Ad targeters exploit browsers’ password managers to track users online

Ad targeters are exploiting browsers’ built-in login managers to covertly collect hashes of users’ email addresses, to be used to track them across the web.

“Email addresses are unique and persistent, and thus the hash of an email address is an excellent tracking identifier,” Princeton University’s Center for Information Technology researchers explain.

“A user’s email address will almost never change — clearing cookies, using private browsing mode, or switching devices won’t prevent tracking. The hash of an email address can be used to connect the pieces of an online profile scattered across different browsers, devices, and mobile apps. It can also serve as a link between browsing history profiles before and after cookie clears.”

Read more about how ad targeters exploit browsers’ login managers to track users online on Help Net Security.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here