Data release: list of websites that have third-party “session replay” scripts

Haythem Elmir

Here’s the list of 1,239 popular websites using third-party “session replay” scripts to record your every keystroke and mouse movement.

In a recent study we analyzed seven “session replay” services and revealed how they exfiltrate sensitive user data. Here we release the data behind our study, specifically, the list of websites from the Alexa top 1 million which embed scripts from analytics providers that offer session recording services. The appearance of a website on this list DOES NOT necessarily mean that session recordings occur, as website developers may choose not enable session recording functionality.

For some sites, we do have evidence of session recordings occurring. We mark these with the tag “evidence of session recording”. For these sites, our measurement bots were able to detect a recording in progress, as detailed in our detection methodology below. For sites not marked with this tag, it does not mean that recordings don’t occur, simply that we don’t know if they do. That’s because many of the recording services activate their functionality only for a sample of users, either as explicitly defined by the publisher site or enforced as part of a daily recording limit. Thus, it is possible that our bot that visited the site was not included in the sample, but other users might be.

As such, this list provides both an upper and lower bound of the presence of session recording companies on the web. Two of the 14 companies included in the data release, Yandex and Hotjar, have a diverse set of analytics services — many of which have no overlap with session recording. The remaining companies mostly offer similar services which include: session replay, heat maps, click maps, and form analytics.
To read the original article:

Laisser un commentaire

Next Post


Researchers at CyberArk Labs have created a post-intrusion attack technique known as a Golden SAML that could allow an attacker to fake enterprise user identities and forge authentication to gain access to valuable cloud resources in a federation environment. “Using this post-exploit technique, attackers can become any user they want […]