Most of us who have spent enough time on the internet already know that several websites record visits of users including the log of pages they have visited. Few sites with high-traffic even use a software that records every time you click and every word you type. Some websites have designed tracking scripts that allow website owners to link the recordings they gather to a user’s real identity and even access user’s data.
Tracking user data is one hell of a big trouble that Google tackled earlier with an update in Google Chrome to kill annoying redirects and popups. These websites keep a record of even the text you accidentally pasted into a form, copying from the clipboard. These scripts, or bits of code that websites run, are called “session replay” scripts.
Session replay scripts are widely used by companies to gain insight of how their users interact with their site to identify confusing web pages and user’s interest. For example, when you search for a pair of shoes on a retailer’s site, it records that you were interested in them. In general, scripts don’t run on every page of a website but are often placed on pages where users add sensitive information, like passwords and medical conditions.
Some security researchers from Princeton University have published a detailed report to elaborate how third-party scripts of different websites track your every keystroke and then send that information to a third-party server.
Today I learned: 482 of the worlds largest websites run keyloggers. https://t.co/gzuKsPXpuA
— imre Fitos (@imreFitos) November 15, 2017
The researchers observed most popular session replay companies including FullStory, SessionCam, and SmartLook. They found out that 482 of the world’s top 50,000 sites are using these company’s scripts.
A quick tip for blocking session replay scripts is to use a popular ad-blocking tool, AdBlock Plus. The tool will enable you to get protection against all of the suspected threats mentioned in the Princeton study.