Advertising is the backbone of the internet. It funds the websites we visit every day and gives content creators income they can depend on.
On the flip side, internet advertising is seriously shaky when it comes to your privacy. Companies like Facebook covertly harvested data and compiled it for advertisers to use as they please. Tap or click here to see how Facebook continues to do this today.
But Facebook isn’t the only one sharing your personal data. Multiple companies across the web are sharing your email address with analytics companies and advertisers.
Whether you’re creating a new account or adjusting your email preferences, they keep finding creative ways to ignore your right to privacy.
The leaks keep on coming!
These scripts are present places nobody would think to inspect, such as new user signup pages and verification links from emails.
Edwards — founder of analytics company Victory Medium — tested his findings on multiple platforms and came up with the same conclusion each time: There is a vested interest in getting your email address to as many advertisers as possible.
In one example, Edwards attempted to create a new account through airline JetBlue. Once he created an account, his email address appeared in plain text format in the URL of the next page.
During the process, Edwards used Ghostery, a Chrome browser extension that detects advertisers harvesting information from the page. From JetBlue alone, the extension picked up 45 different advertisers taking advantage of the script and capturing his test email address.
Some websites, like The Washington Post, even harvested emails from people unsubscribing to their platform. Yikes. Once you’ve removed your email, other companies will pull the data and put you on a new list.
This is similar to tactics used by robocallers when you ask them to remove your number from their call lists. Tap or click to see three reasons why robocallers are so hard to stop.
Based on Edwards’ findings, companies harvesting email addresses include these major names:
Smaller, less-known entities like Mixpanel, Wistia, Pardot, CrazyEgg, Stripe, New Relic and DrawBridge harvest this data too. All of these companies perform data analytics and targeted advertising as an explicit part of their business model.
Which websites are leaking the data? How can I stop it
Of the websites Edwards tested, specific names in his reports included:
- Mandrill, an email platform from Mailchimp
- The Washington Post
- Growing Child
All of these sites stored information in plain text for advertisers to harvest, which is a security risk in and of itself.
Since the findings were published, a few of these platforms claim to have discontinued the practice. Quibi, in particular, reached out to Edwards to say it no longer captures email addresses and is currently fixing the issue.
Not every platform will follow suit, however. That’s why it’s important to stop them from harvesting your data through your own power.
- Click the three-dot icon in the upper right corner of your browser and open Settings.
A simpler solution is creating a separate email address for the sole purpose of website signups. This will keep the spam and advertising shenanigans away from your main email account.
Ultimately, you have more control over your privacy than you think. All you need to do is stay one step ahead of the advertisers after your data. This isn’t the easiest task, but who said living a private digital life was easy?