeaway is that Twitter is taking a real lead in the industry by respecting DNT and deserves some serious credit,” Libert said. “If all companies were acting like Twitter I wouldn’t have much to complain about in this regard.”

Want to avoid being tracked? Unfortunately you don’t have a lot of options. Browser extensions and VPNs help, but the only way to get legitimate protection from tracking and data spillage is by using a service like Tor and just accepting the slowdowns and usability issues that come along with it.

Anyone have a better option?

Nine Out of Ten of the Internet’s Top Websites Are Leaking Your Data [Motherboard]

Get the TNW newsletter

Get the most important tech news in your inbox each week.