BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Romney and Obama Campaigns Leaking Web Site Visitor Data

From: security curmudgeon <jericho () attrition org>
Date: Sun, 4 Nov 2012 22:52:24 -0600 (CST)

http://bits.blogs.nytimes.com/2012/11/01/romney-and-obama-campaigns-leaking-web-site-visitor-data/

November 1, 2012, 12:00 pm
Romney and Obama Campaigns Leaking Web Site Visitor Data
By NATASHA SINGER

  The presidential campaign sites BarackObama.com and MittRomney.com have 
recently ratcheted up their use of third-party Web trackers. These are 
companies, like ad networks and data brokers working on behalf of the 
campaigns, that collect information about users. online activities to show 
political ads to people tailored to their own interests and beliefs.

Spokesmen for each campaign have separately said that their own campaign 
had put safeguards in place to protect that user data, as Charles Duhigg 
and I reported in an article published in The New York Times on Oct. 28.

But now a new study by Jonathan Mayer, a graduate student in computer 
science and law at Stanford University, reports that both sites are 
leaking information about site visitors to a number of third-party 
trackers operating on their pages.

Several pages on the Obama site included a user.s personal information in 
the page title at the top of the page or in the URL address, Mr. Mayer 
said, thereby giving third parties operating on the site the opportunity 
to collect identifying data. The information flowing to third parties, he 
said, variously included the username; the proper name under which a 
person registered; and their street address and ZIP code.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: