In the last few days, the Internet has been abuzz with news about Session Replay Scripts – which is a kind of method used to log (and then playback) everything you typed or clicked on a website.
The idea of websites tracking users isn’t really new, I have written about it extensively. Ever wondered why the products you search for on a retailer’s website suddenly appear as an ad on your social media page the next day? It isn’t a coincidence, websites and advertisers join forces to gather your browsing habits in order to build up a detailed profile of your interests for commercial gain.
A recent discovery by Princeton University researchers prove that browser tracking is far more invasive than we previously thought. The research reveals that over 400 popular websites are running a script capable of tracking everything you type into a website including the ability to link recordings directly to your real identity without your knowledge or consent. This is akin to using traditional keyloggers to steal personal data. The implication is that sensitive information such as your debit card details, passwords and other personal information may seep out to the wrong hands. This may expose you to identity theft and other online scams.
What can you do to protect yourself?
It’s still very sketchy what effective tools Internet users have for preventing this. The researchers said that ad-blockers can filter out some, but not all, of the tracking scripts. However, recent reports suggest that AdBlock Plus which previously only protected against some scripts has now been updated to block all as a result of the revelations from the researchers.
Another useful approach is to completely block all scripts from being loaded on websites you visit, and only allow scripts from sites that you trust, using tools like NoScript or uBlock Origin. Kaspersky Internet Security and Kaspersky Total Security have also been found to block the scripts. As we hope for more robust protection tools to be made available, the important takeaway is to realise that pretty much anything you do on a website can be logged.
