482 Popular Websites Are Recording Your Every Keystroke And Mouse Movements
Most
of you might be knowing that the websites you visit use third-party
analytics scripts to record your visits and the pages you open. This
anonymous statistics collection is pretty standard stuff. However, in
recent past, there has been an increase in the number of sites using
“session replay” scripts, which can record your keystrokes, mouse
clicks, scrolling, etc., and send them to third-party servers. This data
is used to record and playback of individual browsing sessions.
While the stated purpose of this data gathering is having an insight into how users interact with the sites and discovering broken/confusing pages, the extent of these services exceeds the same. On a page, before you submit a form, the text typed in the form is also saved.
Session Replay on top sites
According to a study conducted by the folks at Princeton University, hundreds of popular websites are using this technique to record your every activity.While the stated purpose of this data gathering is having an insight into how users interact with the sites and discovering broken/confusing pages, the extent of these services exceeds the same. On a page, before you submit a form, the text typed in the form is also saved.
As per this study, out of the top 50,000 Alexa sites, 482 were found
to be using these session replay services from providers like Yandex,
FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam.
It’s worth noting that collection of content by a third-party
provider might cause leaking of sensitive information like password,
credit card details, medical details, banking information, etc. Such
data could be further used to perform identity theft and online scams.
Some of the notable names which were found to be recording user
sessions include the sites of HP, Comcast, Yandex, Lenovo, Autodesk,
Windows, Crunchbase, Intel, etc. Find the complete list here.
“We do not present the above examples to point fingers at a certain
website. Instead, we aim to show that the redaction process can fail
even for a large publisher with a strong, legal incentive to protect
user data,” the study adds.
What are your thoughts on such session replay techniques being used
by reputed websites? Don’t forget to share your views and take part in
the discussion.
Posts
