No boundaries: Exfiltration of personal data by session-replay scripts

Found on Freedom to Tinker on Tuesday, 21 November 2017

More and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.

Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior.

That sounds like a very very grey area, and in some countries this sort of data collection would be flat out illegal.

Browse all articles« Previous « » Next »