Ad targeters are pulling data from your browser’s password manager - The Verge
The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising.
Mais il n’y a pas de voleurs sans complices :
For Narayanan, most of the blame goes to the websites who choose to run scripts like AdThink, often without realizing how invasive they truly are. “We’d like to see publishers exercise better control over third parties on their sites,” Narayanan says. “These problems arise partly because website operators have been lax in allowing third-party scripts on their sites without understanding the implications.”