iCIS/DiS researchers won 2022 CNIL-Inria Award for Privacy Protection

A recent paper by iCIS/DiS researchers Gunes Acar (PI), Frederik Zuiderveen Borgesius and their coauthors from KU Leuven and University of Lausanne won the prestigious CNIL-Inria Award for Privacy Protection.

The paper titled 'Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission' was presented at the USENIX Security Symposium last year. Through large-scale crawls of millions of web pages, the study showed how email addresses and passwords entered into web forms are collected by online trackers on thousands of websites even before users submit a form. Thanks to the extensive disclosures made by the authors, many websites and third-party services have since been updated to prevent password and email leakages.

The CNIL-Inria Award for Privacy Protection is a joint initiative of the French data protection authority CNIL and Inria, the French national research institute for digital science and technology. The award aims to "promote research and to raise awareness among citizens and decision-makers on privacy and data protection issues". The award ceremony took place in Brussels during the Computers, Privacy and Data Protection conference (CPDP).

More on the paper: https://homes.esat.kuleuven.be/~asenol/leaky-forms/

Press coverage of the original study (from last year):

https://www.wired.com/story/leaky-forms-keyloggers-meta-tiktok-pixel-study/

https://fortune.com/2022/05/12/meta-tiktok-usa-today-fox-news-websites-swiping-data-before-you-click-submit-study/

https://nos.nl/artikel/2428358-adverteerders-kijken-mee-als-je-online-je-e-mailadres-invult

https://www.lemonde.fr/pixels/article/2022/05/12/des-milliers-de-sites-internet-enregistrent-les-donnees-des-formulaires-avant-meme-que-le-bouton-envoyer-ait-ete-utilise_6125863_4408996.htm