Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

More than 480 web firms record 'every keystroke'

 
November 22nd 2017
Hundreds of web firms are tracking every single keystroke made by visitors, a study from Princeton University has suggested.

The technique - known as session replay - is used by companies to gain an understanding of how customers use websites.

More than 480 websites used the technique, according to the study.

Experts questioned the legality of using such software without user consent.

"These scripts record your keystrokes, mouse movements, and scrolling behaviour, along with the entire contents of the pages you visit, and send them to third-party servers," the researchers said in a blog.

"Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behaviour," they added.

The researchers looked at seven firms that offer session replay software - FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar and Yandex.

They found that 482 of the world's top 50,000 sites used scripts provided by one of these firms.

Firms using the software included the UK's news website the Telegraph, Samsung, Reuters, US retail giant Home Depot and CBS News.

Paul Edon, director at security firm Tripwire said: "The first area of concerns here is the legality of recording people's keystrokes without first informing them of the fact.

"If these websites do not alert the user to the fact that they are recording keystrokes, then I would class this under 'nefarious activity' as it is being less than honest, and the information is being collected without the user's knowledge."

Source

Keywords