Exfiltration of personal data by session-replay scripts

[cruelsister]

The article is too detailed for an adequate summary here. But the functional term is session replay...

No boundaries: Exfiltration of personal data by session-replay scripts

 

[Deleted member 178]

Great post, it confirmed what i heard about sites analyzing mouse movements to see what areas of a page is more attractive and should be optimized.

 

[HarborFront]

If you read my post #17 below you can see that using EasyList and EasyPrivacy adblocking lists can protect you against 7 different types of session-replay scripts

No, you’re not being paranoid. Sites really are watching your every move

 

[tim one]

It seems quite difficult to really understand what is happening in those web pages, but indeed what could happen if a man-in-the-middle attack injects a script into the page by pulling all the registerd data?

 

[Prorootect]

I didn't know too much until now, why I had the reticence of downloading Yandex browser, now I know, sure:

Data release: list of websites that have third-party “session replay” scripts
on webtransparency.cs.princeton.edu: Site list

In a recent study we analyzed seven “session replay” services and revealed how they exfiltrate sensitive user data. Here we release the data behind our study, specifically, the list of websites from the Alexa top 1 million which embed scripts from analytics providers that offer session recording services. The appearance of a website on this list DOES NOT necessarily mean that session recordings occur, as website developers may choose not enable session recording functionality. ...

... As such, this list provides both an upper and lower bound of the presence of session recording companies on the web. Two of the 14 companies included in the data release, Yandex and Hotjar, have a diverse set of analytics services -- many of which have no overlap with session recording. The remaining companies mostly offer similar services which include: session replay, heat maps, click maps, and form analytics.

The list below contains sites that are ranked in the top 10,000 according to Alexa. ...

Some of the sites in the list stopped using session replay scripts as a response to our study. Also, the list is based on crawls made between June and September 2017; sites might have changed since the measurement. ...

____________________

Thats why I see frequently ContentBlockHelper anti-script Chrome extension blocking yandex.ru ...

- Thank you cruelsister to post this topic.