Your browser's password manager is helping ad companies track you on the web
The Same Origin Policy has one fatal flaw, and of course, ad companies have found a way to exploit it.
There are a few things you'll hear in every conversation about internet security; one of the first ones would be to use a password manager. I've said it, most of my coworkers have said it, and chances are you've said it while helping someone else sort out ways to keep their data safe and sound. It's still good advice, but a recent study from Princeton University's Center for Information Technology Policy has found that the password manager in your web browser you might use to keep your information private is also helping ad companies track you across the web.
It's a frightening scenario from all sides, mostly because it's not going to be easy to fix. What's happening isn't the stealing of any credentials — an ad company doesn't want your username and password — but the behavior a password manager uses is being exploited in a very simple way. An ad company places a script on a page (two called out by name are AdThink and OnAudience) that acts as a login form. It's not a real login form, as in it's not going to connect you to any service, it's "just" a login script.
How it works
from Windows Central - News, Forums, Reviews, Help for Windows Phone http://ift.tt/2Cs0OKd
via IFTTT
No comments: