- Reviewing 185 largest websites, 61 percent release usernames.
- Previous study found 56 percent of 120 websites reviewed released some sort of information.
- Usernames, thanks to social networks, give people easy access to full names, photo and other information.
- Just by clicking on a Home Depot ad, 13 different sites received user first name and email address.
- Expert says this study isn't indicative of lack of anonymity on the web, but identifying technical issues.
According to a study conducted by Stanford University Law School, 61 percent the top websites reviewed were passing on your user ID to third-parties without tell you -- sometimes they didn't even know they were doing it.
In an initial study released in July, the authors reviewed signup and interaction of 120 popular sites, finding 56 percent leaked some sort of private info.
A more recent study of website leaking practices was conducted as a follow-up including more websites and specific analysis of username or user ID leakage.
PC World has more:
Many websites "leak usernames to third-party advertising networks by including usernames in URLs that the ad networks can see in referrer headers, said the study. [...] While there's a debate in legal circles whether usernames are personal information, there's a growing consensus among computer scientists that Web-based companies can use usernames to identify their owners, said Jonathan Mayer, a Stanford graduate student who led the study.
"The vast majority of usernames are unique," he said. "Given the prevalence of social networking, often times, once you have a username for a social network, you then also have a person's real name, possibly a photo, possibly more."
Here are some examples of other information leaked from specific sites from the study:
- Viewing a local ad on the Home Depot website sent the user's first name and email address to 13 companies.
- Entering the wrong password on the Wall Street Journal website sent the user's email address to 7 companies. [...]We identified the Wall Street Journal leak in a different browsing session from the one reported in the spreadsheet – and by accident. In the interest of consistency – we did not test logging out and logging back in on other sites, nor logging in with the wrong password – we decided to discuss the leak in our post but not our spreadsheet.
- Changing user settings on the video sharing site Metacafe sent first name, last name, birthday, email address, physical address, and phone numbers to 2 companies.
- Signing up on the NBC website sent the user's email address to 7 companies.
- Signing up on Weather Underground sent the user's email address to 22 companies.
- The mandatory mailing list page during CNBC signup sent the user's email address to 2 companies.
- Clicking the validation link in the Reuters signup email sent the user's email address to 5 companies.
- Interacting with Bleacher Report sent the user's first and last names to 15 companies.
- Interacting with classmates.com sent the user's first and last names to 22 companies.
The study authors go on to state the concept of anonymity does not exist in third-party web-tracking, but PC World reports the Information Technology and Innovation Foundation questioning this assertion. Daniel Castro, a senior analyst at the foundation, said that the report "identified some technical issues that websites can address to improve privacy." He states that majority of businesses do not abuse user information and have the appropriate policies and privacy practices in place.