Detecting Transmissions of Hashed Personal Information to Trackers Online

Summary

This study investigates websites that expose your personal information (such as email addresses and phone numbers) to tracking companies, even when they may say it’s been made anonymous.

Many companies claim to anonymize sensitive user data by using mathematical transformations called hashing to obscure the original data. Research has shown this not to be true; the original data can often be recovered. Despite these warnings, companies continue to share your hashed emails, phone numbers, and other personal information to tracking companies. We want to find out where and how often this happens on the web. Our goal is to bring this issue to light such that users are more well informed and protected in the future.

If you use Firefox or a Chromium-based browser (Google Chrome, Brave, Opera) as your web browser, we ask you to install a small browser extension called Hem and Haw. It quietly checks if your private info is being shared while you browse the internet. You can use the web as you normally do. The goal is to learn how often companies use hashing to share your data while making the false claim that you will stay anonymous.

You can find more information at https://tincangit.github.io/hemandhaw-study/. Your help can make the internet safer for everyone. If you have any questions or concerns, please email hemandhaw@ucalgary.ca.