80% of Websites Leak User Search Queries to Third Parties

Researchers at Norton Labs report that 8 out of 10 websites with a search function share all user search queries with third parties, most often companies involved in online advertising.

To study one million websites, the experts developed a special crawler capable of bypassing so-called “interstitials” and other obstacles that require human interaction during browsing. This scanner would visit websites, locate the search bar, use it to search for the word “JELLYBEANS,” and then collect all subsequent network traffic for analysis.

How the Study Was Conducted

The researchers’ goal was to carefully examine each HTTP request to determine whether “JELLYBEANS” appeared in any requests sent to third-party partners. They found that this happened in 81.3% of cases.

Network requests typically include the URL, the referer header, and the payload, which usually contains the browser “profile” and visit data. The analysis showed that most leaks occurred through the referer header (75.8%) and the URL (71%), while the payload contained the word “JELLYBEANS” in 21.2% of the cases studied.

Key Findings

• 81.3% of the one million websites analyzed transmitted search query information to advertisers using at least one of the three methods mentioned above.
• The actual percentage of leaked search queries is likely even higher, as many HTTP request payloads are obfuscated, making it difficult to detect the test search term even if it was present.
• Only 13% of websites mentioned “search terms” in their privacy policies, while 75% made only general statements about the possible “sharing of user information with third parties.”