Certified company | Engineering the world

Get in touch

Websites Use Session Replay Scripts And Record Input

Nov 23, 2017 | Uncategorized | 0 comments

Security experts have demonstrated the use of so-called session replay technology in many, often heavily used websites, with which operators can easily record all actions and inputs of the user and understand.Ultimately, the pages behave like a kind of keylogger, which saves all input from the user.

Session Replay

Researchers at the Center for Information Technology Policy (CTIP) at Princeton University surveyed more than 400 websites in a study, much of which is known and frequently frequented. They found that in many places a so-called session replay script is used, which should normally provide information on user behavior.

Also Read: Facebook Moments have a standalone website

The problem here is that in the session replay the path of the user on the respective website in detail is traceable, where appropriate, his inputs are recorded. If you fill out a form or enter your credit card information, this information can be retrieved by session replay in its purest form from the respective website operator, even if they are actually encrypted and migrate to the respective database.

Also Read: Google Launches New Website to showcase Open Source

In some cases, the data is displayed in so-called dashboards that do not require much security. In addition, errors are also recorded by personal, actually secret data, if the respective script is actually configured so that this information should be left out. Actually, the approach is well known and perhaps therefore widely used, but users often do not know that the technology is being used on a particular website.

Also Read: 10 Easy Ways To Speed Up WordPress Website

The number of sites on which Session Replay is deployed is expected to be significantly higher than the approximately 400 examples that researchers found when analyzing the 50,000 most-used Web sites. According to the security specialists, a large number of sites show signs of session replay scripts, and the operators also include well-known companies. As examples, they mentioned the websites of HP, Intel, Lenovo, Norton and Opera. Also on the Russian Facebook counterpart, VK.com session replay is to be used on a broad front.

Also Read: 20 ways for doing best SEO for your website or blog
Theoretically, this way you can also track input in web-based chat clients, which are often used in social networks, they say. Also, mouse clicks and other inputs are recorded by session replay, even if the entered texts are not transmitted to the respective website and stored there. Passwords and similar information may also be collected if the session replay script configuration has not been adjusted accordingly.


let’s get connected

Have a Question?

If you have any questions or need to discuss about your project
Feel free to reach out to our friendly team.