A study from Princeton University has suggested that some of the most popular websites track every keystroke made by visitors, including various educational websites that are popular with teachers searching for resources or jobs.
Overall, researchers identified 480 global websites that use the technique – known as session replay – to gain an understanding of how users behave whilst on their website. The report findings are available here.
The researchers note, “These scripts record your keystrokes, mouse movements, and scrolling behaviour, along with the entire contents of the pages you visit, and send them to third-party servers,”
“Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behaviour,” they added.
The researchers explored firms that offer session replay software – FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar and Yandex, finding that 482 of the world’s top 50,000 sites used scripts provided by one of these firms.
Education sector firms using the software (listed here) include a well know educational jobs and resources selling corporation, as well as a couple of significant universities, along with other popular media, supermarket, and financial websites.
Speaking to the BBC, Paul Edon, director at security firm Tripwire said: “The first area of concerns here is the legality of recording people’s keystrokes without first informing them of the fact.
“If these websites do not alert the user to the fact that they are recording keystrokes, then I would class this under ‘nefarious activity’ as it is being less than honest, and the information is being collected without the user’s knowledge.”
UKEdChat.com only records the number of visitors, vague location, and which pages are visited.