Author Topic: More tracking than you know  (Read 5083 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
More tracking than you know
« on: Monday, 27 November, 2017 @ 16:58:06 »
Quote
No, you’re not being paranoid. Sites really are watching your every move
Sites log your keystrokes and mouse movements in real time, before you click submit.

If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you're not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors' keystrokes, mouse movements, and scrolling behavior in real time, even before the input is submitted or is later deleted.

Session replay scripts... allow the operators to re-enact individual browsing sessions. Each click, input, and scroll can be recorded and later played back.

"Collection of page content by third-party replay scripts may cause sensitive information, such as medical conditions, credit card details, and other personal information displayed on a page, to leak to the third-party as part of the recording," Steven Englehardt, a PhD candidate at Princeton University, wrote. "This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes."

It's not clear what meaningful recourses Internet users have for preventing the data collection. The researcher said that ad-blockers can filter out some, but not all, of the replay scripts. Checking the "do not track" option built into some browsers also failed to stop the logging. That means every keystroke typed into a Web field may be logged, character by character, even if the visitor later deletes the field and never presses a submit button.

Until more robust protections are available, people should remember that just about anything they do while visiting a website can be logged.
https://arstechnica.co.uk/tech-policy/2017/11/an-alarming-number-of-sites-employ-privacy-invading-session-replay-scripts