Study finds sites leak user information

A recent study by Stanford Law School's Center for Internet and Society found that there were privacy leaks on 185 of the Internet's most visited websites. (AUBRIE LEE/The Stanford Daily)

Privacy leaks occur on 185 of the Internet’s top visited websites, according to a recent study by Stanford Law School’s Center for Internet and Society (CIS). The report was authored by Jonathan Mayer, a graduate student in computer science and at the School of Law. The report was released last Tuesday at a conference in Washington, D.C. hosted by the National Press Club.

Since its release, the report has attracted the attention of national media. Mayer wrote in an email to The Daily that he was not expecting the amount of press coverage the study has received.

“We announced our results at the National Press Club, so we certainly expected some coverage.” Mayer said. “But what we were presenting was already conventional wisdom among computer security researchers.”

“If anything, I find the coverage greatly concerning,” he continued. “It reaffirms that there is a sizable disconnect between business practices and consumer understanding.”

In the study, Mayer used a methodology that was similar to one developed in a recent paper co-authored by professors at the Worcester Polytechnic Institute, which also showed that online information leakage was a common occurrence. According to Mayer, the new study decided to focus on the identification of the information leakage and included a greater number of websites.

He looked at the top 250 most-visited websites and signed up as a member of 185 of those sites. Of those 185 sites, 113 leaked a username or user ID.

In order to reduce false positives, the study used fictional personas with unique biographical characteristics. Mayer added that the only websites that the report analyzed were ones that offered sign-ups, did not require purchase or qualifications to join and did not have an “impractical amount of features.” The study did not observe how companies used leaked information or when explicitly the leakage was observed.

The results of the study showed that the top five recipients of leaked information were comScore, Google Analytics, Quantcast, Google Advertising and Facebook. It also discovered that the top three sites that leaked information were Rotten Tomatoes, CafeMom and LyricsMode. The websites iVillage, LiveJournal and National Geographic were tied for fourth in leaking the most user information.

– Sandy Huang

About The Daily News Staff