A UK web analytics firm has revealed that users of Internet Explorer could be having their web use tracked, allowing firms to capitalise with targeted marketing.
The flaw has been discovered by London firm spider.io. It says that three of the biggest analytic companies in the world are already exploiting it too. In explaining the size of the problem, Doug de Jager said:
“The vulnerability is being exploited rather mischievously by these companies to measure the viewability of display ads – arguably the hot topic in display advertising at the moment.”
The spider.io chief executive continued:
“Almost every US-based user of Internet Explorer will have their mouse cursor tracked via this exploit almost every day they browse the web.”
How big the issue is in the UK is not known, but the flaw is present in multiple versions of IE. Microsoft itself has confirmed its presence in every version from v6 (2001) to v10, launched in 2012.
Whilst they are aware of the issue, and investigating it, the US tech giant is not planning a security fix immediately. It has said it will do everything necessary to protect customers though.
Display advertising, which can work with SEO in many strategy models is popular at present, and the flaw can be triggered by ads on any site. Even if the page where the ad is place is not active, the active page cursor movements can still be tracked.
Users of virtual keyboards and keypads are also vulnerable, whilst de Jager says additional risks could come from personal information thieves, seeking credit card numbers and other details.