Your Favorite Websites Could Be Leaking Your Searches to the Highest Bidder

And many do this behind your back

  • An analysis of the top million websites has revealed that over 80% leak search terms to advertisers and third parties.
  • Researchers say these search terms can often contain sensitive details about us and our circumstances.
  • Privacy advocates aren’t surprised, arguing websites have been collecting and sharing all kinds of data about us since virtually forever.
Job Search Hiring Website, man searching for job online

Teera Konakan / Getty Images

You might think your searches on a website wouldn't be of use to anyone besides yourself, but they're a gold mine for online advertisers.

To quantify the extent of this blatant disregard for your privacy, researchers from Norton Labs analyzed the search feature of the top one million websites. Astonishingly, they discovered that a majority had leaked search terms to third parties, often advertisers. 

"Of the top websites which have internal site search, we observed 81.3% of these websites leaking search terms in some form to third parties," wrote the researchers. "Often, websites would leak search terms via more than one [way]. This shows that most websites, more than eight in ten, leak your search terms."

Revealing Search

Presented at the Privacy Enhancing Technologies Symposium, Norton argued that their research findings are concerning due to the surprisingly revealing nature of many of our search queries. Even seemingly innocuous shopping queries, they explain, can reveal sensitive information about us, such as when shopping for specific medications or testing kits.

The report, however, doesn't surprise Esther Payne, privacy advocate, and community manager at the Librecast Project.

"Data leakage isn't new; the risk has been there from the beginning as the companies started to collect and broker data," said Payne in an email exchange with Lifewire. "The more individual information they have on you, the more they can offer the potential of your eyeballs on a website you visited.

"We are building our own virtual Panopticon," suggested Payne. "The Panoptic cell is our profile of all various bits of metadata pooled together into shadow profiles. The more data points [are] added the more accurate targeted advertising gets."

Cyber Crime, Password Phishing Concept. Hacker Attack, Hackers Bulgar Steal Personal Data. Internet Security

lemono / Getty Images

Since websites had no qualms about sharing data about their users, the researchers wondered if the websites disclosed this sharing in their privacy policies, mandated by regulations such as the General Data Protection Regulation (GDPR) law in Europe and the California Consumer Privacy Act (CCPA) in California. 

Unsurprisingly, even though most of us don't read the privacy policies, only 13% mentioned handling user search terms explicitly, while 75% referred to sharing "user information" with third parties using generic wording.

Payne believes that with our ever-increasing online interactions, people need to ask questions about what data about them is being collected, how this data is processed, who is it shared with, and when, if ever, will it be destroyed?

Damage Control

Since the websites leak the search data, when asked if it's pointless for people to take steps to limit the damage, Payne suggested that much like any protective endeavor, it takes constant vigilance.

Education, she suggests, is an important part of protecting people's privacy. For starters, before you use any service, it's best to search for information on them. Also, don't blindly accept those privacy policy pop-ups, which she suggests can sometimes contain "eye-opening" information.

"The online landscape is constantly evolving," said Payne. "The less information that an individual puts up on the services, the better." She suggests that while adding a privacy extension or two to your existing web browser is a good idea, switching to the anonymous Tor browser is an even better option.

"Consider giving up Google and Facebook services," advised Payne. "There are alternative email providers if you don't know how to host your own email. There are also alternatives to Instagram, YouTube, and Twitter."

Payne says leaking search terms can be traced back to the business models of Google and Facebook, pointing to a 2010 research by Indiana University, which showed how leading search engines and websites were leaking people's sensitive data, including search queries.

"Private information is reduced to data points to sell," explained Payne. "This enables the ecosystem to continue with little thought to the damage that information leakage can cause to individuals. This is the legacy of Web 2.0."

Was this page helpful?