The Session-Replay Scripts
Websites such as Microsoft.com, Spotify.com or adobe.com started using “session-replay scripts” (SRSc)
The SRSc are scripts that are able to save the user browsing path on a website. They are going to store personal data, passwords, mouse movements and visited content.
The data will be presented as a video, which will then be sent to companies which specialize in web marketing and behaviour analysis. It will allow them to “replay” the browsing path of the user and understand his behaviour.
This technic will allow web editors to optimize their website and improve their services. Nonetheless, this is done without the user’s knowledge and the risk of hacking is significant.
A study, from the University of Princeton, showed that of the top 50 000 websites referenced by Alexa (Amazon’s subsidiary which provides analytics tools), 482 are customers of a SRSc provider.
Some of these providers do not hesitate to share data, without anonymising the email address, the name or the address.
For example the SRSc provider “Yandex” does not collect passwords but every other data such as, credit card number, social security number and other personal data.
However, some ad-blocker softwares can block such tracking scripts. The most popular software, “Adblock Plus” just added 7 new SRSc providers to his blacklist.
You can access the full study on this link: https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/