How did this website get my info?

I admit to being fairly naive about many things, but something just happened that kind of scares me. I went to check out a new website I’d read about last night. They had a really good price on an item, and I wanted to find out how much the shipping charges would be before deciding to order. So I start out as if to order one item, and proceed through the ordering screens. At no time did I register, or give any personal information. I get to the shipping screen and it has filled out the “Ship To” area with my name, address and phone number, all correct. I never gave them any of this information: how did they get it?

How can I prevent a website from getting this information before I give it? I have ordered items online before from other compnaies…big companies…and they have not had any of my personal info. This is a very small company that I had never heard of until midnight last night. Is this a standard practice?

I don’t think they had your information. I think your web browser automatically filled that in for you. Check out the options and you can end that esaily enough.

I checked my privacy settings, and they are set high enough that it shouldn’t have happened.

First of all, with any computer question, please provide info on all software and any relevant hardware in use. In this case, OS and browser including versions.

Here is one example of how this can be done if you are using insecure software (e.g., anything by Microsoft).

Let’s say you are an Amazon customer and ordered some stuff from them. All your data is stored in a cookie. Name, address, etc. When you go to EvilCom, they request your Amazon cookie, and presto, they have your data now. EvilCom can now do what they want with your data. Nice, right?

So proper cookie management is a key to avoiding this particular type of problem. Cookies should only be readable by the site that sent the cookie in the first place. All cookies with personal info should be secured, i.e., you are asked each time whether you want the site to read the cookie. “Third party” cookies should be tightly controlled. (Cookies that are sent by a site with an image on the site you’re visiting, so that the Rest Of The Universe can find out where you’ve been.)

Unfortunately, MS IE doesn’t allow you to have that kind of control. But since you are an intelligent person, you’ve never once used MS IE in your life.

When using the Net, be paranoid. There are a lot of Bad Things out there trying to steal your information, drain your accounts, etc.

The only thing which can be added to ftg’s succinct answer is a useful link:

EvilCom cannot “request” your cookie. Cookies are only sent back to the domain from which they came.

No, only the third party site which sent the cookie knows.

Indeed. But all the happened here was a simple browser-autofill. It’s annoying and can most likely be turned off in the preferences.

Maybe the website you were using involked a PayPal type system to pay for the goods, fields for shipping would automatically be filled in by your account info with PayPal, not the site you’re using.

Anywho, help us out here. What site were you using, and what was your method of payment (PayPal, CC, etc…)?

Freido, this is the SDMB, we fight ignorance here. Please read up about cookies and such before making such a post.

In particular: Opera and some other browsers (but not MS IE) explicitly allow you to limit whether a site can request other site’s cookies. In my version of Opera there is an explicit 3rd party/“only accept cookies set to the server itself” option. That is, you turn that off and who knows what servers are reading all of your cookies.

In an ideal world, we wouldn’t have to worry about such matters at all, but since so many web sites are designed to “work” with MS IE, and MS IE allows all sorts of crazy things, other browsers have to allow the option of such “compatibility”. Ugh.

I stand by my post 100%.

The website I was using was, as if that matters. I hadn’t even gotten to a screen that asked how I was going to pay. I had selected one item, gone to the next screen that was shipping options, and BOOM! my info was there waiting. My browser is SBC Yahoo 3.12.

The privacy settings should have nothing to do with it. The feature where it fills out the form for you sends no information to anybody, until you press a submit button or such. It’s just on the screen.

If it is indeed simply the browser filling out the form for you, and I think that’s what it probably was, then you have nothing to worry about.

Lessee. Part of the screen was already filled in, which saved you that trouble. And by your own admission, it was correct.

And for all this convenience you are complaining? :rolleyes:

It is unlikely that a tiny bitwise green man is hiding behind your screen, chuckling over the personal info he knows, but more likely all this is being done by impersonal computers who don’t give a CPU cycle about you, personally. Appreciate it. Use it. Go with the flow. Celebrate the technology.

Only partly kidding. :slight_smile:

Not entirely true:

Then, you’re 100% wrong. Why don’t you read up on cookies?

There is one exception, but in this case the website delivering the cookie must write it so that it can be read by other websites. No standard cookie can be read by any other website, however malevolent it may be.

Your cite does not in any way contradict what friedo said. It is still reading an cookie.

Actually, I think it does. I just went out there and noticed it’s a Yahoo store. Most likely, it pulled it up from your Yahoo account or you’ve ordered from another Yahoo store in the past. I made a pretend order myself and saw that it pulled up my address, too. Since it’s a Yahoo store and you have a Yahoo internet account (I’m guessing by the fact that you use their browser), I think that’s the answer.

ThanksDeadlyAccurate. That answer makes sense to me. And thanks for the reassurance, Revtim. And musicat, you know what bugged me the most? When it filled in the form it didn’t capitalize the appropriate words, like my name, city, street: it was all lower case. I get a little anal when I fill in forms, and I want them to look right!

That’s odd that it’s not capitalizing, especially if you are anal about yourself. Since it got its data from a form you filled out, it should be the way you fill them out.

I use Mozilla, so I’m less familiar with IE. Any other IE users ever see it where it loses capitalizations on the auto-fill?

Never. However, I’ve also never seen it autofill a form until I’ve started entering the info. The autofill on my IE browser will create a dropdown menu under or above the data field I’m filling out with any words/phrases previously entered on forms that start with the letter(s) I’ve already entered. Once I click on the word/phrase that should be used, it populates the field with that word/phrase, using the casing that was used previously, no matter what casing I have it entered in on the current form. (e.g. if I enter sTR and then choose Straight Dope from the dropdown list, it populates as Straight Dope, not sTRaight Dope.)