Hundreds of sites use something like keyloggers and record what you type, clicks and moves accordingly with a survey held recently at Princeton University. Among these pages are the Guardian, Reuters, Samsung, AlJazeera and WordPress.com.
Most of you know that your searches, page views and even scrolling a page are being tracked. But research shows just how complicated monitoring can be.
The websites mentioned above are said to use what is called "session replays", and it helps them record the typing and movements that each user makes while navigating a page.
The study, conducted by Princeton's Center for Information Policy, focused on some of the main ones Companies that offer session replays services: SessionCam, UserReplay, FullStory, Clicktale, Yandex, Smartlook and Hotjar.
It is important to understand why this behavior is dangerous, in addition to your privacy.
The Princeton study reports that most of these services (resembling keyloggers) directly block password input fields from registrations, but often the forms are mobile-friendly Appliances. Thus very sensitive information, such as passwords, credit card numbers and credit card security codes end up on the pages that use the specific services.
The study explains:
“All companies studied offer some mitigation through an automated exptwork, but this varies significantly from service provider to service provider. UserReplay and SessionCam replace all user input (keystrokes) with cover text of equivalent length, while FullStory, Hotjar, and Smartlook completely block specific input fields.”
Note that all of this information is usually shared when a user signs up for a service or makes a payment and is expected to be completely confidential.
Paul Edon, company director better safetyof Tripwire, told BBC News that “the first concern is the legality of recording people's keystrokes without first informing them of the fact. If these sites do not warn the user that they are logging their keystrokes, then I would classify it under the category of “illegal activity.”
Once again, big names like Microsoft, WordPress.com, Reuters and Samsung are spying on their users' privacy.