Researchers watch publishers watching you, ignore privacy settings, run over mere HTTP
By Richard Chirgwin 20 Nov 2017
Researchers working on browser fingerprinting found themselves distracted by a much more serious privacy breach: analytical scripts siphoning off masses of user interactions.
Steven Englehardt (a PhD student at Princeton), Arvind Narayanan (a Princeton assistant professor) and Gunes Acar (KU Lueven), published their study at Freedom to Tinker last week. Their key finding is that session replay scripts are indiscriminate in what they scoop, user permission is absent, and there's evidence that the data isn't always handled securely.
Full Article.