"We find evidence that 38.52% websites installed third-party event listeners to intercept keystrokes, and that at least 3.18% websites transmitted intercepted information to a third-party server, which aligns with the criteria for wiretapping."
They say they autopopulate fields based on field type, but address fields are common to have an autocomplete feature enabled. That would require transmitting data before submitting the form. I didn't see anything about rating probabilities of the transmitted data being benign and useful or nefarious and malicious.
lapcat•19m ago
The article is talking primarily about third-party tracking scripts. These would not be providing autocomplete to first-party forms.
The article does talk about one example which is not considered wiretapping: a Google search field with autocomplete that's intentionally embedded in the web page.
kmoser•1h ago
I wonder if it would be possible to write a browser plugin to prevent keystroke monitoring. I realize this might break some sites that rely on intercepting keystrokes, but assuming that doesn't matter, is it even possible? I found a product called KeyScrambler but that seems to work at the OS level.
lapcat•22m ago
Yes, it's definitely possible.
Dotnaught•42m ago
Is there a way, perhaps via extension or user script, to override third-party keystroke event listeners?
dylan604•2h ago
They say they autopopulate fields based on field type, but address fields are common to have an autocomplete feature enabled. That would require transmitting data before submitting the form. I didn't see anything about rating probabilities of the transmitted data being benign and useful or nefarious and malicious.
lapcat•19m ago
The article does talk about one example which is not considered wiretapping: a Google search field with autocomplete that's intentionally embedded in the web page.