Breaking News

The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts

This post was originally published on this site

Share on Facebook Share

Share on TwitterTweet

Share on Google Plus Plus

Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every keystroke workers make. The practice is regarded in many jurisdictions as acceptable because people are working on equipment provided by their employer, and use it to carry out tasks for the company that pays their wages. So the logic is that an employer has permission to check that the equipment is being used properly, and that employees are working diligently. But a blog post on the Freedom to Tinker blog reveals that keystroke capture and more is taking place on public websites too:

“You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.”

The researchers looked at services from Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam. They found the named services in use on 482 of the Alexa top 50,000 sites, but just one of them – Yandex – says that its Yandex.Metrica product is on 8 million sites, so the number of websites using this technology globally is probably even higher. Adding constant surveillance is simple: FullStory claims “One small snippet records every user action. No maintenance and no manual tagging.” The key feature offered by all

Leave a Reply

Your email address will not be published. Required fields are marked *