If you supply personal information on a website, you should expect that the owners of the website would get that information. But according to recent reports, some websites can record your key strokes during your entire browsing session. Here's one report about the issue: No, you’re not being paranoid. Sites really are watching your every move:
Session replay scripts are provided by third-party analytics services that are designed to help site operators better understand how visitors interact with their Web properties and identify specific pages that are confusing or broken. As their name implies, the scripts allow the operators to re-enact individual browsing sessions. Each click, input, and scroll can be recorded and later played back.
A study published last week reported that 482 of the 50,000 most trafficked websites employ such scripts, usually with no clear disclosure. It's not always easy to detect sites that employ such scripts. The actual number is almost certainly much higher, particularly among sites outside the top 50,000 that were studied.
"Collection of page content by third-party replay scripts may cause sensitive information, such as medical conditions, credit card details, and other personal information displayed on a page, to leak to the third-party as part of the recording," Steven Englehardt, a PhD candidate at Princeton University, wrote. "This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes."
Here's another one: No boundaries: Exfiltration of personal data by session-replay scripts.
There doesn't appear to be a way the site visitor can prevent it from happening. But as precaution a site visitor could open the browser only for that page in which he/she expects to supply a password or other personal info, then close it once the business is concluded.
------
2:06 PM 12/13/2017
Comments