Web trackers exploit browser login managers. Interesting technique. I guess the solution is to use a 3rd party password manager that requires an action to trigger (I'm using 1Password right now and I have to hit the control-\ key to get it to auto-fill...)