Ad targeters are pulling data from your browser’s password manager - The Verge


34 bookmarks. First posted by yowhicker 21 days ago.


Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password. But…
from instapaper
16 days ago by mathewi
Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password. But…
browser  privacy  security  from instapaper
17 days ago by geekzter
Ad this to the list of reasons for why you absolutely should be running protective software when browsing the web. I run 1Blocker, Ghostery and Better.
18 days ago by thingles
Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password.
Archive 
18 days ago by plouf
The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising.
Security  passwords  t  browsers 
18 days ago by paulbradshaw
Another example of the growing similarities between ads and XSS. Ad blockers don’t just improve your experience; they improve your security, too.
security 
18 days ago by shiflett
Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password.
18 days ago by pitiphong_p
Favorite tweet: jcstearns

Publishers - are digital ads on your sites enabling this kind of privacy invation and tracking of your readers? Do you know? https://t.co/0jcunypGjg http://pic.twitter.com/ChJ5lE97n9

— Josh Stearns (@jcstearns) January 1, 2018

http://twitter.com/jcstearns/status/947922865093038080
IFTTT  twitter  favorite 
18 days ago by tswaterman
According to new research from Princeton's Center for Information Technology Policy, [password] managers are being exploited as a way to track users from site to site. The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising.
advertising  privacy  km 
18 days ago by osi_info_program
+1. FWIW, this latest bit of adtech has caught my attention:

tl…
from twitter
18 days ago by douglevin
RT : This is evil. Another reason to hate ad targeters.
from twitter
19 days ago by camflan
The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. The plugins focus largely on the usernames, but according to the researchers, there’s no technical measure to stop scripts from collecting passwords the same way. The only robust fix would be to change how password managers work, requiring more explicit approval before submitting information. “It won't be easy to fix, but it's worth doing,” says Arvind Narayanan, a Princeton computer science professor who worked on the project. In the case of AdThink, that information was also being funneled back to Axciom, a massive consumer data broker, presumably to be added to the growing file on whoever was visiting the site.
19 days ago by sechilds
via Pocket, Ad targeters are pulling data from your browser’s password manager
ifttt  pocket 
19 days ago by snehavii
Why people install adblockers, episode 67291
from twitter_favs
19 days ago by kyleridolfo
RT : Ad targeters are pulling data from your browser’s password manager
from twitter_favs
20 days ago by girma
Oh, ugh. Ad targeters are pulling data from your browser’s password manager
from twitter
20 days ago by Ssivek
Diabolical. Have to appreciate the evil brilliance of the adtech engineer.
s 
20 days ago by jgordon
Highly disturbing - Ad targeters are pulling data from your browser’s password manager
from twitter
20 days ago by bytebot
Annnnd yet another reason I run a
from twitter
20 days ago by nicksergeant
RT : JFC.

Ad targeters are pulling data from your browser’s password manager
from twitter_favs
21 days ago by kohlmannj