Why you should disable autofill

Everyone hates filling in large forms, and autofill clearly makes life easier by populating common fields. However, autofill gives rise to a serious privacy vulnerability; a website can easily obtain far more personal details than a user would wish to share.

It appears the user only autocompletes her email address, but in reality much more information is shared.

The dummy example in the video shows a user leaving his or her email address to obtain some free content, as frequently seen on blogs. However, when the form is submitted, a whole bunch of additional personal data is submitted as well, including name, street address, town and phone number.

How does this work? Well, when inspecting the HTML we see nothing special. Just an email input which has autocomplete enabled:

But as soon as the users focusses on this email field, new hidden inputs are injected into the form:

So when one tries to autocomplete the single email field, actually all invisible fields are populated.

Credit card information

Chrome also allows to autofill credit card information, which fortunately is protected against this trick. Since autofill for credit card data is decoupled from personal data, a user must manually focus on an appropriate credit card input field to allow for autofill to start.