A browser’s password manager – technically known as a login manager – is that feature that asks to remember your specific login data (username or email address, password) so that you won’t have to provide the same data over again the next time you visit the same website. Web trackers may not be able to sniff out your password, but companies have been using them to get your email address and track your browsing behavior.
A web tracker is a third-party script that exploits login managers. When you login to a website, your browser’s login manager will prompt to save your credentials – and that’s well and good. But on another page in the same website, a third-party script injects an invisible login form – which the login manager will of course fill out. Your email address will then be sniffed out and the data sent to a third-party server somewhere.
Your email address will be marked with the website you logged on to, and that will be used as a browsing behavior marker. These companies then sell this data to email marketing entities who will target your email address because of your browsing behavior.
Login managers are a big help for users – it allows them to use complicated and secure passwords that users don’t need to have that burden of remembering and typing in each time they log on to a website. But with web trackers make using them a concern, and browser developers need to take action. Hello, Mozilla and Google.
SOURCE: Freedom to Tinker
