Skip to Content
How websites secretly capture your data.
© Tero Vesalainen | Dreamstime.com
Security & privacy

Online forms are grabbing your data – even if you don’t hit enter

An effective way to get someone’s opinion on a product or service is to create an online form or survey. Other times, online forms are the preferred way to sign up for newsletters, register an account or buy tickets. Tap or click here for a list of apps that collect the most private data from you.

Websites use it more often than people realize, and it is at the backbone of how visitors input data. But it’s not always as secure as you would assume. The general belief is that the data is only recorded when you hit the “Submit” button.

But an investigation is proving that way of thinking to be false. Read on to see how websites know what you are typing even if you don’t hit submit.

Here’s the backstory

Security researchers from KU Leuven, Radboud University, and the University of Lausanne found that almost 3,000 websites in the U.S. capture user data before pressing the submit button. That means websites collect data like your email address and can use it for targeted ads and other purposes without your consent.

Even when you change your mind about submitting personal information, it’s probably already captured by the websites. The practice is similar to how controversial software like keyloggers work. Keyloggers capture every keystroke on your keyboard and send the data to criminals.

According to the research findings, the biggest offenders in the U.S. are well-known websites that span news services and online courses. The top 10 sites whose online forms leak email data before submission are:

  • Issuu
  • Business Insider
  • USA Today
  • Time.com
  • Udemy (appears twice)
  • Healthline
  • Fox News
  • Trello
  • The Verge
  • WebMD

The team also found that Facebook’s parent company Meta and TikTok use Automatic Advanced Matching that collects “hashed personal identifiers from the web forms.” Contrary to their claims, both services capture data “when the user clicks links or buttons that in no way resemble a submit button.”

What you can do about it

Before completing an online form, consider if you need to do so. It might be best to create a burner email address that you can use for different websites. A burner email will prevent spam or phishing attacks on your primary email account. Tap or click here to create a burner email.

The report suggests that as many as 8,438 U.S. websites shared data with Meta, and 7,300 websites did so in the European Union. Other well-known sites and services have also been implicated in the reckless data sharing and form capturing, including:

  • Shopify
  • Bloomberg
  • Marriot
  • Prezi
  • Trello

If you wonder how many people abandon a web form before submitting it, it’s more than you think. A survey from The Manifest found that 81% of the 502 respondents have done so.

Keep reading

Check your phone – These prayer and mental health apps fail to protect your data

Report says Alexa voice data used to send you targeted ads – How to stop it now

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook