Hundreds of sites use something like keyloggers and record what you type, clicks and moves accordingly with a survey recently held at Princeton University. These pages include Guardian, Reuters, Samsung, AlJazeera and WordPress.com.
Most of you know that your searches, page views and even scrolling a page are being tracked. But research shows just how complicated monitoring can be.
The websites mentioned above are said to use what is called "session replays", and it helps them record the typing and movements that each user makes while navigating a page.
The study, conducted by the Princeton Center for Computer Policy, focused on some of the major companies offering session replays: SessionCam, UserReplay, FullStory, Clicktale, Yandex, Smartlook and Hotjar.
It is important to understand why this behavior is dangerous, in addition to your privacy.
Princeton's study reports that most of these services (which look like keyloggers) directly exclude password entry fields from registrations, but many forms are mobile-friendly. So very sensitive information such as passwords, credit card numbers and credit card security codes end up on the pages that use these services.
The study explains:
"All the companies studied offer some mitigation through an automated processing, but that changes significantly from provider to service provider. UserReplay and SessionCam replace all user inputs (keyboards) with text of equivalent length coverage, while FullStory, Hotjar and Smartlook completely block these input fields. ”
Note that all of this information is usually shared when a user signs up for a service or makes a payment and is expected to be completely confidential.
Paul Edon, director of security company Tripwire, told BBC News that "the first concern is the legality of recording people's keystrokes without first informing them of the incident. If these sites do not warn the user that they are logging in, then I would categorize it as "illegal activity."
Once again, big names like Microsoft, WordPress.com, Reuters and Samsung are spying on their users' privacy.