web firms record keystrokes of users

According to the study from Princeton University, more than 480 websites use technique of session replay to gain an understanding of how customers use websites. 

Study says that Hundreds of web firms are tracking every single keystroke made by visitors. Experts questioned the legality of using such software without user’s consent.”These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and may be send them to third-party servers.

The stated purpose of this data collection includes gathering insights into how users interact with websites and discovering broken or confusing pages. However the extent of data collected by these services far exceeds user expectations. Text typed into forms is collected before the user submits the form, and precise mouse movements are saved, all without any visual indication to the user. This data can’t reasonably be expected to be kept anonymous.

As per record by researchers in website : jagat  Analysis of seven of the top session replay companies (based on their relative popularity in our measurements ). The services studied are Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam. They found these services in use on 482 of the Alexa top 50,000 sites.Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording.

This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.

Following are the red lines  :

1. Passwords are included in session recordings.

2. Sensitive user inputs are redacted in a partial and imperfect way.

3. Manual redaction of personally identifying information displayed on a page is a fundamentally insecure model.

4. Recording services may fail to protect user data.

Firms using the software included the UK’s news website the Telegraph, Samsung, Reuters, US retail giant Home Depot and CBS News.Paul Edon, director at security firm Tripwire said: “The first area of concerns here is the legality of recording people’s keystrokes without first informing them of the fact.If this is so reliability of users on to the websites bleaks to the point of negativity.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s