Slashdot Mirror
Over 400 of the World's Most Popular Websites Record Your Every Keystroke (vice.com)
An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.
Thick Thigh Tranny Bitches.com
Thick thighs, automotive gearboxes, and female dogs? That's an odd combination of topics for a website.
I do not much like this mis-behaviour and mostly browse using `links2`, a lynx-like text browser. Missing images is a feature :)
That proves (even if we've known that for a while) there is no control of web sites behavior. A concrete analogy is, you're angry after the tax office because you pay too much taxes, and start to write a letter, joking around, "go f..k yourself" etc... then throw that paper away and write the real one. Following this web site behavior, the tax officer is constantly looking over your shoulder - without you being even aware of that. This is totally unacceptable. The user should be at least made aware of that spying policy.
Slashdot, fix the reply notifications... You won't get away with it...
Let's suppose that there are no malicious uses of web tracking, that it is solely used to improve the user experience. There's still a big problem, which is that a lot of software developers are just incompetent when it comes to security. And sorry to break it to you, but your post proves that you're one of them.
If you don't see the problem with a key logger on a site that contains a password field, and then sending those logged keys to a third-party, and through unencrypted channels, then you need to be fired from your job as a web dev asap.
Looking at the number of sites that use anti-patterns (malicious UIs designed to trick the user) I'd say you have lived a very sheltered life.
Getting you to buy more stuff IS abuse in many cases. Jacking up prices because your page view times and mouse hover positions suggest that you will pay 10% more is also abuse, and spying. It's creepy AF.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
For people doing it, this is you "a3727fd0a20d5eef697d3c2f41bf0e4d".
No, this is you: ID "a3727fd0a20d5eef697d3c2f41bf0e4d", username bob123, email address bobsmith123@gmail.com.
And email address bobsmith123@gmail.com can be correlated with a Facebook account, medical history, credit rating, and much more.