Advertisers can use your browser’s password manager to steal your data

News
By last updated

What price convenience?

PC security image

Your browser’s built-in password manager could be exploited to share your email address with advertisers without your permission.

All the major browsers include a free password manager that stores login data for future use. According to researchers from Princeton University, the trouble begins when you entered an email address in an online form and ask the browser to save it for future use, then visit another page containing a third-party tracking script. The script loads an invisible login form that your browser fills in automatically, then reads this data and sends it to the tracking company.

This time, it's personal

The email address itself isn’t necessarily what advertisers want – it’s the extra information connected to it. You use the same email address on multiple websites and devices, which means ad trackers can use it to join up pieces of information from across all your devices. This can build an alarmingly detailed profile including not only details like your location and birth date, but also sensitive information like your height, weight, health conditions and income.

Some companies don’t treat email addresses as personally identifying data if they’re hashed (turned into a random-looking series of numbers using a mathematical function) before being transmitted, but the Princeton researchers say that isn’t enough. The domain is often left unhashed, and the hash for the rest of the address can be broken in seconds using a multi-core virtual machine that can be rented for pennies.

Disable your browser's password manager

The researchers have called on Microsoft, Google and Mozilla to implement a solution quickly, but if you're worried, you can switch off your browser's password manager in the meantime.

Password manager in Google Chrome

Deactivating the password manager is straightforward in most browsers

To disable the password manager in Chrome, go to chrome://settings, scroll down the page and click Advanced. Scroll down to 'Passwords and forms', 'Autofill settings' and toggle the top switch to 'Off'.

In Firefox, enter about:preferences in the address bar, click 'Privacy & security' and uncheck 'Remember logins and passwords for websites'. You can also clear any saved form data here.

If you're using Microsoft Edge, click the menu button at the top right, select 'Settings' and scroll down to 'View advanced settings'. Toggle the 'Offer to save passwords' switch to 'Off' and click 'Manage my saved passwords' to remove any that are already stored.

Via the Independent

See more Computing News
Cat Ellis
Cat Ellis
Homes Editor

Cat is TechRadar's Homes Editor specializing in kitchen appliances and smart home technology. She's been a tech journalist for 15 years and is an SCA-certified barista, so whether you want to invest in some smart lights or pick up a new espresso machine, she's the right person to help.

Latest in Computing Security
Dark Web monitoring
How users benefit from Dark Web monitoring
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ensure data security for your business
The complete data protection system for your business
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about computing security
Dark Web monitoring

How users benefit from Dark Web monitoring
A person holding a phone looking at a scam text with warning signs around

A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
Nimo N172 laptop

This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event