PRIVACY: Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data.

If you’re daydreaming about buying a home or need to lower the payment on the one you already have, you might pay a visit to the Quicken Loans mortgage calculator. You’ll be asked a quick succession of questions that reveal how much cash you have on hand or how much your home is worth and how close you are to paying it off. Then Quicken will tell you how much you’d owe per month if you got a loan from them and asks for your name, email address, and phone number.

You might fill in the contact form, but then have second thoughts. Do you really want to tell this company how much you’re worth or how in debt you are? You change your mind and close the page before clicking the Submit button and agreeing to Quicken’s privacy policy.

But it’s too late. Your email address and phone number have already been sent to a server at “murdoog.com,” which is owned by NaviStone, a company that advertises its ability to unmask anonymous website visitors and figure out their home addresses. NaviStone’s code on Quicken’s site invisibly grabbed each piece of your information as you filled it out, before you could hit the “Submit” button.

During a recent investigation into how a drug-trial recruitment company called Acurian Health tracks down people who look online for information about their medical conditions, we discovered NaviStone’s code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it even if those people immediately changed their minds and closed the page.

I never browse the web without a Javascript blocker extension.