Menu
EN

Trying hard not to steal your password, they still steal

The analytic software is a greedy monster that devours all the data it can get, no matter how sensitive and private. And no matter if the company owning the software even has a clear plan of making money out of these data. Sometimes they just get trouble instead of profits.

For example, this February, mobile web analytics provider Mixpanel caught itself (and it’s SDK users) collecting user passwords that people typed into forms on sites. Mixpanel soon announced the bug fixed. But, as researchers say, it keeps saving passwords from input fields on some sites even after the patch was released.

It is just not that easy to stop collecting passwords. Developers build their sites and apps in different and not always best ways. They don’t mark password fields in their code in a unique manner. The same feature can be implemented in various manners. Scripts from several different third-party services can interact in an unexpected way. A browser extension can alter page structure making some elements recognizable. There are bugs in app and website code that lead to data vulnerability.

Finally, a function implemented by developers for user comfort and convenience can put them at risk. A "Show Password" option lets users see the password they put in and check it for mistakes. In order to implement this, the user’s password must be placed in a field that doesn’t have its "type" property set to "password", since browsers will automatically mask any text entered into those fields, CITP experts say in their research. Passwords in such fields are not recognized as password and not protected from harvesting.

Even if developers don’t implement a "show password", users can install a browser extension that makes passwords visible. Of course, these extensions have the same effect of unmasking passwords for 3rd party scripts.

But the main problem is that analytic systems prefer to gather all the information about user behavior that there is, and filter it afterward, removing the sensitive data. All that is left to users is to trust developers that they would successfully recognize and honestly remove it. Instead of selling to someone or just letting it leak out.

A password is just an example of sensitive data collected by web or mobile analytic software. Another example could be bank card number. Or drugs you take and medical conditions you have. An option called "replay sessions" records and lets replay all the process of user interaction with a site. Including keystrokes and mouse movements.

Analytic scripts just save everything you type and share it generously with dozens of third parties, most of whom just want to sell something to you.

So, what can you do to protect yourself?

  • Avoid features like "show password" and others that make visible the sensitive data that your browser hides.
  • Do not install browser extensions that make passwords and other hidden input data visible
  • Generally, browser extensions are one of the main source or privacy and security threats nowadays. They gather and sell all sorts of data. They contain hidden mining scripts and can distribute malware. They are bought and sold, stolen and hijacked, so a decent extension can suddenly become malicious. It’s better to install only the extensions by big well-known developers and remove the ones you stop using.
  • Fill forms attentively. Avoid mistakenly putting sensitive data into fields not meant for it. Credit cars numbers belong only to payment forms, passwords for password fields (and not for sending them by email, for example).
  • Use ad blocking and anti-tracking apps
  • Use unique passwords, different for every service, so that a leaked password would not be used to steal all your accounts on the Web.
Liked this post?
18,421 18421 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
18,421 18421 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
18,421 18421 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
18,421 18421 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
18,421 18421 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
18,421 18421 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
18,421 18421 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
18,421 18421 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device