Here’s the list of 1,239 popular websites using third-party “session replay” scripts to record your every keystroke and mouse movement.
In a recent study we analyzed seven “session replay” services and revealed how they exfiltrate sensitive user data. Here we release the data behind our study, specifically, the list of websites from the Alexa top 1 million which embed scripts from analytics providers that offer session recording services. The appearance of a website on this list DOES NOT necessarily mean that session recordings occur, as website developers may choose not enable session recording functionality.
For some sites, we do have evidence of session recordings occurring. We mark these with the tag “evidence of session recording”. For these sites, our measurement bots were able to detect a recording in progress, as detailed in our detection methodology below. For sites not marked with this tag, it does not mean that recordings don’t occur, simply that we don’t know if they do. That’s because many of the recording services activate their functionality only for a sample of users, either as explicitly defined by the publisher site or enforced as part of a daily recording limit. Thus, it is possible that our bot that visited the site was not included in the sample, but other users might be.
As such, this list provides both an upper and lower bound of the presence of session recording companies on the web. Two of the 14 companies included in the data release, Yandex and Hotjar, have a diverse set of analytics services — many of which have no overlap with session recording. The remaining companies mostly offer similar services which include: session replay, heat maps, click maps, and form analytics.
To read the original article: