reports that nearly 3% of 2.8 million pages included in the 100,000 top ranking websites worldwide have been found to leak information entered in site forms including usernames, email addresses, passwords, and personal identifiers to third-party trackers prior to submission.
Through a DuckDuckGo Tracker Radar Collector-based crawler, university researchers found that 2,950 and 1,844 websites were observed to enable email address exfiltration prior to form submission when visited from the U.S. and Europe, respectively, while 52 websites had similar password collection mechanisms, which have been remedied after being notified by the researchers.
The report also showed that LiveRamp had trackers collecting email addresses in 662 sites, while Taboola, Verizon, and Adobe's Bizible had email-exfiltrating trackers in 383, 255, and 199 websites, respectively. Moreover, Yandex had the most number of trackers for password collection.
Disparities in reported trackers in the U.S. and EU stems from the existence of GDPR laws
that apply stricter data protections for individuals in the EU, according to researchers.