Intuit rectifies Quicken website's data spillages

Most websites are violating privacy policies, even if unintentionally, according to one internet security analyst.

Richard Smith made the contentious claim after it came to light that Intuit's Quicken website has been leaking personal financial information to advertisers, including DoubleClick, which is at the centre of a recent online privacy wrangle.

The Federal Trade Commission is currently holding an inquiry to determine whether DoubleClick is unlawfully collecting data on consumers' online surfing and shopping habits before selling on the information to third party advertisers.

But Smith, who discovered the leaks, said that they occurred when a design malfunction caused information typed into forms on the web to be sent accidentally to companies that provide banner advertisements to other websites.

In Intuit's case, both a mortgage calculator and a credit assessment feature on its Quicken website collected information from customers regarding their income, assets and debt before sending the data to DoubleClick.

But Smith attested that the data spillage problem was not limited to either Intuit or personal finance websites and affected a range of other ecommerce sites.

He also alleged that retailer Buy.com, among others, appeared to be sending DoubleClick the titles of videos its customers were searching for on its website, and added that additional sites such as RealNetworks and AltaVista have had similar problems, although they have already addressed them.

"The problem basically means that most websites are violating their privacy policies, even if unintentionally," he said.

Brooks Fisher, Intuit's vice president, said: "We believe it is a leakage and it is a problem," but he added that the finanical software supplier began a 'stop action' immediately and two hours later decided to remove DoubleClick's advertisement from its Quicken loans site.

Kevin O'Connor, DoubleClick's chief executive, said the company was also looking into the matter. "We are actively looking at all the sites to find out if this quirk is happening. When and if we discover this, we will immediately tell our clients."

He stressed that DoubleClick did not have any of the information it was sent by Intuit or any other of its customers. "We do not use or collect any referral field information," he said.

DoubleClick also said it would hold off on a plan to add customers' names and addresses to its ad tracking scheme until the government and industry agreed on privacy standards.