A new study conducted at Princeton University has revealed that website tracking is very common, especially on websites with high traffic.
Researchers have released a series called No Boundaries where they explain how many websites track your keystrokes by using third-party scripts. They state that more than four hundred trafficked websites record every time you click, as well as all the words you type. From filling out forms to copy and pasting something into a bracket, everything is recorded. The data is then sent to third parties
The scripts in question are called session replay scripts. According to the research, they are able to pick up both general statistics of website visitors and individual browsing sessions. It even goes as far as to compare the action with someone “looking over your shoulder”.
Researchers also state that, regardless of the website’s security, website trafficking can be exploited very easily courtesy of human error or of a random bug.
More so, the data collected by these third-party scripts are not subjected to any kind of confidential agreement as it can be released at any time. Website tracking also includes passwords, credit card details and other sensitive user inputs, a notion that is worrisome, to say the least.
An example of such behavior is displayed by FullStory, an app that records customer experience data. It is so efficient in fact, that it can help website owners link the information back to a person’s real identity.
After Princeton University released their findings, websites such as Bonobos and Walgreens announced they would stop using session replay scripts.
“As we look into the concerns that were raised, and out of an abundance of caution, we have stopped sharing data with FullStory,” a spokesperson from Walgreens said.
Researchers state there are few solutions that aren’t that efficient in keeping your website activity private. Ad-blocker tools are able to block some, but not all third-party scripts. They note that tracking apps such as FullStory or SmartLook can’t be blocked by ad-blockers. However, there is a silver lining to all of this.
AdBlock Plus has reportedly been updated to block all types of session replay scripts.
Image Source: Pexels