Report: “Over 400 of the World’s Most Popular Websites Record Your Every Keystroke, Princeton Researchers Find”

From Motherboard:

The idea of websites tracking users isn’t new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled “No Boundaries,” three researchers from Princeton’s Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world’s most popular websites track your every keystroke and then send that information to a third-party server.
[Clip]
Most troubling is that the information session replay scripts collect can’t “reasonably be expected to be kept anonymous,” according to the researchers. Some of the companies that provide this software, like FullStory, design tracking scripts that even allow website owners to link the recordings they gather to a user’s real identity. On the backend, companies can see that a user is connected to a specific email or name. FullStory did not return a request for comment.
[Clip]
Prominent companies who use the scripts include men’s retailer Bonobos.com, Walgreens.com, and the financial investment firm Fidelity.com. It’s also worth noting that 482 might be a low estimate. It’s likely that the scripts don’t record every user that visits a site, the researchers told me. So when they were testing, they likely did not detect some scripts because they were not activated.

Read the Complete Article, View Images
Primary Sources
Research Post: “No Boundaries: Exfiltration of Personal Data By Session-Replay Scripts” (via Princeton’s Center for Information Technology Policy)
Data: List of Websites that Have Third-Party ‘Session Replay’ Scripts”

Filed under: Data Files, News, Patrons and Users