Related papers: Every Keystroke You Make: A Tech-Law Measurement and Analysis of Event Listeners for Wiretapping

Every Keystroke You Make: A Tech-Law Measurement and Analysis of Event Listeners for Wiretapping

URL: http://arxiv.org/abs/2508.19825v1
Date: Wed, 27 Aug 2025 12:20:52 GMT
Title: Every Keystroke You Make: A Tech-Law Measurement and Analysis of Event Listeners for Wiretapping
Authors: Shaoor Munir, Nurullah Demir, Qian Li, Konrad Kollnig, Zubair Shafiq,
Abstract summary: Despite the growing body of research documenting widespread lack of compliance with new privacy laws, there is a lack of robust enforcement.<n>We focus on a particularly invasive tracking technique: the use of JavaScript event listeners by third-party trackers for real-time keystroke interception on websites.<n>We find evidence that 38.52% websites installed third-party event listeners to intercept keystrokes, and that at least 3.18% websites transmitted intercepted information to a third-party server.
Score: 15.823783000812158
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The privacy community has a long track record of investigating emerging types of web tracking techniques. Recent work has focused on compliance of web trackers with new privacy laws such as Europe's GDPR and California's CCPA. Despite the growing body of research documenting widespread lack of compliance with new privacy laws, there is a lack of robust enforcement. Different from prior work, we conduct a tech-law analysis to map decades-old U.S. laws about interception of electronic communications--so-called wiretapping--to web tracking. Bridging the tech-law gap for older wiretapping laws is important and timely because, in cases where legal harm to privacy is proven, they can provide statutory private right of action, are at the forefront of recent privacy enforcement, and could ultimately lead to a meaningful change in the web tracking landscape. In this paper, we focus on a particularly invasive tracking technique: the use of JavaScript event listeners by third-party trackers for real-time keystroke interception on websites. We use an instrumented web browser to crawl a sample of the top-million websites to investigate the use of event listeners that aligns with the criteria for wiretapping, according to U.S. wiretapping law at the federal level and in California. We find evidence that 38.52% websites installed third-party event listeners to intercept keystrokes, and that at least 3.18% websites transmitted intercepted information to a third-party server, which aligns with the criteria for wiretapping. We further find evidence that the intercepted information such as email addresses typed into form fields are used for unsolicited email marketing. Beyond our work that maps the intersection between technical measurement and U.S. wiretapping law, additional future legal research is required to determine when the wiretapping observed in our paper passes the threshold for illegality.

Related papers

RegTrack: Uncovering Global Disparities in Third-party Advertising and Tracking [2.625007842420751]
Third party advertising and tracking (A&T) are pervasive across the web, yet user exposure varies significantly with browser choice, browsing location, and hosting jurisdiction.<n>Our analysis reveals that browser choice, user location, and hosting jurisdiction each shape tracking exposure in distinct ways.
arXiv Detail & Related papers (2026-03-03T07:21:15Z)
SoK: Advances and Open Problems in Web Tracking [71.54586748169943]
Web tracking is a pervasive and opaque practice that enables personalized advertising, and conversion tracking.<n>Web tracking is undergoing a once-in-a-generation transformation driven by shifts in the advertising industry, the adoption of anti-tracking countermeasures by browsers, and the growing enforcement of emerging privacy regulations.<n>This Systematization of Knowledge (SoK) aims to consolidate and synthesize this wide-ranging research, offering a comprehensive overview of the technical mechanisms, countermeasures, and regulations that shape the modern and rapidly evolving web tracking landscape.
arXiv Detail & Related papers (2025-06-16T23:30:54Z)
Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
arXiv Detail & Related papers (2024-11-18T20:32:31Z)
The First Early Evidence of the Use of Browser Fingerprinting for Online Tracking [10.98528003128308]
It is imperative to address the mounting concerns regarding the utilization of browser fingerprinting in the realm of online advertising.<n>This paper introduces FPTrace, a framework to assess fingerprinting-based user tracking by analyzing ad changes from browser fingerprinting adjustments.
arXiv Detail & Related papers (2024-09-24T01:39:16Z)
DiffAudit: Auditing Privacy Practices of Online Services for Children and Adolescents [5.609870736739224]
Children's and adolescents' online data privacy are regulated by laws such as the Children's Online Privacy Protection Act (COPPA) Online services directed towards children, adolescents, and adults must comply with these laws. We present DiffAudit, a platform-agnostic privacy auditing methodology for general audience services.
arXiv Detail & Related papers (2024-06-10T17:14:53Z)
Characterizing Browser Fingerprinting and its Mitigations [0.0]
This work explores one of these tracking techniques: browser fingerprinting. We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
arXiv Detail & Related papers (2023-10-12T20:31:24Z)
Priorities for more effective tech regulation [3.8073142980733]
Report proposes a range of priorities for regulators, academia and the interested public in order to move beyond the status quo. Current legal practice will not be enough to meaningfully tame egregious data practices.
arXiv Detail & Related papers (2023-02-27T16:53:05Z)
Having your Privacy Cake and Eating it Too: Platform-supported Auditing of Social Media Algorithms for Public Interest [70.02478301291264]
Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse. Prior studies have used black-box methods to show that these algorithms can lead to biased or discriminatory outcomes. We propose a new method for platform-supported auditing that can meet the goals of the proposed legislation.
arXiv Detail & Related papers (2022-07-18T17:32:35Z)
Pile of Law: Learning Responsible Data Filtering from the Law and a 256GB Open-Source Legal Dataset [46.156169284961045]
We offer an approach to filtering grounded in law, which has directly addressed the tradeoffs in filtering material. First, we gather and make available the Pile of Law, a 256GB dataset of open-source English-language legal and administrative data. Second, we distill the legal norms that governments have developed to constrain the inclusion of toxic or private content into actionable lessons. Third, we show how the Pile of Law offers researchers the opportunity to learn such filtering rules directly from the data.
arXiv Detail & Related papers (2022-07-01T06:25:15Z)
\ extit{StateCensusLaws.org}: A Web Application for Consuming and Annotating Legal Discourse Learning [89.77347919191774]
We create a web application to highlight the output of NLP models trained to parse and label discourse segments in law text. We focus on state-level law that uses U.S. Census population numbers to allocate resources and organize government.
arXiv Detail & Related papers (2021-04-20T22:00:54Z)
Differential Tracking Across Topical Webpages of Indian News Media [3.721918008485747]
We propose a novel method for automatic extraction and categorization of Indian news topical subpages based on the details in their URLs. We find differential user tracking among subpages, and between subpages and homepages. embedded third-parties tend to track specific subpages simultaneously, revealing possible user profiling in action.
arXiv Detail & Related papers (2021-03-07T20:20:47Z)
A vision for global privacy bridges: Technical and legal measures for international data markets [77.34726150561087]
Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil" An open conflict is arising between business demands for data and a desire for privacy. We propose and test a vision of a personal information market with privacy.
arXiv Detail & Related papers (2020-05-13T13:55:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.