More than 480 web firms record 'every keystroke'

http://www.bbc.co.uk/news/technology-42065650

I haven't heard of this before - I wonder how long it's been going on .....

https://www.techspot.com/news/71985-...e-scripts.html

https://webtransparency.cs.princeton...lay_sites.html

As Sergeant Phil Esterhaus used to say "Hey, let's be careful out there."

Re: More than 480 web firms record 'every keystroke'

It's quite shocking really isn't it. I can't imagine where it will all end.

Re: More than 480 web firms record 'every keystroke'

In tears, according to my mum!

Re: More than 480 web firms record 'every keystroke'

I'm not entirely sure this article is understanding things.

Scripting software has been in existence for many years. In the IT Industry we use them to perform rigorous repeated testing of new versions of software.

By this I mean that you buy the software which is capable of recording your PC mouse movements, typing entries and so on and you install that software on the testing machine

You then use the system you are tying to test whilst that software is running in the background recording things.

So if you are testing say an insurance quoting system, you are entering details like name, address and picking your specific car type from a drop down list of makes and models and answering all the usual insurance questions.

When IT staff are doing such testing they use fictional data of course.

The recording software records all the clicks and typed entries.

During testing you find bugs in the insurance quoting system, you tell the developers who then correct the bugs and issue a new release of the system.

Here's where the recording software comes in. Instead of the poor IT person having to sit there and go through all the hassle of clicking and typing everything again to test the system, they just bring up the recording and do a "play back" and they can then sit and watch while the recording system does all the clicks and fills in all the text entries itself.

So, scripting/recording software is nothing new at all.

What's key here is that you have to buy and INSTALL that recording software on your pc to be able to record your clicks and typed entries.

The notion then that someone out in cyberspace can see what I am doing on my PC is imo not correct. This would only apply if you have been given a virus like a keylogger or if they had somehow managed to install recording software on your PC.

Of course all websites can see the bits of their website you are using and the data you are sending down the line, otherwise the websites wouldn't function would they?!

In most cases much of the data is encrypted. So if you use online banking your login credentials are encrypted so even if someone can intercept the internet traffic between your PC and the bank, it's all still encrypted gibberish.

So overall I am not worried here.

I would add to this a note about "scripting" in general. It is the nature of your Internet Browser to provide a language (scripting) for website developers to use. They use it to create some of the functionality of the web pages. For instance in my insurance site example there the drop down selection you see for your car make/model is likely driven by a bit of scripting code.

If you were to disable the scripting function of your browser, that drop down would not then work.

The presence of that scripting language, provides a platform for developers to do all sorts of things and those scripted programmes run unseen, in the background without you knowing it. They are there, you can't see them and you have no idea what they are doing. You are trusting the site not to do anything nasty with that scripting language.

Personally, I'm not that naive. I don't trust websites at all and I know many of them use that scripting language to track my web surfing and other things.

So, by choice, I ALWAYS have my scripting DISABLED in my browser.

In real terms this means turning Javascripting off. Very easy to do.

Do that, and you instantly shut out all manner of nefarious scripts that run when you visit websites and you will find that as a result most websites load 10 times faster.

The downside is that often, some of the functionality of the webpage no longer works, such as those drop downs I mentioned. Some sites will flat refuse to load and work if you have Javascript disabled, but most will simply warn you that it knows you have it disabled and load the web pages anyway.

Sites like online banking absolutely will insist that you have Javascript enabled. And that's fine. When I want to use online banking, I temporarily reenable Javascripting, do my banking, and then go disable it again afterwards.

This is something that people need to play around with imo. Those who have no interest in personal PC security and data security and who regularly mess around with social networking sites need not apply. Those people are being ruthlessly tracked. Their movements are bagged and tagged every day. Turn off Javascript and your Facebooking or Twitter experience will be quite different, you probably won't like it.

It's a life choice. Ruthless security and complete disabling of hackers ability to run nasty scripts on your PC vs a free and easy and lacksadaisical approach to computing.

Each to their own

Even as I type this I have Javascript disabled. It means I can not use the Bold, Italic, Underline buttons on this website but so what. I know how to put text in bold using BB Code. I also don't see or get pestered by any of the adverts on this site, I don't get any pop ups, no flashing banners (assuming there are some!).

Disabling Javascript is a very good thing to do if you want to increase your safety whilst online.

Re: More than 480 web firms record 'every keystroke'

Maybe things have moved on since your involvement:

https://mopinion.com/are-session-rec...ernet-privacy/

Re: More than 480 web firms record 'every keystroke'

I always use EPIC Browser whenever I am online.

https://www.epicbrowser.com/

I leave nothing behind!

http://uk.pcmag.com/epic-privacy-bro...rivacy-browser

There are plenty of different ways you can ensure security and privacy in your Web browser. You can delete your history after each use, for example, or use your browser's history-free private browsing mode. You can add a Do Not Track plug-in, or hide your IP address by going through a proxy. Or... you can simply download the free Epic Privacy Browser and get all the privacy features imaginable, all of them active by default.

Built on the Chromium platform, Epic Privacy Browser doesn't allow plug-ins, retains no history, and blocks third-party cookies. With a single click, you can redirect your Web surfing through Epic's own built-in proxy, thereby hiding your IP address. Epic always broadcasts the industry standard "Do Not Track" message, but also actively works to detect and block ad networks, social networks, and Web analytics systems that track your surfing activity. Across the board, it's designed for privacy.

Re: More than 480 web firms record 'every keystroke'

I don't think a standard browser will stop session replay scripts being run on a remote website.

Apparently:

https://motherboard.vice.com/en_us/a...s-tracking-you

https://arstechnica.co.uk/tech-polic...eplay-scripts/

Re: More than 480 web firms record 'every keystroke'

Thank you Omah.
I shall keep that in mind.
Trying to stay private on the Internet, or indeed anywhere now is a right Dogs breakfast of a job!

Re: More than 480 web firms record 'every keystroke'

Forum at Wilderssecurity.com has various threads on session replay, and much else....plus I would recommend https://www.reddit.com/r/privacy/wiki/index for lots of useful info for the privacy conscious.