Web users enter their email addresses into online forms for
a variety of reasons, including signing in or signing up for a
service or subscribing to a newsletter. While enabling such
functionality, email addresses typed into forms can also be
collected by third-party scripts even when users change their
minds and leave the site without submitting the form. Email
addresses—or identifiers derived from them—are known to
be used by data brokers and advertisers for cross-site, cross-
platform, and persistent identification of potentially unsuspect-
ing individuals. In order to find out whether access to online
forms is misused by online trackers, we present a measure-
ment of email and password collection that occurs before the
form submission on the top 100, 000 websites. We evaluate
the effect of user location, browser configuration, and inter-
action with consent dialogs by comparing results across two
vantage points (EU/US), two browser configurations (desk-
top/mobile), and three consent modes. Our crawler finds and
fills email and password fields, monitors the network traffic
for leaks, and intercepts script access to filled input fields.
Our analyses show that users’ email addresses are exfiltrated
to tracking, marketing and analytics domains before form
submission and without giving consent on 1, 844 websites
in the EU crawl and 2, 950 websites in the US crawl. While
the majority of email addresses are sent to known tracking
domains, we further identify 41 tracker domains that are not
listed by any of the popular blocklists. Furthermore, we find
incidental password collection on 52 websites by third-party
session replay scripts. Read More
Daily Archives: May 16, 2022
The Web3 Decentralization Debate Is Focused on the Wrong Question
Web3 advocates promise decentralization on an unprecedented scale. Excessive centralization can stymie coordination and erode freedom, democracy, and economic dynamism—decentralization is supposed to be the remedy. But the term on its own is too vague to be a coherent end goal. Getting the job done takes the right kind of decentralization, and we worry that Web3 is thus far heading down the wrong track.
In particular, we worry about the focus on degree, rather than type, of decentralization. Focusing on degree—whether we want more or less decentralization—can lead Web3 advocates to mischaracterize both the reality of existing centralization, as well as the possibility of pure decentralization. On the one hand, existing “centralized” systems are not nearly as centralized as Web3 advocates commonly describe. “Legacy” banks delegate many activities to local branches, and even central banks are often consortia. Architecturally, “centralized” clouds are rarely so centralized in practice; they are usually scattered around a range of geographies and train large machine-learning models in a distributed fashion. Read More
China has been quietly building a blockchain platform
In a speech in 2019, the Chinese leader said blockchain was an “important breakthrough in independent innovation of core technologies.”
Since then, China has quietly been building a platform that aims to facilitate the deployment of blockchain technology for enterprises. It is called Blockchain-based Service Network (BSN).
BSN, which has links to the Chinese government, is aiming to go global but could face challenges. Read More
Rick's Cafe AI 