Made this post on /r/ChangeMyView: https://old.reddit.com/r/changemyview/comments/mzxttk/cmv_session_recording_is_an_evil_tracking/?
I’ve posted about this on Lemmy before, so if the wording seem familiar to you, you probably saw a post just like this one.
Basically, session recording refers to, well, recording a person’s internet browsing session, usually including all mouse and possibly keyboard activity. Most session recording services I’ve seen literally generate a video of the user’s interactions with the web page, much like a screen recording.
Here is a demo from one of those companies, Mouseflow: https://mouseflow.com/demo/
You go on the site, scroll up and down, move your mouse, click a few dummy buttons, fill in some text fields, and then get a literal video of everything you did. Keep in mind that there is no delete button on that video if you do try it though, and anyone with the link can access them. Shows how scummy these companies are.
The amount of data this gives the website is enormous, and enormously invasive. They can see literally everything that is showing up on your screen on a second by second basis, albeit only the parts that are displaying the website, including what content was there, where your mouse hovers, what you thought about clicking but didn’t, everything.
They quite possibly also know everything you typed, especially if it was typed into a text field. I hope you didn’t accidentally enter your username and password for another site because thought you were switched into the other tab. Did you type out half a post but decided that you’d rather not have the internet know that? They have that now. Did you hit control-V but forgot that your social security number and not some mundane thing was in the clipboard? Now it’s theirs. Did you delete an image that you posted? Even assuming that the original file was deleted, it still exists in the form of session recordings.
There are also ways of fingerprinting a person’s “browsing style” by analyzing how they interact with UI elements. This can be used to extremely reliably identify a person, not just a browser or a computer.
Worst of all, session recording is often provided by a third party, so not only does the site itself have this data, a third party does too, possibly forever. That’s to say nothing about what happens if either company gets hacked.
I’d be less hateful of this tech (though still NOT fully accepting) if every single website made absolutely sure that no personally identifiable information was captured (like if the recordings showed mouse movements on a page with only dummy content in place of real user generated content), the recordings anonymized, and were truly deleted after a set time, oh and no keylogging, just mouse movements. But that’s not happening, ever, so it’s a moot point. Some session recording platforms do tell you to configure it so it blanks out any “personally identifiable information”. They won’t do it for you, mind you, you have to manually configure it specifically for your site. Yeah, that’s like a YouTube ripping site/app telling users to “not use this for piracy and copyright infringement”. They know that it’s ignored but they have to cover their asses.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)