Three weeks in, Quibi has its first privacy scandal

Marc DeAngelis
Contributor
Googly eyes: One pair strabismus and squint mad googly eyes and one pair normal funny eyes next to each other on a orange background.

There are certain online activities -- like clicking on an ad -- that obviously lead to companies tracking your behavior. But it might be surprising to hear that entering your email address while signing up for a new service -- or even just clicking on an email -- can lead to companies like Google, Facebook and Twitter keeping tabs on your browsing and shopping habits, too. According to a study by Zach Edwards, signup workflows on Quibi, JetBlue and other companies -- as well as emails from Wish.com -- lead to countless email addresses being leaked to advertisers. This data helps those advertisers create personal profiles and target users for specific ads relevant to their browsing patterns. Edwards states that much of the issue stems from the weak encoding of personal data, as well as the fact that many companies are not requesting advertisers to scrub the data obtained by these means.

According to Edwards, users of certain web browsers like Safari and Firefox are at less risk than, say, Chrome users, as these apps block Javascript activity by default. Chrome users who have an ad blocker installed and choose to turn off Javascript activity should also be safe, too. However, the responsibility isn’t just on the user -- it’s on the corporations who collect data, as well. “All organizations need to be aware of this significant user data vulnerability, but more importantly, there needs to be significant efforts by organizations sharing user emails in this way, to submit partner deletion requests to the 3rd party advertising and analytics companies who received the user emails,” says Edwards.

The study points out that Quibi is one of the most egregious offenders, even though the company only launched its video streaming service three weeks ago. According to Edwards, the company leaked “all user-confirmed [email addresses] to advertisers and analytics companies.” After signing up for Quibi, users got a confirmation email. By clicking on that email, their unencrypted email address was handed over to Google, Facebook, Snapchat, Google and more.

There are only so many steps users can take to protect their data. This study should serve as a reminder of how closely users are being monitored on the internet -- and how deeply reliant on advertising revenue most web services are.