Study: Three quarters of the sites share private data with third parties
Not only social networks often neglect the protection of privacy. Worcester Polytechnic Institute researchers http://www.wpi.edu and the telecom giant AT&T found in a study of 120 popular web offers that 56 percent pass on private data such as e-mail or real-world addresses directly to third parties. If you also count the passing on of the user ID, there are even such data leaks on three quarters of the pages. This allows tracking pages to create extensive user profiles.
"This result is frightening from a data protection point of view, but unfortunately not surprising," said Ralf Benzmüller, Head of G Data SecurityLabs, in an interview with pressetext. Because the transfer of information to advertising companies is practically part of the business model in today's Internet. In contrast, users can protect themselves very effectively, but not necessarily practically.
Massive data leaks
The US researchers concentrated on well-visited websites for which users need their own account with their own user ID. In doing so, they took into account various types of offers, from news sites to photo sharing services to health portals. Almost half of the websites examined therefore share the respective user ID with third parties, but some of the leaks are much more extensive. For example, on a job search page, the researchers observed that it transmits real name, email address and home address to an advertising company.
Using data leaks of this kind on several pages, the data collectors can theoretically create alarmingly precise user profiles - possibly even taking into account search queries that provide information about health problems or travel plans. The researchers do not believe that this can be dealt with through legislation. "We believe that one has to look at the apparently lost battle against third party aggregators and see what role the visited websites themselves should play in protecting privacy," said WPI computer science professor Craig Willis.
Self-protection too effective
In any case, the problem is closely linked to the phenomenon of online advertising. "In a way, it's the price you pay for free services," says Benzmüller. Because personalized advertising is the best from the advertiser's point of view. In principle, of course, it is easy to protect yourself from data leaks through advertising banners. Users can use ad and pop-up blockers - a functionality that is built directly into modern browsers to a certain extent. It is also very effective to turn off JavaScript completely. The problem: These self-protection approaches are sometimes extremely impractical.
"An unbelievable number of portals from Facebook to webmail don't work without JavaScript," explains the G Data eexpert. In many cases, the log-in for the respective online service fails. Many ad blockers, on the other hand, cause massive amounts of "false positives" - that is, they often block content that is actually desired. According to Benzmüller, the Firefox plug-ins "NoScript" and "YesScript" are comparatively practical. This allows the user to set relatively fine rules as to which websites are allowed to execute JavaScript. In order to use these tools effectively, however, a certain amount of technical understanding is clearly an advantage.
(ck) 05.06.2011/XNUMX/XNUMX
.