BreachExchange mailing list archives
Romney and Obama Campaigns Leaking Web Site Visitor Data
From: security curmudgeon <jericho () attrition org>
Date: Sun, 4 Nov 2012 22:52:24 -0600 (CST)
http://bits.blogs.nytimes.com/2012/11/01/romney-and-obama-campaigns-leaking-web-site-visitor-data/ November 1, 2012, 12:00 pm Romney and Obama Campaigns Leaking Web Site Visitor Data By NATASHA SINGER The presidential campaign sites BarackObama.com and MittRomney.com have recently ratcheted up their use of third-party Web trackers. These are companies, like ad networks and data brokers working on behalf of the campaigns, that collect information about users. online activities to show political ads to people tailored to their own interests and beliefs. Spokesmen for each campaign have separately said that their own campaign had put safeguards in place to protect that user data, as Charles Duhigg and I reported in an article published in The New York Times on Oct. 28. But now a new study by Jonathan Mayer, a graduate student in computer science and law at Stanford University, reports that both sites are leaking information about site visitors to a number of third-party trackers operating on their pages. Several pages on the Obama site included a user.s personal information in the page title at the top of the page or in the URL address, Mr. Mayer said, thereby giving third parties operating on the site the opportunity to collect identifying data. The information flowing to third parties, he said, variously included the username; the proper name under which a person registered; and their street address and ZIP code. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Romney and Obama Campaigns Leaking Web Site Visitor Data security curmudgeon (Nov 05)