The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> "Session replay" spyware javascripts
Christian J
post Nov 21 2017, 09:08 AM
Post #1


.
********

Group: WDG Moderators
Posts: 7,736
Joined: 10-August 06
Member No.: 7



No boundaries: Exfiltration of personal data by session-replay scripts

QUOTE
You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.

I've assumed this has been going on for years, but it's good to see the abuse confirmed. No mentioning of Google or Facebook though, but they likely keep their gathered data to themselves.

QUOTE
The replay services offer a combination of manual and automatic redaction tools that allow publishers to exclude sensitive information from recordings.
[...]
A thorough redaction process is actually a requirement for several of the recording services, which explicitly forbid the collection of user data.

(The study then shows how the redaction requirement can be ignored by site owners due to incompetence or indifference, even for credit card data and passwords.)

All of this will only get worse, of course. One way to protect yourself is by disabling javascript. On pages that only work with javascript you might still block unnecessary third party scripts (the RequestPolicy addon for Firefox works very well, but isn't yet upgraded for Firefox 57/Quantum), or you might use a blacklist. Unfortunately it's sometimes hard to tell if a page works or not unless you enable everything on it, especially when Ajax scripts are involved, since you may not notice if background server connections fail.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 11th December 2017 - 09:33 PM