I was emailed after abandoning a registration form. I did not click Submit

It seems a lot of people are missing the true concern here because they only read the first half of the article.<p>Going to paraphrase the article a bit here but yes, the website is capturing the filled-in data even if the user hasn&#x27;t hit the submit button. However, they&#x27;re also running a tracking script from an advertisement network in the background that attempts to capture your e-mail. If you visit Site A as a result of one of the ads from that network, but leave without putting down your e-mail address, and then go to Site B and do leave your e-mail address, the ad network will send your e-mail address to Site A in an attempt to &quot;re-capture&quot; that lost impression for Site A even if you never even hit submit on Site B. They&#x27;re marketing it as a way of reducing ad-spend because you don&#x27;t have to keep trying to target potential customers who&#x27;ve already shown interest through more ads.<p>I&#x27;m not a lawyer so I&#x27;m very curious to know how this doesn&#x27;t easily violate COPPA for Site A, Site B, and the ad network, among other privacy laws. The wording from the ad network shown in the article is a bit vague around enabling a &quot;triggered email sequence&quot;, so I&#x27;m wondering if they get around some legal issues by sending emails for Site A on their behalf rather than sharing the email address itself.<p>* Edited for minor typos I noticed after hitting submit.

I argued against this pattern and left shortly after the owner of a company I worked at made me implement this pattern. As the head of the department I actually refused, but he went to one of the engineers on my team and had the push the change.<p>I can never figure out why people don&#x27;t realize that even if it&#x27;s legal, it comes across as creepy.

If he thinks that is nefarious wait until he learns that websites were using visually hidden fields to surreptitiously capture browser auto-complete details. That is, if you auto complete &quot;name&quot; they might have an &quot;email&quot;, &quot;phone number&quot;, &quot;address&quot;, etc. field hidden from your view that also get auto filled.<p>I sure hope that browser makers have patched that somehow but I still avoid auto-complete whenever possible.

One thing I don&#x27;t think people realize is in the age of async JS, even not doing anything is an action to be observed. Information is not sent when you say &quot;okay&quot; -- it&#x27;s always being sent.

This happens everywhere. Since ebay has started charging tax for all items (regardless of whether or not they are used or new) in my state, I&#x27;ve been using more and more small online shops for product purchases.<p>In many cases you have to fill out your address and email info before you can get to a shipping page to see shipping charges. In so many cases, even though I did not place an order or create an account, I am still sent an email saying that I have contents in my &quot;shopping cart&quot; and they are looking forward to &quot;making me a satisfied customer&quot;.

This has happened to me several times since the quarantine started and I began shopping online more.<p>Nothing makes me want to shop with your company less than blatantly violating my trust before I&#x27;m even a customer.

I knew a guy that started to fill out a shop form (card entry), and didn&#x27;t submit.<p>They charged the card anyway (and did not send any product).<p>They got an earful from him.<p>I suspect their form was a piece of junk, but that doesn&#x27;t sound particularly PCI-compliant, to me.<p>This ad-targeting, email-harvesting thing is really bad, though. It may not be illegal in most of the US (but I&#x27;ll bet it is in some states), but I will lay odds that this company had better make sure they don&#x27;t have any EU data mixed into their little bouillabaisse.

So in the screenshot you&#x27;re giving an email and they&#x27;re just storing it without telling you before you click submit, but that AddShoppers system sounds ridiculous. I&#x27;m guessing they just provide the data and you send the emails through your own account and take the inevitable reputation hit of endless spam reports yourself after you email people who&#x27;ve never given you their email?

If I abandon a cart there&#x27;s a reason! Nagging me about it isn&#x27;t going to make me purchase anything. You may <i></i>think<i></i> it did because I come back--but if that happened it&#x27;s because I was after some other information first.

There are analytics tools that are in <i>pretty common use</i> that record entire user sessions on your site. Mouse movements, stuff typed in but not submitted, everything.<p>Javascript with more than about 1% its current capabilities, in a hyper-text document navigator and e-commerce platform, <i>is a security hole</i>. It can&#x27;t be fixed because its features <i>are security holes</i>.

I visited Jabra&#x27;s website the other day, browsed a couple product pages and then left. Sure enough about 24 hours late I get an email with a subject like &quot;Come check out some of these products you missed.&quot;<p>How the hell is that legal?

I run this on my forms. I include a hard to follow disclaimer that says your entries are saved in real time &quot;for your convenience&quot;<p>It freaks people out when we reach out on the partial fill, but since I sell lead generation, it&#x27;s a nice trick that they appreciate.<p>It&#x27;s definitely problematic.<p>Luckily, our time is costly so only one single follow up occurs ..no list selling, mailing lists or repeat calls occur, but would be easy to do.<p>Its actually just an available feature on existing form software

I implemented something like this for the uni I worked for a few years ago, basically we wanted to collect &#x27;partials&#x27; as we called them. We were paying for web campaigns and we wanted to increase lead intake by collecting information as fields were filled out. We attached this to a cookie that we assigned on user landing and as they typed in the input it was progressively building a profile. If you never clicked submit it was not considered a full lead and ended up in a partials database that got mined by the analytics group.<p>Modern CMS&#x27;s, specifically SiteCore have this kind of progressive profiling built in. It was one of the selling points for why we adopted it in our last rewrite.

I&#x27;ll be upfront about this. I was doing this back in 2003. My rationale? People would forget to complete signups, or they get interrupted. My goal was to make it as trouble-free as possible to get back to where they had left off. And it worked really well. Granted, all this was back long before I really had any concept of spam and privacy. It was just an honest &quot;Oh, this could help those users!&quot; Obviously times are different and expectations have changed. I wouldn&#x27;t think of doing it now.

I got a SMS the other day of an incomplete form in a Shopify shop. The service is called SMSBump. I do not even recall giving them my number but maybe my password manager did autofill it.

This happens to me with shopping carts that I never register for but started to enter email.<p>You get a &quot;left something in your cart&quot; discount code.<p>So I&#x27;ve started to do that on purpose when I can&#x27;t find a discount for a site, works about 50% of the time. Start to checkout, enter email, get to payment and just close tab. Wait an hour or two.

How is this any different than sites that track what people are highlighting in the text? If anything, tracking what you highlight is a worse violation because it can reveal your inner thoughts and values, which is more valuable and harder to get than your email address.

I remember reading a marketing tips page that recommended gathering the email as the first step of a multi-step signup process. I never followed the advice as I was just more interested in the technical details of connecting UI to my backend schema in a rational fashion.

Formstack.com forms are able to do this and they are distributed all over the web.

This is so against the basics of GDPR, all these webshops that participate risk fines for non compliance from the moment a EU citizen is being tracked. Even if these are US companies they need to comply

This is the opposite of fighting for the users. It&#x27;s outright hostile.

So I suppose the advice of disabling Javascript is not that bad after all.

What a great explanation of GDPR and why its necessary.