Majority of the web browsers out there come with a built-in password manager. It is a basic tool which is used to save the login data to a database and it fills out the forms automatically using that information.
Users that look for more functionality tend to use third-party password managers. Princeton Center for Information Technology Policy published a research in which they suggested that many new web trackers actually exploit password managers in order to track users.
A weakness in password managers is exploited by the tracking scripts as mentioned below.
Two different scripts were designed by the researchers to analyze and exploit password managers to get information about the users. On Audience - and - Ad Think - were the two scripts which injected the login information and retrieved the username data. Hashes are computed by the script and sent to third-party servers, where they would be used to track users. In online advertising, user tracking is vital. The username is focused by the researchers; 50,000 websites had been analyzed by the researchers and no traces of password dumping had been found on any of them.
The script consists of very detailed categories for physical traits, financial, personal and more. The functionality of the script is described as follows.
It is most commonly present for Polish websites.
Content blockers can be installed by users to block requests to the domains as mentioned above. Easy Privacy addon can be used to do this. However, one can simply add the URLs manually to the blacklist. The login data auto-filing can also be disabled and be used as another defense.
In the world of advertising publishing, there are many lengths which companies would go to in order to track users and get invaluable data. Invasive tracking scripts is a method that users should consider installing content and ad blockers for their web browsers. Whenever one uses a new or different web browser, it is important to learn more about it as well as the websites that they visit to ensure they are protected from password managers being exploited.