Hundreds of sites use something like keyloggers and record what you type, clicks and moves accordingly with a survey held recently at Princeton University. Among these pages are the Guardian, Reuters, Samsung, AlJazeera and WordPress.com.
Most of you know that your searches, page views and even scrolling through a page are being tracked. But the research highlights how complicated it can be monitoring.
The websites mentioned above are said to use what is called "session replays", and it helps them record the typing and movements that each user makes while navigating a page.
Η study, conducted by Princeton's Center for Information Policy, focused on some of the main companies offering session replay services: SessionCam, UserReplay, FullStory, Clicktale, Yandex, Smartlook and Hotjar.
It is important to understand why this behavior is dangerous, in addition to your privacy.
The Princeton study reports that most of these services (which look like keyloggers) directly block password input fields from registrations, but often the forms are mobile-friendly. So very sensitive information such as passwords, credit card numbers and credit card security codes end up on the pages that use the specific services.
The study explains:
"All the companies studied offer some mitigation through an automated processing, but that changes significantly from provider to service provider. UserReplay and SessionCam replace all user inputs (keyboards) with text of equivalent length coverage, while FullStory, Hotjar and Smartlook completely block these input fields. ”
Note that all of this information is usually shared when a user signs up for a service or makes a payment and is expected to be completely confidential.
Paul Edon, its director companyof Tripwire security, told BBC News that “the first concern is the legality of logging people's keystrokes without first informing them of the fact. If these sites do not warn the user that they are logging their keystrokes, then I would classify it under the category of “illegal activity.”
Once again, big names like Microsoft, WordPress.com, Reuters and Samsung are spying on their users' privacy.