{"id":6952,"date":"2017-11-27T15:47:39","date_gmt":"2017-11-27T15:47:39","guid":{"rendered":"https:\/\/ounews.co\/?p=6952"},"modified":"2017-11-27T15:47:39","modified_gmt":"2017-11-27T15:47:39","slug":"websites-watch-every-move-ignore-privacy-settings","status":"publish","type":"post","link":"https:\/\/www.open.ac.uk\/blogs\/news\/science-mct\/computing-communications\/websites-watch-every-move-ignore-privacy-settings\/","title":{"rendered":"How websites watch your every move and ignore privacy settings"},"content":{"rendered":"

Hundreds of the world\u2019s top websites routinely track a user\u2019s every keystroke, mouse movement and input into a web form \u2013 even before it\u2019s submitted or later abandoned, according to the results of a study<\/a> from researchers at Princeton University.<\/p>\n

And there\u2019s a nasty side-effect: personal identifiable data, such as medical information, passwords and credit card details, could be revealed when users surf the web \u2013 without them knowing that companies are monitoring their browsing behaviour. It\u2019s a situation that should alarm anyone who cares about their privacy.<\/p>\n

The Princeton researchers found it was difficult to redact personally identifiable information from browsing behaviour records \u2013 even, in some instances, when users have switched on privacy settings such as Do Not Track<\/a>.<\/p>\n

The research found<\/a> that third party tracking services are used by hundreds of businesses to monitor how users navigate their websites. This is proving to be increasingly challenging as more and more companies beef-up security and shift their sites over to encrypted HTTPS pages<\/a>.<\/p>\n

To work around this, session-replay scripts are deployed to monitor user interface behaviour on websites as a sequence of time-stamped events, such as keyboard and mouse movements. Each of these events record additional parameters \u2013 indicating the keystrokes (for keyboard events) and screen coordinates (for mouse movement events) \u2013 at the time of interaction. When associated with the content of a website and web address, this recorded sequence of events can be exactly replayed by another browser that triggers the functions defined by the website.<\/p>\n

Enhanced user experience<\/h2>\n

What this means is that a third person is able to see, for example, a user entering a password into an online form \u2013 which is a clear privacy breach. Websites that employ third party analytics firms to record and replay such behaviour is, they argue, in the name of \u201cenhancing user experience\u201d. The more they know what their users are after, the easier it is to provide them with targeted information.<\/p>\n

While it\u2019s not news that companies are monitoring our behaviour as we surf the web, the fact that scripts are quietly being deployed to record individual browser sessions in this way has concerned the study\u2019s co-author, Steven Englehardt, who is a PhD candidate at Princeton.<\/p>\n