Category Archives: third party

web firms record keystrokes of users

According to the study from Princeton University, more than 480 websites use technique of session replay to gain an understanding of how customers use websites. 

Study says that Hundreds of web firms are tracking every single keystroke made by visitors. Experts questioned the legality of using such software without user’s consent.”These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and may be send them to third-party servers.

The stated purpose of this data collection includes gathering insights into how users interact with websites and discovering broken or confusing pages. However the extent of data collected by these services far exceeds user expectations. Text typed into forms is collected before the user submits the form, and precise mouse movements are saved, all without any visual indication to the user. This data can’t reasonably be expected to be kept anonymous.

As per record by researchers in website : jagat  Analysis of seven of the top session replay companies (based on their relative popularity in our measurements ). The services studied are Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam. They found these services in use on 482 of the Alexa top 50,000 sites.Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording.

This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.

Following are the red lines  :

1. Passwords are included in session recordings.

2. Sensitive user inputs are redacted in a partial and imperfect way.

3. Manual redaction of personally identifying information displayed on a page is a fundamentally insecure model.

4. Recording services may fail to protect user data.

Firms using the software included the UK’s news website the Telegraph, Samsung, Reuters, US retail giant Home Depot and CBS News.Paul Edon, director at security firm Tripwire said: “The first area of concerns here is the legality of recording people’s keystrokes without first informing them of the fact.If this is so reliability of users on to the websites bleaks to the point of negativity.

 

Advertisements

How to find – Websites, secretly connected to your computer

Hello dear friends, Hope you all are fine with health and happiness.

Sometimes we use better connections but still we get slow speed which is quite annoying,this things happens due to fact that malware, spyware or any adware using your internet behind the scenes resulting to slow data transfer on original requirement of speed. Here is the technique to know what is going behind the hood.

Third party firewall also provide feature of blocking unwanted connections unless to manage exclusion option for some sites.

netstat command from command prompt window is used to find the network statistics in details. This works in windows XP (out of date) and above i.e vista, 7,8,8.1 etc. In XP only service pack 2 is found to be responsive in this case. netstat command generate list of networks in systematic way in specified amount of time.

First of all log in your computer – window as an administrator (Any changes to the computer or information in the computer can be easily generated from Administrative log)ximg_53e314466c377-png-pagespeed-gpjpjwpjjsrjrprwricpmd-ic-iygyw7ynls

Window 8.x , command prompt is obtained by right clicking on desktop and choosing command prompt (Admin) option. Below 8, command prompt is entered by clicking start menu and entering “cmd.exe” in the search box. When the result display right click on cmd.exe and click run as administrator from popup menu.

2

If user account control Dialogue box appears click yes to continue.(User Account Dialogue Box may or may not appear depending upon your user settings).

4

Type the following command in the command prompt:

netstat -abf 5 > activity.txt

5

Here the  –a option shows all connections and listening ports,

–b option shows the application which is making the connection,

–f option displays the full DNS name for each connection option for easier

understanding of where the connections are being made to.

You can also use the –n option if you wish to only display the IP address.

The 5 option will poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.

Wait about two minutes and then press Ctrl + C to stop the recording of data.

Once  recording data is finished, Simply open the activity.txt file in your favorite editor to see the results, or type activity.txt at the command line to open it in Notepad.

The resulting file will list all processes on your computer (browsers, IM clients, email programs, etc.) that have made an internet connection in the last two minutes, or however long you waited before pressing Ctrl + C. It also lists which processes connected to which websites.

If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. It may be a system function you don’t know about or a function of one of your running programs. However, if it seems like a bad site, Google helps you to get rid of it.

6

Some third party softwares are also handy in knowing and removing unwanted connections.

CURRPORTS and TCPVIEW are some of the common ones.

Thank you for bearing me ..

Jagat