How would you like it if somebody was standing over your shoulder jotting down your user ID (and who knows what else) as you were logging into sites, and then sharing the information with–well, it could be anybody?

Thought so. Yet it’s happening today via AdTech surveillance firms OnAudience and Adthink (via their AudienceInsights “product”). These two companies inject malware via a script into sites that you visit, and harvest information that your browser password manager fills in. Here’s the original research as well as two recent articles in The Hacker News and The Verge.

Here’s the image of how it works, from Princeton University’s Center for Information Technology Policy:

From: No boundaries for user identities: Web trackers exploit browser login managers, Gunes Acar, December 27, 2017

Neither OnAudience nor Adthink cares about you, your expressed preferences, nor your privacy. Check out OnAudience’s Unblock product, which helps publishers get around the the ad blocking software you’ve installed on your PC. In my view, more malware.

This is the adtech and martech industry. A few good ideas in a sea of malware and get-rich-quick schemes, targeted at befuddled marketers and agencies.

Where is the C-suite and boards? Do the executives of the companies that have this stuff installed on their sites know about it? Do they know where their customer data is being siphoned to? I can’t imagine any executive of a publicly-traded company being OK with some startup looking over the shoulder of their customers and grabbing login information and sending it who-knows-where.

Takeaway: Do you know exactly what all the trackers on your site are doing? If called before the CEO, Board, and general counsel, could you explain it? If not, take down the spyware and malware. Get back to marketing. And win.