laptop privacy security keyboard

Photo via fandom_rt/Shutterstock (Licensed)

Hundreds of popular websites are recording your keystrokes and mouse clicks

Researchers worry users could be exposed to identity theft.

Nov 23, 2017, 12:22 pm*

Tech

Phillip Tracy 

Phillip Tracy

Be careful what you do online—your every movement could be recorded.

Hundreds of the internet’s most popular websites are using “session replay” software to record all your keystrokes, mouse movements, and scrolling behavior, according to a study conducted by Princeton researchers.

The study found 482 of the top 50,000 websites are using software from major session replay companies. These sites typically state the purpose of tracking such detailed information is to discover broken web pages. But researchers believe the extent to which the information is gathered suggests it’s being used for other invasive practices. The study found session replays were primarily used on pages that ask for sensitive details, like your personal information or medical history.

“Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behaviour,” the researchers note.

The session replay begins recording the moment you start typing, which means if you start plugging in your private medical information but decide to bail out before submitting, it’s too late—whichever website you were on already recorded your answers.

All that data is then sent to third-party servers without the user’s knowledge “unless you dug deep into the privacy policy,” researcher Steve Englehardt told Motherboard. Some companies who make the tracking software even have scripts that link the connected data to a user’s real identity.

The video below shows what a replay script looks like from the eyes of the user and website.

https://www.youtube.com/watch?time_continue=39&v=l0Yc8s0DTZA

Major companies using the scripts include xfinity.com, walgreens.com, hp.com, norton.com, lenovo.com, costco.com, gap.com, and many others. Both Walgreens and Bonobos stopped the practice after Motherboard confronted them.

You can view Princeton’s full list of websites using session replay scripts here.

H/T BBC

Share this article
*First Published: Nov 23, 2017, 12:15 pm