Keyloggers are usually tools you might typically associate with hackers trying to steal your credit card information and passwords, but it seems that some of the world’s most popular websites employ the tool, at least that’s according to researchers from Princeton’s Center for Information Technology Policy.
Dubbed “session replay” scripts, these aren’t meant to be used for nefarious purposes, but rather they are meant to be used to help companies gain some insight into who is visiting their website, how users use their website, and so on. However the data that they collect and record can be a bit alarming, as the researchers found that some websites actually record your keystrokes when you visit their page, including when you fill out a form, and even if you decide not to submit it, the information you entered is still recorded anyway.
According to the researchers, “Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details, and other personal information displayed on a page to leak to the third-party as part of the recording.” They do have a point because as much as companies love to tout their security measures and encryption of data, all it takes is simple human error, a single bug or exploit to expose everything.
For those who are interested in seeing the list of websites that utilize such session replay scripts, you can head on over to Princeton’s website for the details.