Skip to Content
© Wirestock |
Security & privacy

Companies caught sharing your emails with Google, Pinterest, Facebook – see the list

Advertising is the backbone of the internet. It funds the websites we visit every day and gives content creators income they can depend on.

On the flip side, internet advertising is seriously shaky when it comes to your privacy. Companies like Facebook covertly harvested data and compiled it for advertisers to use as they please. Tap or click here to see how Facebook continues to do this today.

But Facebook isn’t the only one sharing your personal data. Multiple companies across the web are sharing your email address with analytics companies and advertisers.

Whether you’re creating a new account or adjusting your email preferences, they keep finding creative ways to ignore your right to privacy.

The leaks keep on coming!

According to reports from data researcher Zach Edwards, popular websites across the internet are using a sneaky bit of Javascript code to share your personal email address.

These scripts are present places nobody would think to inspect, such as new user signup pages and verification links from emails.

Edwards — founder of analytics company Victory Medium — tested his findings on multiple platforms and came up with the same conclusion each time: There is a vested interest in getting your email address to as many advertisers as possible.

In one example, Edwards attempted to create a new account through airline JetBlue. Once he created an account, his email address appeared in plain text format in the URL of the next page.

During the process, Edwards used Ghostery, a Chrome browser extension that detects advertisers harvesting information from the page. From JetBlue alone, the extension picked up 45 different advertisers taking advantage of the script and capturing his test email address.

Some websites, like The Washington Post, even harvested emails from people unsubscribing to their platform. Yikes. Once you’ve removed your email, other companies will pull the data and put you on a new list.

This is similar to tactics used by robocallers when you ask them to remove your number from their call lists. Tap or click to see three reasons why robocallers are so hard to stop.

Based on Edwards’ findings, companies harvesting email addresses include these major names:

  • Google
  • PayPal
  • Pinterest
  • Twitter
  • Facebook

Smaller, less-known entities like Mixpanel, Wistia, Pardot, CrazyEgg, Stripe, New Relic and DrawBridge harvest this data too. All of these companies perform data analytics and targeted advertising as an explicit part of their business model.

Which websites are leaking the data? How can I stop it

Of the websites Edwards tested, specific names in his reports included:

  • Mandrill, an email platform from Mailchimp
  • The Washington Post
  • Quibi
  • Kong,
  • Wish
  • Growing Child
  • JetBlue
  • NGPVan
  • EveryAction
  • MailChimp

All of these sites stored information in plain text for advertisers to harvest, which is a security risk in and of itself.

Since the findings were published, a few of these platforms claim to have discontinued the practice. Quibi, in particular, reached out to Edwards to say it no longer captures email addresses and is currently fixing the issue.

Tap or click here to find out more about Quibi, a new streaming service for short videos.

Not every platform will follow suit, however. That’s why it’s important to stop them from harvesting your data through your own power.

According to Edwards, running an ad-blocker will do the trick most of the time, since these will typically disable JavaScript, which is how the emails are captured in the first place.

Unfortunately, not all websites will let you see their content if an adblocker is enabled. In this case, you’ll want to turn JavaScript off. Here’s how you can disable JavaScript on Google Chrome manually:

  • Click the three-dot icon in the upper right corner of your browser and open Settings.
  • Type “Javascript” in the search bar at the top of the menu.
  • Click Site Settings, followed by JavaScript on the next page.
  • Click the toggle switch to turn JavaScript off.

Keep in mind, turning JavaScript off completely may cause sites to not load properly or function as you’d expect. Use this with caution.

A simpler solution is creating a separate email address for the sole purpose of website signups. This will keep the spam and advertising shenanigans away from your main email account.

Ultimately, you have more control over your privacy than you think. All you need to do is stay one step ahead of the advertisers after your data. This isn’t the easiest task, but who said living a private digital life was easy? App background

Check out the free App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the App, available in the Apple Store and Google Play Store.

Download Now