back to article Hundreds of websites share usernames sans permission

Home Depot, The Wall Street Journal, Photobucket, and hundreds of other websites share visitor's names, usernames, or other personal information with advertisers or other third parties, often without disclosing the practice in privacy policies, academic researchers said. Sixty-one percent of websites tested by researchers from …


This topic is closed for new posts.
  1. Daniel 4

    Violating computer security is only a crime if you're "Anonymous"

    "In August, they revealed JavaScript hosted on and three other Microsoft websites that secretly logged visitors' browsing histories across multiple web properties, even when the users deleted browser cookies to elude tracking. The researchers also exposed a marketer that helped websites deliver targeted ads by exploiting a decade-old browser flaw that leaks the history of websites that users visit."

    To me, it isn't that surprising that this occurred. What is disgusting is that nothing has been done about it. Laws are already on the books that make this criminal behavior - not the tracking itself per se, but deliberately and knowingly bypassing the security measures on another computer. Just from this paragraph alone, it is my firm belief that both Microsoft and this marketer should be under criminal investigation. I also question whether or not a fine alone is adequate punitive action; there where individual humans who made the decision to bypass the security settings of thousands, if not millions, of computers on the 'net. If some kid somewhere scraped out this much information from people's computers against their will, the FBI would be turning over the couches and shaking them looking to see if clues would fall out.

    Someone, or multiple someones, should be in prison right now.


    P.S. - Not trying defend anyone with my title, just pointing out the double standard.

    1. Anonymous Coward
      Anonymous Coward

      There's this thing...

      Called a class action lawsuit....

    2. Anonymous Coward
      Anonymous Coward


      Does this surprise you?

      It's been that way in the real world for some time now.

      If you have a uniform or hat you are pretty much exempt.

      If you earn money from it on which tax is paid there's a pretty good chance you'll get away with it.

      If you are more "established" than the victim (e.g. company of more than 20 v. individual) then you'll get away with.

      If you are "regulated" you'll get away with it.

      If you use credit referencing instead of allowing a court to hear a balanced argument from both sides you'll get away with it.

      If it involves profiting rather than simply retaining what's yours then you'll get away with it.

      It's called capitalism (or sometimes democracy by our less literate cousins across the pond)

      1. Daniel 4

        My general disgust

        @AC 07:22

        "There's this thing...

        Called a class action lawsuit...."

        Which is civil, not criminal. I'm all for a class action lawsuit in this case, but the fact remains, this should ALSO be investigated as a criminal case. There is no difference here between a common criminal setting up websites to scrape users information and what these "legitimate" companies are doing, and their Executive Officers (at minimum) should be held personally responsible for it.

        @AC 9:30

        "Does this surprise you?"

        No, actually. In fact, I believe the very first line of my post said that I wasn't surprised, rather, I was disgusted. Criminal behavior in the corporate world has become common enough that people aren't even noticing anymore, and unfortunately, this will not change until we eliminate the corporate shield and start holding individuals in corporations responsible for their actions.


  2. deadlockvictim

    User data not sacred?

    Next you'll be telling us that Facebook plays hard and fast with our data and sells it to the highest bidder.

    Have you no shame, sir!

  3. I ain't Spartacus Gold badge

    Noticed this kind of naughtiness last week

    I get special offer emails from a restaurant chain (let's call them Zizzzzzzzi's to protect the guilty). So I clicked to get my voucher, and it turns out they don't provide their own, you have to register with some interwebs voucher company - who I guess are subsidising the offer.

    So I click on the link, to see who they are. And do I get sent to a landing page, with info on who this company are, and what they do? Nope. I'm sent to a sign-up form, with my name, email address and date of birth already filled in.

    Cheers! That's beautiful care for my personal data!

    Admittedly it's only a webmail account, and I might have lied about my date of birth... But that's not really the point.

  4. Anonymous Coward
    Anonymous Coward

    WSJ eh?

    I find it utterly shocking that a paper owned by NewsCorp has a lax policy on private data.

  5. JamieL

    What's a 3rd party?

    But you see, these guys aren't "passing your data to a 3rd party". They're using a fulfilment agent who aren't technically a 3rd party from a data protection perspective, they're just doing stuff on their behalf.

    Now, if that "3rd party" were to do anything with the data that wasn't strictly on behalf of the requestor, well that _would_ be wrong. Like and the firm that was sending out marketing emails on their behalf who had the list compromised.

    So, it's up to you to satisfy yourself that not only the firm you give this data to can look after it themselves, but also that their agents do so as well. But of course it's not something you ask when you sign up is it? And they wouldn't tell you anyway.

  6. Evan Essence

    Sleazy scumbags

    It seems there's more than one use for an adblocker, and I'm so glad I use one.

    And Google Analytics and DoubleClick resolve here to, for some strange reason.

  7. This post has been deleted by its author

  8. Dave 15

    If we all just gave these muppet sites false information whenever we can then they would stop doing it.

    Why, for example, do websites where you need to contact a company to complain/ask info REQUIRE name, address, phone, email, date of birth, inside leg, length of dong....

    They need a way of replying (in some cases) and little else.

    The BBC is one offender requiring far more than needed. As such they have a person 'anotherfakename' living in TV centre with their switchboard as a phone number and a defunct and dead hotmail email account. They 'need' and 'require' the information but clearly don't.

This topic is closed for new posts.

Other stories you might like